Delivery Manager - Technical Assurance And Compliance Automation

We've been trusted to serve Aussie communities since 1914 and grown to become a top 30-listed on the ASX with 120,000 team members and a portfolio of iconic brands. At Coles Group, you'll not only get to make a difference to millions of Aussie lives-you'll also get to see your impact.

About the team

Technology is the backbone of our business. Every day, our team solves complex and meaningful problems. Those solutions help thousands of our fellow team members succeed and make millions of customers' lives easier every day.

The security team at Coles is proud of their successful delivery of customer-focused solutions. There are a lot of exciting initiatives on the horizon as protecting our customers, team members and reputation is essential to being the most trusted retailer.

The Cyber Security team is accountable for all aspects of Cyber Security across Coles including Strategy & Architecture, Governance, Security Detection & Response, Cloud Security and Security Technologies. This role will be based within the Security Governance team and will play an collaborative role in uplifting the Coles' Cyber Security Risk & Control maturity.

About the role

This role will report into the Head of Security Governance. Key stakeholders of the role also include the Cyber Security Leadership Team (ISLT) that includes the areas General Manager and Heads of, Head of Technology Risk, Head of Group Risk, Head of Internal Audit, Delivery managers, Principles and project teams within Cyber Security, Technology and Business, IT Service Providers (as appropriate)

Responsible for leading Cyber Security resources that partner with other areas of Technology to ensure the safety of our on-prem and cloud environment solutions, drive uplift in security risk related practices and metrics. Candidate would be considered a "T-Shaped" persona, having broad knowledge but deep drill down expertise in security architecture, governance & compliance, technical leadership and managing delivered risk.

Typical activities that you will be responsible for and involved with on a day-to-day basis are outlined below:

Tactical Delivery

• You will work closely with the Head of Security Governance to agree the overarching strategic approach for delivery themes within your remit.
• Whereas the Head of Security Governance will be accountable to set the go forward strategy, you will take ownership and carriage of the delivery model for a team of Security Engineers, Partner Security & Control Assurance analysts and the prioritisation of assurance activities for the team.
• You will also be responsible for delivery of project outcomes (including managing peer relationships, vendor scopes of work where work is delivered through an augmented resource arrangement) and providing technical leadership to the team.
• You will support the management and execution of key security initiatives/projects and provide a point of contact to business and technology teams on Technical Assurance & Compliance Automation requirements, as well as the interface to other areas within the larger Security Governance team.
• You will function as a key point of contact for stakeholder engagement across the business, technology, and external vendors, while demonstrating a strong ability to collaborate, engage and develop stakeholder relationships
• Influence business stakeholders to ensure that security requirements are considered from the outset of projects and are integrated throughout the project lifecycle.

Manage the Coles Cyber Security Technical Assurance & Compliance Automation program

• Build and maintain a Cyber Security Technical Assurance & Compliance Automation program and process within Coles, for public cloud environments, as well as critical and sensitive applications & infrastructure (as defined within the organisations Confidentiality policy or as specified under the SOCI Act).
• Identify Compliance Automation use cases and plan for their implementation.
• Plan and direct ongoing Technical Assurance & Compliance Automation activities for internal systems and our partner relationships (Applications - On prem/Cloud based, Infrastructure and third-party environments)
• Consult with and influence Coles Group Risk on assurance requirements laid out in the Group Risk Management Framework, including the best manner to rationalise and aggregate control assurance outcomes in the Enterprise Risk profile.
• Work with technical teams to implement security controls and monitor their effectiveness, and to identify and address gaps in security coverage.
• Provide technical leadership, guidance, and expertise to the team of cloud security specialists, automation engineers and Technical Assurance resources.
• Collaborate with other technical teams and stakeholders to develop security standards, policies, and procedures that support the organisation's cloud security strategy.

Board, ELT, Governance forum reporting and stakeholder management.

• Provide input into board/executive and management information packs, relating to assurance, control performance and state of Cyber Risks.
• Provide technical expertise and guidance to the organization's technology leaders security best practices, emerging threats and technologies, and risk management strategies.
• Develop and maintain relationships with technology leaders to build trust and understanding of security requirements and to proactively identify potential security risks and threats.

About you and your skills

• 7-10+ years of experience executing Technical Assurance and Compliance Automation programs.

• As applicable to the core focus areas:

• Practical understanding and working knowledge of Cyber Security assurance frameworks.

• Experienced in interpreting Cyber Security framework requirements, industry & best practice standards.

• Experience analysis, identifying and implementing best of breed framework requirements.

• Extensive experience developing/establishing; as well as operating risk and security controls compliance programs for large and complex technology enabled organisations.

• Experience with Operational risk management and Compliance processes, including the management of risk appetite statements and key risk indicators

• Experience leading team members delivery, mentoring/management of team members

• Experience navigating and delivering within complex corporate environments at pace

• Demonstrable experience collaborating with stakeholders at all levels of the organisation, to influence outcomes, obtain buy-in and solicit commit to implement Cyber Security requirements.

• Ability to think deeply and critically about the efficacy of information presented to stakeholders and whether the right messages are communicated from the presented materials

• A can-do attitude coupled with an ability to "roll up one's sleeves" and directly contribute to delivery

• Ability to translate and communicate complex, technical or Cyber Security concepts in a non-technical, simplified fashion. Making sure communication is fit for purpose, regardless of the readers skillset/knowledge.

• Relevant tertiary qualification and or business experience with Technology/Cyber Security

• Relevant security/technical certifications beneficial such as CISA, CISM, CISSP, SASA, ISO27K, CSIRC or related Governance frameworks maintained under the Cloud Security Alliance or CSSP, OSCP.

• Strong communication (written and verbal) and people skills

• Strong presentation and facilitation skills, including the ability to tailor communication to the appropriate level of the organisation or size of stakeholder group

• Ability to influence others, gain buy-in and negotiate implementation and delivery outcomes

#LI-JG1

Take your next step into something bigger, apply now

With us it's not about the discounts (although you do get those), it's about joining a team where your wellbeing and professional development is invested in and celebrating your contributions is the norm. And because everyone leads unique lives, we offer flexible work including work from home, additional leave and parental leave entitlements.

We're continuing to build a gender equitable team, and a culture that's just as diverse, inclusive and welcoming as the communities we serve. We encourage applications from people of all ages, cultures (including Aboriginal and Torres Strait Islander peoples), abilities, sexual orientation and gender identities.

We're happy to adjust our recruitment process to support candidates with disability. Find out more in the 'Our Recruitment Process' section of our careers site.

Job ID: 110283

Employment Type: Full time