AddressWe've been trusted to serve Aussie communities since 1914 and grown to become a top 30-listed on the ASX with 120,000 team members and a portfolio of iconic brands. At Coles Group, you'll not only get to make a difference to millions of Aussie lives-you'll also get to see your impact.
About the team
Technology is the backbone of our business. Every day, our team solves complex and meaningful problems. Those solutions help thousands of our fellow team members succeed and make millions of customers' lives easier every day.
The security team at Coles is proud of their successful delivery of customer-focused solutions. There are a lot of exciting initiatives on the horizon as protecting our customers, team members and reputation is essential to being the most trusted retailer.
The Information Security team is accountable for all aspects of Information Security across Coles including Strategy & Architecture, Governance, Security Detection & Response, Cloud Security and Security Technologies. This role will be based within the Security Governance team and will play an active role in uplifting the Coles' Information Security Risk & Control maturity.
About the role
This role will report into the Security Governance, Risk & Compliance delivery manager. Key stakeholders of the role also include the Head of Security Governance, Project teams within Information Security, Technology and Business; Procurement; as well as IT Service Providers (as appropriate) and Peers across Information Security.
Responsible for supporting Coles' Information Security Partner Security Assessment Program covering our Third Party's controls environments, Coles Information Security Framework, Policies & Guidelines; Regulatory compliance management.
Typical activities that you will be responsible for and involved with on a day-to-day basis are outlined below:
Execution Delivery
- You will work directly with the Security Governance, Risk & Compliance delivery manager to identify the required assurance framework, risk and control or system/regulatory profiles and associated standard or policies requirements that need to be tested/for which assurance is required
- Support the management and improvement of third-party cyber security due diligence services
- Review and test the design and operating effectiveness of controls across the organisation to identify potential risks and control gaps
- Develop and execute testing plans and procedures to confirm control effectiveness and identify areas for improvement
- Analyse test results to identify root causes of control deficiencies and provide recommendations for remediation
- Collaborate with business units provide guidance and education on best practices for control design and implementation, contract manager responsibilities
- Ensure that control deficiencies are appropriately documented and tracked, and work with business units to develop and implement remediation plans
- Develop and maintain guidance documents to support the effective reporting of control performance and documentation of testing work papers
- Act as a key point of contact for deliverable you have worked on, e.g., specific Partner Security Assessments
Management reporting
- Support preparation of control performance reporting, including but not limited to the areas of control weakness, deficiencies, and the targeted remediation actions.
About you and your skills
4-7 years of experience across multiple Information Security and related Third Party risk management roles.
As applicable:
Practical hands-on experience executing on Third Party risk management Programs, including but not limited to having awareness of control design principles, attributes, and testing requirements.
Knowledge of Information Security framework requirements, industry & best practice standards
Knowledge of external and independent assurance reporting formats used by Partners to demonstrate the appropriateness of their control environment
Knowledge of Operational risk management and compliance processes, including the management of risk appetite statements and key risk indicators
Experience executing Third Party Risk Management assessments
Working knowledge of GRC products/toolsets
A can-do attitude
Relevant tertiary qualification and or business experience with Technology/Information Security
Relevant security certifications beneficial such as CISA, CISM, CISSP, SASA, ISO27K or related IT Governance certifications such as COBIT
Effective communication (written and verbal) and interpersonal skills
Presentation and facilitation skills, including the ability to tailor communications for different audiences
Ability to influence others, gain buy-in and negotiate implementation and delivery outcomes
#LI-JG1
Take your next step into something bigger, apply now
With us it's not about the discounts (although you do get those), it's about joining a team where your wellbeing and professional development is invested in and celebrating your contributions is the norm. And because everyone leads unique lives, we offer flexible work including work from home, additional leave and parental leave entitlements.
We're continuing to build a gender equitable team, and a culture that's just as diverse, inclusive and welcoming as the communities we serve. We encourage applications from people of all ages, cultures (including Aboriginal and Torres Strait Islander peoples), abilities, sexual orientation and gender identities.
We're happy to adjust our recruitment process to support candidates with disability. Find out more in the 'Our Recruitment Process' section of our careers site.
Job ID: 93412
Employment Type: Full time
