Security, Risk & Compliance Manager

We've been trusted to serve Aussie communities since 1914 and grown to become a top 30-listed on the ASX with 120,000 team members and a portfolio of iconic brands. At Coles Group, you'll not only get to make a difference to millions of Aussie lives-you'll also get to see your impact.
As the way we shop continues to evolve, our Technology team keeps us at the cutting edge. Driven by our innovative, inclusive and forward-thinking culture, we're constantly looking at ways to reinvent the shopping experience for our customers and build the next generation of digital retailing.
About the team
The Security team at Coles is proud of their successful delivery of customer-focused solutions. There are many exciting initiatives on the horizon as protecting our customers, team members and reputation is essential to being the most trusted retailer.
The Information Security team is accountable for all aspects of Information Security across Coles including Compliance, Policy and Reporting, Technical Assurance & Compliance Automation, Cloud Security, Third Party Risk Management, Secure design & Data Protection, Security Delivery, and Identity Management. This role will be based within the Security Governance team and will play an collaborative role in uplifting the Coles' Information Security Risk & Control maturity.
About the role
Key stakeholders of the role also include the Head of Security Governance, Information Security Leadership Team (ISLT) that includes the areas General Manager and Head of, Head of Technology Risk, Head of Group Risk, Head of Internal Audit, Delivery managers, Principal and project teams within Information Security, Technology and Business, IT Service Providers (as appropriate).
Responsible for supporting delivery and delivery of uplift in Coles' Information Security Risk & Control maturity in one or more of the following core areas: Information Security Framework, Policies & Guidelines; Information Security Risk & control profile management; Regulatory compliance management or System compliance assessment and profiles.
Typical activities that you will be responsible for and involved with on a day-to-day basis are outlined below:
Execution Delivery

• You will work closely with the Head of Security Governance and Compliance, Policy & Reporting Delivery management on the agreed overarching approach for delivery themes within your remit.
• You will take ownership and carriage of tactical delivery of capabilities, controls, standards, policies, processes, and other project outcomes (including managing peer relationships, vendor scopes of work where work is delivered through an augmented resource arrangement).
• You will support the management and execution of key security initiatives/projects and provide a point of contact to business and technology teams on security governance requirements.
• You will act as a key point of contact for stakeholder engagement across the business, technology, and external vendors, while demonstrating a strong ability to engage and develop stakeholder relationships.

Security governance, security risk, compliance, and assurance processes

• Support the build and maintenance of a governance framework for Information Security within Coles.
• Maintain Coles Information Security policy and standards/guidelines.

• Build and maintain a governance framework for Information Security within Coles.
• Maintain Coles Information Security policy and standards/guidelines.
• Build and maintain an Information Security compliance and assurance process within Coles.
• Plan and direct compliance and assurance activities
• Build and maintain an Information Security risk process within Coles.
• Consult with and influence Coles Group Risk on risk processes within Coles.
• Maintain the Coles group and level 2 Information Security risk profile.

Management reporting

• Prepare board/executive and management information packs on Information Security topics of interest.
• You will continually seek to improve existing reporting and presented materials, to see where the purpose of information can further be clarified and where communicated messages need to be refined.
• Assist with the management of Internal Audit responses and evidencing.
• Support Cyber Re-Insurance

About you and your skills

• 7-10+ years of experience across multiple Information Security and related Technology governance roles with a recent focus on Governance, Risk and Compliance.
• As applicable to the core focus areas:

• Practical firsthand experience working with Information Security and related Technology governance frameworks.
• Experienced in interpreting Information Security framework requirements, industry & best practice standards.
• Experience in understanding requirements, identifying and implementing best of breed framework requirements.
• Extensive experience developing/establishing; as well as operating risk and security controls compliance programs for large and complex technology enabled organisations.
• Experience leading Information Security uplift programs and or initiatives dealing with the build out, measurement and improvement of Information Security Risk & Control framework, policies, guidelines, and management profiles.
• Experience with Operational risk management and compliance processes, including the management of risk appetite statements and key risk indicators.
• Experience with assessment and management of regulatory, systems (application) and or third-party compliance
• Experience leading team members delivery, mentoring/management of team members.
• Experience navigating and delivering within complex corporate environments at pace.
• Working knowledge of GRC products/toolsets
• Demonstrable experience collaborating with stakeholders at all levels of the organisation, to influence outcomes, obtain buy-in and solicit commit to implement Information Security requirements.
• Ability to think deeply and critically about the efficacy of information presented to stakeholders and whether the right messages are communicated from the presented materials.
• A can-do attitude coupled with an ability to “roll up one's sleeves” and directly contribute to delivery.
• Ability to translate and communicate complex, technical or Information Security concepts in a non-technical, simplified fashion. Making sure communication is fit for purpose, regardless of the readers skillset/knowledge.

Note: In instances where candidates are not from an Information Security background, the expectation would be that they are able to present their transferable skills and experience (around operational risk/technology/risk and governance management)
#LI-DIG3
Take your next step into something bigger, apply now
With us it's not about the discounts (although you do get those), it's about joining a team where your wellbeing and professional development is invested in and celebrating your contributions is the norm. And because everyone leads unique lives, we offer flexible work including work from home, additional leave and parental leave entitlements.
We're continuing to build a gender equitable team, and a culture that's just as diverse, inclusive and welcoming as the communities we serve. We encourage applications from people of all ages, cultures (including Aboriginal and Torres Strait Islander peoples), abilities, sexual orientation and gender identities.
We're happy to adjust our recruitment process to support candidates with disability. Find out more in the 'Our Recruitment Process' section of our careers site.
Job ID: 107499
Employment Type: Full time