Director, Information Security Governance, Risk & Compliance (GRC)

Director, Information Security Governance, Risk & Compliance (GRC)

Life Unlimited. At Smith+Nephew, we design and manufacture technology that takes the limits off living.

Smith+Nephew is seeking an experiencedDirector of Information Security Governance, Risk & Compliance (GRC) to lead and evolve our global GRC function. Reporting to the Chief Information Security Officer, this role will have full accountability for defining, implementing, and continuously improving the Information Security and IT GRC strategy across the enterprise.

This leader will strengthen compliance, reduce information and technology risk, and enable business success—supporting Smith+Nephew’s ambition to be a leader in the medical technology industry. The role requires a strategic mindset, strong execution capability, and the ability to balance assertive leadership with empathy and collaboration.

The Director of Information Security Governance, Risk & Compliance will define, own, and execute the global Information Security and IT GRC strategy, ensuring alignment with Smith+Nephew’s business objectives and risk appetite. This role will lead, build, and develop a high-performing global GRC organization, including teams in low-cost regions, and translate complex regulatory and risk requirements into scalable, measurable programs.

The Director will oversee the governance and compliance landscape by monitoring evolving cyber security laws, regulations, and industry standards, defining and maintaining global information security policies, and deploying appropriate audits and controls to ensure sustained compliance. This includes providing clear, concise reporting, metrics, and insights to executive leadership and key stakeholders.

The role is accountable for designing and operating enterprise-wide IT and Information Security risk management programs. This includes identifying, assessing, documenting, and managing technology, security, and third-party risks, maintaining a comprehensive enterprise risk register, and ensuring risks are effectively communicated and managed.

The Director will lead the global IT SOX compliance program, ensuring strong IT General Controls and successful delivery against leadership-defined KPIs, while partnering closely with internal and external audit teams. In addition, the role will define and maintain IT computer system validation and IT quality assurance programs to meet global regulatory and compliance expectations.

Working in close partnership with Product Security, Commercial, and R&D teams, the Director will ensure compliance programs support customer assurance and commercial growth, including cyber and privacy certifications, audits, and customer tender responses. The role will also lead regulatory intelligence efforts to identify, monitor, and comply with applicable cyber security, privacy, and disclosure requirements worldwide.

This role works in close collaboration with Corporate Finance and Business Teams to align GRC strategy with business objectives and risk tolerance. The Director partners extensively with Internal Audit, Compliance, and Legal teams to ensure regulatory alignment, audit readiness, and effective governance. Strong relationships are also maintained with Corporate IT, Commercial, R&D, and Product Security teams to embed security and compliance into technology operations, product development, and customer-facing activities.

What will you need to be successful?

• Bachelor’s degree in Information Systems, Computer Science, IT Audit, or a related field, or equivalent professional experience.
• 10+ years of experience in GRC, IT Information Security, Information Risk Management, and/or IT Audit.
• Proven experience building, managing, and leading global teams.
• Extensive experience managing Sarbanes-Oxley (SOX) compliance and IT controls.
• Strong knowledge of IT General Controls and audit practices.
• Hands-on experience with GRC platforms and metric-driven continuous improvement.
• Security and risk frameworks (e.g., NIST CSF, ISO 27002, CSA).
• Privacy and regulatory requirements (e.g., GDPR, HIPAA, PCI, and other global privacy regulations).
• Third-party risk management (internal and outsourced models).
• Policy development, governance, and lifecycle management.
• Data security, disaster recovery, and information governance.
• Security and privacy contract review processes.
• Management of GRC KPIs and executive-level reporting.

Certifications (Preferred)

• CISA, CISM, CRISC
• ISO 27001 Lead Auditor

Core Competencies

• Excellent written and verbal communication skills.
• Strong stakeholder management skills, with the ability to influence senior leaders.
• Ability to balance assertiveness with empathy and collaboration.
• Highly organized with strong attention to detail and problem-solving skills.
• Ability to operate independently in a complex, global matrix environment.
• Strong understanding of information security, GRC, and medical device industry trends.
• Business-oriented mindset with a focus on enabling growth and innovation.

You. Unlimited.

We believe in creating the greatest good for society. Our Strongest investments are in our people and patients we serve.

Inclusion and Belonging: Committed to Welcoming, Celebrating and Thriving on Inclusion and Belonging, Learn more about our Employee Inclusion Groups on our website (www.smith-nephew.com)

Your Future: Generous annual bonus and pension Schemes, Save As You Earn share options, and a car allowance.

Work/Life Balance: Flexible Vacation and Time Off, Paid Holidays and Paid Volunteering Hours, so we can give back to our communities!

Your Wellbeing: Private Health and Dental plans, Healthcare Cash Plans, Income Protection, Life Assurance and much more.

Flexibility: Hybrid Working Model (For most professional roles).

Training: Hands-On, Team-Customised, Mentorship.

Extra Perks: Discounts on Gyms and fitness clubs, Salary Sacrifice Bicycle and Car Schemes and many other Employee discounts.

The anticipated base compensation range for this position is 115,000-125,000 GBP annually and the compensation offered will depend on the candidate’s qualifications. You may also be entitled to receive bonus and benefits, which may include medical, dental, and vision coverage, 401k, tuition reimbursement, medical leave programs, and a variety of wellness offerings.

Stay connected by joining our Talent Community.

We're more than just a company - we're a community! Follow us on LinkedIn to see how we support and empower our employees and patients every day.

Check us out on Glassdoor for a glimpse behind the scenes and a sneak peek intoYou. Unlimited., life, culture, and benefits at S+N.

Explore our website and learn more about our mission, our team, and the opportunities we offer.