Security Principal

We’ve been trusted to serve Aussie communities since 1914 and grown to become a top 30-listed on the ASX with over 115,000 team members and a portfolio of iconic brands. At Coles Group, you’ll not only get to make a difference to millions of Aussie lives—you’ll also get to see your impact.

**About the team**

Technology is the backbone of our business. Every day, our team solves complex and meaningful problems. Those solutions help thousands of our fellow team members succeed and make millions of customers lives easier every day.

Our Business Protect and Secure-by-Design team is crucial and accountable for understanding Coles’ initiatives, and assess the cyber security impact, to therefore provide reliable strategic and security recommendations. Bringing security to the forefront of strategic planning and execution by design.

**About the role**

Reporting to the Head of Business Protect and Secure by Design, this position plays a pivotal role as the bridge between the wider Group Cyber team and senior business stakeholders to effectively protect business units from emerging threats. Advocating for stronger security measures and supporting the business with their overarching goals.

**You will also be responsible for**:

- Acting as the bridge between the Group Cyber team and the business unit to effectively protect the business units from its unique threats. Ensuring that security measures support the business goals and enable smooth business operations while mitigating risks and maintaining compliance
- Serving as a trusted advisor and mentor to business technology teams and foster a security-first culture within the business unit
- Participating in risk assessments and audits, monitor the effectiveness of cyber measures and compliance with internal policies, regulations, and industry standards.
- Communicate security risks, requirements, and recommendations clearly and concisely to both technical and non-technical audiences
- Participating in quarterly planning activities and advise on Cyber Security implications and considerations to build Security controls in from the start
- Estimating required Security involvement for business initiatives and support capacity planning to ensure Secure by Design resources are effectively allocated across security initiatives
- Designing reporting dashboards and metrics to drive actionable outcomes improving Security risk posture within the business unit
- Ability to articulate the link between organisational goals and initiative priorities. Understanding the business context of initiatives.
- Uplift Coles’ cyber security posture by ensuring alignment to roadmaps, security standards, evaluation and design of new technologies and business cases.

**About you**

To be successful in this role, you will have:

- Deep understanding of security reference architectures, secure by design principles, threat modelling methodologies, and risk assessment techniques.
- Extensive experience (10+ years) in designing, implementing, and managing security controls across the breadth of security capabilities within complex technology environments.
- Demonstrated experience understanding how different business units operate and how security measures can support their objectives. This involves a deep understanding of business processes, financial principles, and strategic planning.
- Demonstrated experience in identifying, assessing, and mitigating risks including developing strategies to handle potential security threats effectively. Proficient in conducting risk assessments, prioritizing risks based on their potential impact, and implementing controls to mitigate them.
- Demonstrated ability to lead and influence senior stakeholders.
- Demonstrated ability to design and implement cyber strategies and roadmaps that align with organizational goals and risk management strategies.
- Up-to-date knowledge of the latest cyber security threats, vulnerabilities, and technologies. Familiarity with relevant industry standards and best practices, such as NIST Cybersecurity Framework, ISO 27001, CCM (Cloud Controls Matrix), Essential 8 controls, PCI-DSS, Privacy legislation and OWASP.
- Relevant cyber security certifications, such as CISSP, CCSP, CISA, CISM, CRISC, SABSA or other industry-recognised certifications are highly desirable.

**What’s in it for you?**:

- **
Flexible working options**:We know that work is only one part of your life, so we actively encourage a positive work-life balance and provide hybrid working options to help you achieve it.
- ** Office perks**:Take advantage of our gym facility and fitness classes, free parking, BBQ area, mini-Coles supermarket, fooderie hub where you can sample new products before they hit the shelves, school holiday program and so much more when you come in.
- ** Discounts**:Eligible team members receive 5% discount all year round on your Supermarket and Liquor online and in-store purchases. We also offer additional periods of double d