Security Principal (Strategic Projects)

JOB DESCRIPTION We've been trusted to serve Aussie communities since 1914 and grown to become a top 30-listed on the ASX with over 115,000 team members and a portfolio of iconic brands.
At Coles Group, you'll not only get to make a difference to millions of Aussie lives—you'll also get to see your impact.
About the team Technology is the backbone of our business.
Every day, our team solves complex and meaningful problems.
Those solutions help thousands of our fellow team members succeed and make millions of customers lives easier every day.
Our Business Protect and Secure by Design team is crucial and accountable for understanding Coles' initiatives, and assess the cyber security impact, to therefore provide reliable strategic and security recommendations.
Bringing security to the forefront of strategic planning and execution by design.
About the role Reporting to the Head of Business Protect and Secure by Design, this position plays a pivotal role in integrating and reviewing the implementation of security controls and requirements throughout the project and technology delivery life cycle.
We are seeking a proficient Security Principal that can champion a Secure-by-Design approach and act as the primary point of contact for key technology and business stakeholders, building trusted relationships and uplifting cyber posture while ensuring security solutions are aligned with business needs.
You will also be responsible for: Leading the execution of threat modelling and cyber security impact assessments on new projects and changes to existing systems and platforms.
Proactively identifying potential security weaknesses and develop mitigation strategies to address identified risks.
Driving continuous improvement initiatives within the Secure by Design domain.
Guiding project managers, initiative leads and other key business stakeholders to ensure that security controls are effectively implemented throughout the project and technology life cycle.
Building and implementing stakeholder management strategies and employing targeted communication styles to achieve common goals Design and deliver communications for stakeholders up to Chief, GM and Heads of level.
Uplifting and optimising solutions to ensure that Security standards and processes are defined, implemented, and validated.
Participating in risk assessments and audits, monitoring the effectiveness of cyber controls and compliance with internal policies, regulations, and industry standards.
Proactively work alongside governance, risk and other cyber teams to align policies, standards and control frameworks with regulatory and compliance requirements.
About you The ideal candidate will have: Exceptional communication and interpersonal skills to effectively communicate security risks, requirements, and recommendations clearly and concisely to both technical and non-technical audiences.
An ability to drive business outcomes while identifying and managing Cyber risk and compliance Demonstrated expertise in conducting risk assessments, an in depth understanding of security reference architectures and up-to-date knowledge of the latest cyber security threats, vulnerabilities, and technologies.
To be successful in this role, you will have: Deep understanding of security reference architectures, secure by design principles, threat modelling methodologies, and risk assessment techniques.
Extensive experience (10+ years) in designing, implementing, and managing security controls across the breadth of security capabilities within complex technology environments.
Experience in DevSecOps Transformations, OT Security, Payment Security or AI desirable.
Demonstrated ability to lead and influence senior stakeholders and collaborate across the broader Group Cyber and Technology teams to meet business needs while managing Cyber risk for the organisation.
Excellent analytical and problem-solving skills to identify and assess security risks, develop mitigation strategies, and troubleshoot complex security issues.
Ability to think critically and make sound decisions under pressure.
Exceptional communication and interpersonal skills to effectively collaborate with diverse stakeholders at various levels, including technical teams, business leaders, and project managers.
Solid understanding of project management methodologies and best practices.
Ability to manage multiple projects simultaneously, prioritise time and risks and ensure timely delivery of project / business objectives.
Familiarity with relevant industry standards and best practices, such as NIST Cybersecurity Framework, ISO 27001, CCM (Cloud Controls Matrix), Essential 8 controls , PCI-DSS, Privacy legislation and OWASP.
Understanding of the Retail industry, challenges, commerciality, operations, and organisation desirable but not mandatory.
Relevant cyber security certifications, such as CISSP, CCSP, CISA, CISM, CRISC, SABSA or other industry-recognised certifications are highly desirable.
What's in it for you?
Flexible working options: We know that work is only one part of your life, so we actively encourage a positive work-life balance and provide hybrid working options to help you achieve it.
Office perks: Take advantage of our gym facility and fitness classes, free parking, BBQ area, mini-Coles supermarket, fooderie hub where you can sample new products before they hit the shelves, school holiday program and so much more when you come in.
Discounts: Eligible team members receive 5% discount all year round on your Supermarket and Liquor online and in-store purchases.
We also offer additional periods of double discount (10%) at various times throughout the year.
As well as hotdeals exclusive to team members that translate into additional savings.
Reward through recognition: Give and receive recognition, linked to our Coles values, through our digital recognition platform 'mythanks'.
You can accumulate points to redeem in the online shop for exciting gifts and electronic gift cards from an extensive range of retailers.
Opportunities for learning and development: No matter where you start within our diverse business, you'll have experiences, exposure, and education to satisfy you.
Discover and explore a variety of career development programs and job-specific training.
Paid parental leave: We understand how important your life outside work is and offer permanent team members paid parental leave to support you in balancing work and family.
Investment in your future: Our annual team member share plan offer allows eligible team members to make regular pre-tax salary sacrifice deductions to purchase Coles Group shares.
About the recruitment process We're continuing to build a gender equitable team, and a culture that is just as diverse, inclusive and welcoming as the communities we serve.
We are committed to creating a workplace that is safe and respectful for our team.
We encourage applications from people of all ages, cultures (including Aboriginal and Torres Strait Islander peoples), abilities, sexual orientation and gender identities.
We're happy to adjust our recruitment process to support candidates with disability.
For further information and additional contact details visit the 'Our Recruitment Process' section of our careers site or email ****** Job ID:?132860 Employment Type:?Full time