IT Controls Specialist

We are looking for an IT Controls Specialist to join our Information Security & Risk function, to help ensure Kingfisher’s technology estate is supported by robust, well‑evidenced controls that meet internal policy requirements, regulatory obligations and industry standards. You’ll identify, implement and test technology controls, proactively spot gaps and drive remediation that reduces operational, security and compliance risk while strengthening our control posture through continuous improvement. 

We are open to basing this role out of either our Paddington our Southampton offices, with an expectation of 12 days a month in the office. If based in Paddington, we would need flexibility to work out of the Southampton office at least once a week due to the majority of the team and the stakeholders the role supports being based there.

• Develop and maintain the IT Controls Framework across the technology landscape, aligned to internal policies, regulatory requirements and recognised frameworks (including ISO27001, NIST, NIS2, GDPR and PCI DSS).

• Review control design and effectiveness through deep‑dive assessments, ensuring controls address relevant risks and emerging threats.

• Test control operation and evidence on an ongoing basis, validating evidence, documenting outcomes clearly and sharing results with relevant stakeholders.

• Identify control gaps, exceptions and weaknesses and drive pragmatic remediation plans with technology teams, supporting clear ownership and delivery.

• Manage the controls library and supporting tooling (workflow, reporting and change control), keeping documentation accurate, current and high quality.

• Partner with Risk Management and technology teams to strengthen control evidence, improve compliance processes and raise control maturity through continuous improvement.

• Support audits, governance and reporting by coordinating audit activity, responding to findings and producing high‑quality reporting for leadership committees and governance forums. 

• Relevant experience in technology controls, information security, audit, compliance, or a closely related field.

• Strong working knowledge of control frameworks (e.g., NIST, NIS2, GDPR, PCI DSS and the Corporate Governance Code) with the ability to translate requirements into practical controls and evidence needs.

• Able to evaluate and test controls, analyse deficiencies and propose pragmatic improvements.

• Technical understanding of cloud, infrastructure and application environments across multiple geographies.

• Confident explaining complex control and compliance topics to technical and non‑technical audiences, including experience working with auditors and managing audit engagements. 

How We Work 
We believe in flexibility and balance. Our hybrid model blends home working for focus with time spent connecting and collaborating - whether in our offices or at offsite locations. On average, around 60% of your time will involve in-person collaboration. 

We value the perspectives new team members bring and encourage you to apply - even if you don’t meet 100% of the requirements. 

What We Offer 
An inclusive environment where your potential is limited only by your imagination. We encourage new ideas, support experimentation, and strive to create a workplace where everyone can be their best self. Find out more about Diversity & Inclusion at Kingfisher here.   

We also offer a competitive benefits package and plenty of opportunities to stretch and grow your career. Scroll down below to find out more about our benefits. 

Diversity & Inclusion 
Our customers come from all walks of life - and so do we. We’re committed to ensuring all colleagues, future colleagues, and applicants are treated equally, regardless of age, gender, marital or civil partnership status, ethnicity, culture, religion, belief, political opinion, disability, gender identity, gender expression, or sexual orientation. 

Interested? Great, apply now and help us to Power the Possible. 

#LI-KO1