AddressWe've been trusted to serve Aussie communities since 1914 and grown to become a top 30-listed on the ASX with 120,000 team members and a portfolio of iconic brands. At Coles Group, you'll not only get to make a difference to millions of Aussie lives-you'll also get to see your impact.
About the team
Technology is the backbone of our business. Every day, our team solves complex and meaningful problems. Those solutions help thousands of our fellow team members succeed and make millions of customers' lives easier every day.
The security team at Coles is proud of their successful delivery of customer-focused solutions. There are a lot of exciting initiatives on the horizon as protecting our customers, team members and reputation is essential to being the most trusted retailer.
The Information Security team is accountable for all aspects of Information Security across Coles including Strategy & Architecture, Governance, Security Detection & Response, Cloud Security and Security Technologies. This role will be based within the Security Governance team and will play an active role in uplifting the Coles' Information Security Risk & Control maturity.
About the role
This role will report into the Head of Security Governance. Key stakeholders of the role also include the Information Security Leadership Team (ISLT) that includes the areas General Manager and Heads of, Head of Technology Risk, Head of Group Risk, Head of Internal Audit, Delivery managers, Principles and project teams within Information Security, Technology and Business, IT Service Providers (as appropriate)
Responsible for the delivery of Compliance Automation solutions which ensure the effectiveness of security controls implemented to protect Coles' Critical and Secret Information Assets, including but not limited to on-prem/critical infrastructure, technology stacks and applications.
Candidate would be considered a "T-Shaped" individual, having broad knowledge across the core focus areas below, with deep drill down expertise in at least one of the core focus areas, preferably around automation and compliance frameworks, policies and standards and controls: automated solutions, security policy and pattern enforcement, coding skills, software development lifecycles and applicable tools
Typical activities that you will be responsible for and involved with on a day-to-day basis are outlined below:
Tactical Delivery & Automation
Co-design, co-build, and co-own the security control automation
Design and develop automated compliance, control assurance and reporting solutions
Develop technical solutions that measure the performance of controls, conformance with patterns and policy for on-prem/critical infrastructure/related technology stacks and applications
Work with Senior Controls Assurance Analyst to develop automation use cases
Work with the Technical Assurance & Compliance Automation Delivery manger to identify reporting requirements and automate metric population and visualisation of Control Assurance results.
Provide the primary engagement interface for collaboration with other Coles' service and support teams to deliver effective security solutions.
Development of Compliance Automation strategic initiatives and objectives in line with broader organisational and technology strategy.
Operational oversight of implemented security solutions with a view to continuous improvement and operational efficiency
Build and maintain a Compliance Automation framework for Information Security within Coles.
Help the engineers around you level-up on their own security reasoning and knowledge
About you and your skills
7-10+ years of experience across multiple Information Security and related Technology governance roles with a recent focus on Compliance Automation.
As applicable to the core focus areas:
Practical hands-on experience working with Information Security and related Technology governance frameworks
Experienced in interpreting Information Security framework requirements, industry & best practice standards
Experience analysis, identifying and implementing best of breed framework requirements
Extensive experience developing/establishing; as well as designing automated risk and security controls compliance programs for large and complex technology enabled organisations.
Experience with Operational risk management and compliance processes, including the management of risk appetite statements and key risk indicators
Experience navigating and delivering within complex corporate environments at pace
Demonstrable experience working with stakeholders at all levels of the organisation, to influence outcomes, obtain buy-in and solicit commit to implement Information Security requirements
Ability to think deeply and critically about the efficacy of information presented to stakeholders and whether the right messages are communicated from the presented materials
A can-do attitude coupled with an ability to "roll up one's sleeves" and directly contribute to delivery
Ability to translate and communicate complex, technical or Information Security concepts in a non-technical, simplified fashion. Making sure communication is fit for purpose, regardless of the readers skillset/knowledge.
Relevant tertiary qualification and or business experience with Technology/Information Security
Relevant security certifications beneficial such as CISA, CISM, CISSP, SASA, ISO27K or related IT Governance certifications such as COBIT
Experience developing highly automated software solutions based on event driven architecture.
Experienced in security enforcement within CI/CD pipelines, inclusive of automation/orchestration and service delivery.
Experienced with building and operating deployments into on-prem/critical infrastructure/technology stacks and application environments
Experience with applied coding skills (e.g: PowerShell, Python, JSON, Terraform, etc)
Experienced in software development lifecycle and tools (e.g: Git, Jira, Azure DevOps, etc)
Experience working in and with Agile project management methodologies and SCRUM development practices.
Experience with application cloud/web/API security practices.
Familiarity with common security frameworks (e.g: SANS, NIST, ISO 27xxx, PCI DSS, etc)
#LI-JG1
Take your next step into something bigger, apply now
With us it's not about the discounts (although you do get those), it's about joining a team where your wellbeing and professional development is invested in and celebrating your contributions is the norm. And because everyone leads unique lives, we offer flexible work including work from home, additional leave and parental leave entitlements.
We're continuing to build a gender equitable team, and a culture that's just as diverse, inclusive and welcoming as the communities we serve. We encourage applications from people of all ages, cultures (including Aboriginal and Torres Strait Islander peoples), abilities, sexual orientation and gender identities.
We're happy to adjust our recruitment process to support candidates with disability. Find out more in the 'Our Recruitment Process' section of our careers site.
Job ID: 113562
Employment Type: Full time
