AddressWe've been trusted to serve Aussie communities since 1914 and grown to become a top 30-listed on the ASX with 120,000 team members and a portfolio of iconic brands. At Coles Group, you'll not only get to make a difference to millions of Aussie lives-you'll also get to see your impact.
About the team
Technology is the backbone of our business. Every day, our team solves complex and meaningful problems. Those solutions help thousands of our fellow team members succeed and make millions of customers' lives easier every day.
The security team at Coles is proud of their successful delivery of customer-focused solutions. There are a lot of exciting initiatives on the horizon as protecting our customers, team members and reputation is essential to being the most trusted retailer.
The Information Security team is accountable for all aspects of Information Security across Coles including Strategy & Architecture, Governance, Security Detection & Response, Cloud Security and Security Technologies. This role will be based within the Technical Assurance & Compliance Automation team and will play a supportive role in uplifting the Coles' Information Security Risk & Control maturity.
About the role
This role will report into the Delivery Manager -Technical Assurance and Compliance Automation. Key stakeholders of the role also include the Information Security Heads of, Head of Technology Risk, Head of Group Risk, Head of Internal Audit, Delivery managers, Principles and project teams within Information Security, Technology and Business, IT Service Providers (as appropriate)
Responsible for the delivery of Security engineering solutions which ensure the effectiveness of security controls implemented to protect Coles' Critical and Secret Information Assets in the cloud environment, including but not limited the google cloud platform.
Candidate would be considered a "T-Shaped" contributor, having broad knowledge across the core focus areas below, with deep drill down expertise in google cloud, preferably with an understanding of security & compliance frameworks, policies and standards and controls: security policy and pattern enforcement, coding skills, software development lifecycles and applicable tools.
Typical activities that you will be responsible for and involved with on a day-to-day basis are outlined below:
Tactical Delivery & Automation
- Co-design, co-build, and co-own the security control environment (core focus on Google cloud environment).
- Design and develop compliance, control assurance and reporting solutions.
- Develop technical solutions that measure the performance of controls, conformance with patterns and policy for Google cloud environment.
- Work with Senior Controls Assurance Analyst to develop security use cases for the cloud environment.
- Work with the Technical Assurance & Compliance Automation Delivery manger to identify reporting requirements and automate metric population and visualisation of Control Assurance results.
- Provide the primary engagement interface for collaboration with other Coles' service and support teams to deliver effective security solutions.
- Development of Compliance Automation strategic initiatives and outcomes in line with broader organisational and technology strategy.
- Operational oversight of implemented security solutions with a view to continuous improvement and operational efficiency
- Build and maintain a Compliance Automation framework for Information Security within Coles.
- Help the engineers around you level-up on their own security reasoning and knowledge.
About you and your skills
7-10+ years of experience across multiple Information Security and related Technology governance roles with a recent focus on Compliance Automation and evidence of Google cloud environment skills and certifications.
As applicable to the core focus areas:
Practical hands-on experience working with Information Security and related Technology governance frameworks
Experienced in interpreting Information Security framework requirements, industry & best practice standards
Experience interpreting, identifying and implementing best of breed framework requirements.
Extensive experience developing/establishing; as well as designing risk and security controls compliance programs for large and complex technology enabled organisations.
Experience with Operational risk management and compliance processes, including the management of risk appetite statements and key risk indicators
Experience navigating and delivering within complex corporate environments at pace
Ability to work in a cross functional Security Engineering team.
Demonstrable experience working with stakeholders at all levels of the organisation, to influence outcomes, obtain buy-in and solicit commit to implement Information Security requirements.
Ability to think deeply and critically about the efficacy of information presented to stakeholders and whether the right messages are communicated from the presented materials
A can-do attitude coupled with an ability to "roll up one's sleeves" and directly contribute to delivery
Ability to translate and communicate complex, technical or Information Security concepts in a non-technical, simplified fashion. Making sure communication is fit for purpose, regardless of the readers skillset/knowledge.
Relevant tertiary qualification and or business experience with Technology/Information Security
Relevant security certifications beneficial such as CISA, CISM, CISSP, SASA, ISO27K or related IT Governance certifications such as COBIT
Experience developing highly automated software solutions based on event orientated architecture.
Experienced in security enforcement within CI/CD pipelines, inclusive of automation/orchestration and service delivery.
Experienced with building and operating deployments for Google cloud.
Experience with applied coding skills (e.g: PowerShell, Python, JSON, Terraform, etc)
Experienced in software development lifecycle and tools (e.g: Git, Jira, Azure DevOps, etc)
Experience working in and with Agile project management methodologies and SCRUM development practices.
Experience with application cloud/web/API security practices.
Familiarity with common security frameworks (e.g: SANS, NIST, ISO 27xxx, PCI DSS, etc)
#LI-JG1
Take your next step into something bigger, apply now
With us it's not about the discounts (although you do get those), it's about joining a team where your wellbeing and professional development is invested in and celebrating your contributions is the norm. And because everyone leads unique lives, we offer flexible work including work from home, additional leave and parental leave entitlements.
We're continuing to build a gender equitable team, and a culture that's just as diverse, inclusive and welcoming as the communities we serve. We encourage applications from people of all ages, cultures (including Aboriginal and Torres Strait Islander peoples), abilities, sexual orientation and gender identities.
We're happy to adjust our recruitment process to support candidates with disability. Find out more in the 'Our Recruitment Process' section of our careers site.
Job ID: 101282
Employment Type: Full time
