Security, Risk & Compliance Manager - Hawthorn East
Location: Hawthorn East
Job Type: Full time
We’ve been trusted to serve Aussie communities since 1914 and grown to become a top 30-listed on the ASX with 120,000 team members and a portfolio of iconic brands. At Coles Group, you’ll not only get to make a difference to millions of Aussie lives—you’ll also get to see your impact.
About the team
Technology is the backbone of our business. Every day, our team solves complex and meaningful problems. Those solutions help thousands of our fellow team members succeed and make millions of customers’ lives easier every day.
The security team at Coles is proud of their successful delivery of customer-focused solutions. There are a lot of exciting initiatives on the horizon as protecting our customers, team members and reputation is essential to being the most trusted retailer.
The Information Security team is accountable for all aspects of Information Security across Coles including Strategy & Architecture, Governance, Security Detection & Response, Cloud Security and Security Technologies. This role will be based within the Security Governance team and will play an active role in uplifting the Coles’ Information Security Risk & Control maturity.
About the role
This role will report into the Head of Security Governance. Key stakeholders of the role also include the Information Security Leadership Team (ISLT) that includes the areas General Manager and Heads of, Head of Technology Risk, Head of Group Risk, Head of Internal Audit, Delivery managers, Principles and project teams within Information Security, Technology and Business, IT Service Providers (as appropriate)
Responsible for leading resources and delivery of uplift in Coles’ Information Security Risk & Control maturity. Candidate would be considered a “T-Shaped” individual, having broad knowledge across the core focus areas below, with deep drill down expertise in at least one of the core focus areas, preferably around frameworks, policies and standards and controls: Information Security Framework, Policies & Guidelines; Information Security Risk & control profiling; Regulatory compliance management; System compliance assessment and profiles; Third Party Risk Management; Board, ELT, Governance forum reporting; Audit and Cyber Insurance facilitation/support.
Typical activities that you will be responsible for and involved with on a day-to-day basis are outlined below:
- You will work closely with the Head of Security Governance to agree the overarching strategic approach for delivery themes within your remit.
- Whereas the Head of Security Governance will be accountable to set the go forward strategy, you will take ownership and carriage of tactical delivery of capabilities, controls, standards, policies, processes, and other project outcomes (including managing peer relationships, vendor scopes of work where work is delivered through an augmented resource arrangement).
- You will support the management and execution of key security initiatives/projects and provide a point of contact to business and technology teams on security governance requirements.
- You will act as a key point of contact for stakeholder engagement across the business, technology, and external vendors, while demonstrating a strong ability to independently engage and develop stakeholder relationships
Manage Coles Security Governance process
- Build and maintain a governance framework for Information Security within Coles.
- Maintain Coles Information Security policy and standards/guidelines
Manage the Coles Information Security compliance and assurance process
- Build and maintain an Information Security compliance and assurance process within Coles
- Plan and direct compliance and assurance activities
- Build and maintain an Information Security risk process within Coles
- Liaise with and influence Coles Group Risk on risk processes within Coles
- Maintain the Coles group and level 2 Information Security risk profile
Board, ELT, Governance forum reporting
- Prepare board/executive and management information packs on Information Security topics of interest
- You will challenge existing reporting and presented materials, to see where the purpose of information can further be clarified and where communicated messages need to be refined
Audit and Cyber Insurance support/facilitation
- Assist with the management of Internal Audit responses and evidencing
- Support Cyber Re-Insurance
- 7-10+ years of experience across multiple Information Security and related Technology governance roles with a recent focus on Governance, Risk and Compliance.
- As applicable to the core focus areas:
- Practical hands-on experience working with Information Security and related Technology governance frameworks
- Experienced in interpreting Information Security framework requirements, industry & best practice standards
- Experience analysis, identifying and implementing best of breed framework requirements
- Extensive experience developing/establishing; as well as operating risk and security controls compliance programs for large and complex technology enabled organisations.
- Experience leading Information Security uplift programs and or initiatives dealing with the build out, measurement and improvement of Information Security Risk & Control framework, policies, guidelines, and management profiles
- Experience with Operational risk management and compliance processes, including the management of risk appetite statements and key risk indicators
- Experience with assessment and management of regulatory, systems (application) and or third-party compliance
- Experience leading team members delivery, mentoring/management of team members
- Experience navigating and delivering within complex corporate environments at pace
- Working knowledge of GRC products/toolsets
- Demonstrable experience working with stakeholders at all levels of the organisation, to influence outcomes, obtain buy-in and solicit commit to implement Information Security requirements
- Ability to think deeply and critically about the efficacy of information presented to stakeholders and whether the right messages are communicated from the presented materials
- A can-do attitude coupled with an ability to “roll up one’s sleeves” and directly contribute to delivery
- Ability to translate and communicate complex, technical or Information Security concepts in a non-technical, simplified fashion. Making sure communication is fit for purpose, regardless of the readers skillset/knowledge.
- Relevant tertiary qualification and or business experience with Technology/Information Security
- Relevant security certifications beneficial such as CISA, CISM, CISSP, SASA, ISO27K or related IT Governance certifications such as COBIT
- Strong communication (written and verbal) and interpersonal skills
- Strong presentation and facilitation skills, including the ability to tailor communication to the appropriate level of the organisation or size of stakeholder group
- Ability to influence others, gain buy-in and negotiate implementation and delivery outcomes
Take your next step into something bigger, apply now
With us it’s not about the discounts (although you do get those), it’s about joining a team where your wellbeing and professional development is invested in and celebrating your contributions is the norm. And because everyone leads unique lives, we offer flexible work including work from home, additional leave and parental leave entitlements.
We’re continuing to build a gender equitable team, and a culture that’s just as diverse, inclusive and welcoming as the communities we serve. We encourage applications from people of all ages, cultures (including Aboriginal and Torres Strait Islander peoples), abilities, sexual orientation and gender identities.
We’re happy to adjust our recruitment process to support candidates with disability. Find out more in the ‘Our Recruitment Process’ section of our careers site.
We’re committed to providing a safe environment for our team members and our customers. As part of that commitment, you will need to be vaccinated against COVID-19 before joining the team at Coles, unless you’re medically exempt. You’ll also need to disclose your COVID-19 vaccination status as part of your application (and possibly provide further evidence of your vaccination status). Thanks for applying, and for your understanding.
Job ID: 77305
Employment Type: Full time