Security, Risk

We’ve been trusted to serve Aussie communities since 1914 and grown to become a top 30-listed on the ASX with 120,000 team members and a portfolio of iconic brands. At Coles Group, you’ll not only get to make a difference to millions of Aussie lives—you’ll also get to see your impact.

**About the team**

Technology is the backbone of our business. Every day, our team solves complex and meaningful problems. Those solutions help thousands of our fellow team members succeed and make millions of customers’ lives easier every day.

The security team at Coles is proud of their successful delivery of customer-focused solutions. There are a lot of exciting initiatives on the horizon as protecting our customers, team members and reputation is essential to being the most trusted retailer.

The Information Security team is accountable for all aspects of Information Security across Coles including Strategy & Architecture, Governance, Security Detection & Response, Cloud Security and Security Technologies. This role will be based within the Security Governance team and will play an active role in uplifting the Coles’ Information Security Risk & Control maturity.

**About the role**:
This role will report into the Head of Security Governance. Key stakeholders of the role also include the Information Security Leadership Team (ISLT) that includes the areas General Manager and Heads of, Head of Technology Risk, Head of Group Risk, Head of Internal Audit, Delivery managers, Principles and project teams within Information Security, Technology and Business, IT Service Providers (as appropriate)

Typical activities that you will be responsible for and involved with on a day-to-day basis are outlined below:
Tactical Delivery
- You will work closely with the Head of Security Governance to agree the overarching strategic approach for delivery themes within your remit.
- Whereas the Head of Security Governance will be accountable to set the go forward strategy, you will take ownership and carriage of tactical delivery of capabilities, controls, standards, policies, processes, and other project outcomes (including managing peer relationships, vendor scopes of work where work is delivered through an augmented resource arrangement).
- You will support the management and execution of key security initiatives/projects and provide a point of contact to business and technology teams on security governance requirements.
- You will act as a key point of contact for stakeholder engagement across the business, technology, and external vendors, while demonstrating a strong ability to independently engage and develop stakeholder relationships

***Manage Coles Security Governance process
- Build and maintain a governance framework for Information Security within Coles.
- Maintain Coles Information Security policy and standards/guidelines

Manage the Coles Information Security compliance and assurance process
- Build and maintain an Information Security compliance and assurance process within Coles
- Plan and direct compliance and assurance activities
- Build and maintain an Information Security risk process within Coles
- Liaise with and influence Coles Group Risk on risk processes within Coles
- Maintain the Coles group and level 2 Information Security risk profile

Board, ELT, Governance forum reporting
- Prepare board/executive and management information packs on Information Security topics of interest
- You will challenge existing reporting and presented materials, to see where the purpose of information can further be clarified and where communicated messages need to be refined

Audit and Cyber Insurance support/facilitation
- Assist with the management of Internal Audit responses and evidencing
- Support Cyber Re-Insurance

**About you**:

- 7-10+ years of experience across multiple Information Security and related Technology governance roles with a recent focus on Governance, Risk and Compliance.
- As applicable to the core focus areas:

- Practical hands-on experience working with Information Security and related Technology governance frameworks
- Experienced in interpreting Information Security framework requirements, industry & best practice standards
- Experience analysis, identifying and implementing best of breed framework requirements
- Extensive experience developing/establishing; as well as operating risk and security controls compliance programs for large and complex technology enabled organisations.
- Experience leading Information Security uplift programs and or initiatives dealing with the build out, measurement and improvement of Information Security Risk & Control framework, policies, guidelines, and management profiles
- Experience with Operational risk management and compliance processes, including the management of risk appetite statements and key risk indicators
- Experience leading team members delivery, mentoring/management of team members
- Experience navigating and delivering within complex corporate en