Security Principal

We’ve been trusted to serve Aussie communities since 1914 and grown to become a top 30-listed on the ASX with over 115,000 team members and a portfolio of iconic brands. At Coles Group, you’ll not only get to make a difference to millions of Aussie lives—you’ll also get to see your impact.

**About the team**

Technology is the backbone of our business. Every day, our team solves complex and meaningful problems. Those solutions help thousands of our fellow team members succeed and make millions of customers lives easier every day.

Our Business Protect and Secure by Design team is crucial and accountable for understanding Coles’ initiatives, and assess the cyber security impact, to therefore provide reliable strategic and security recommendations. Bringing security to the forefront of strategic planning and execution by design.

**About the role**

Reporting to the Head of Business Protect and Secure by Design, this position plays a pivotal role in integrating and reviewing the implementation of security controls and requirements throughout the project and technology delivery life cycle.

We are seeking a proficient Security Principal that can champion a Secure-by-Design approach and act as the primary point of contact for key technology and business stakeholders, building trusted relationships and uplifting cyber posture while ensuring security solutions are aligned with business needs.

**You will also be responsible for**:

- Leading the execution of threat modelling and cyber security impact assessments on new projects and changes to existing systems and platforms. Proactively identifying potential security weaknesses and develop mitigation strategies to address identified risks.
- Driving continuous improvement initiatives within the Secure by Design domain.
- Guiding project managers, initiative leads and other key business stakeholders to ensure that security controls are effectively implemented throughout the project and technology life cycle.
- Building and implementing stakeholder management strategies and employing targeted communication styles to achieve common goals
- Design and deliver communications for stakeholders up to Chief, GM and Heads of level.
- Uplifting and optimising solutions to ensure that Security standards and processes are defined, implemented, and validated.
- Participating in risk assessments and audits, monitoring the effectiveness of cyber controls and compliance with internal policies, regulations, and industry standards.
- Proactively work alongside governance, risk and other cyber teams to align policies, standards and control frameworks with regulatory and compliance requirements.

**About you**
- Exceptional communication and interpersonal skills to effectively communicate security risks, requirements, and recommendations clearly and concisely to both technical and non-technical audiences.
- An ability to drive business outcomes while identifying and managing Cyber risk and compliance
- Demonstrated expertise in conducting risk assessments, an in depth understanding of security reference architectures and up-to-date knowledge of the latest cyber security threats, vulnerabilities, and technologies.

**To be successful in this role, you will have**:

- Deep understanding of security reference architectures, secure by design principles, threat modelling methodologies, and risk assessment techniques.
- Extensive experience (10+ years) in designing, implementing, and managing security controls across the breadth of security capabilities within complex technology environments.
- Experience in DevSecOps Transformations, OT Security, Payment Security or AI desirable.
- Demonstrated ability to lead and influence senior stakeholders and collaborate across the broader Group Cyber and Technology teams to meet business needs while managing Cyber risk for the organisation.
- Excellent analytical and problem-solving skills to identify and assess security risks, develop mitigation strategies, and troubleshoot complex security issues. Ability to think critically and make sound decisions under pressure.
- Exceptional communication and interpersonal skills to effectively collaborate with diverse stakeholders at various levels, including technical teams, business leaders, and project managers.
- Solid understanding of project management methodologies and best practices. Ability to manage multiple projects simultaneously, prioritise time and risks and ensure timely delivery of project / business objectives.
- Familiarity with relevant industry standards and best practices, such as NIST Cybersecurity Framework, ISO 27001, CCM (Cloud Controls Matrix), Essential 8 controls, PCI-DSS, Privacy legislation and OWASP.
- Understanding of the Retail industry, challenges, commerciality, operations, and organisation desirable but not mandatory.
- Relevant cyber security certifications, such as CISSP, CCSP, CISA, CISM, CRISC, SABSA or other industry-recognised certifications are highly desir