Apply now »

Cyber Lead - Control Assurance - Hawthorn East

We’ve been proudly serving Australian communities since 1914 and have grown to become a top 30-listed company on the ASX with a portfolio of iconic homegrown brands. At the heart of our continued success is over 115,000 team members working across the country, all contributing to bringing our customers smiles. You’ll not only get to see your work make a difference, you’ll be part of a team working together to help Australians eat and live better every day.

 

About the team

 

Our Technology team is the backbone of the business, building and maintaining the information technology infrastructure that support Coles Group. As a part of the Technology team, you get the opportunity to work through complex, challenging, meaningful problems using large data sets and new technologies to expand your skills and experience.

About the team

 

Technology is the backbone of our business. Every day, our team solves complex and meaningful problems. Those solutions help thousands of our fellow team members succeed and make millions of customers’ lives easier every day.  


The security team at Coles is proud of their successful delivery of customer-focused solutions. There are a lot of exciting initiatives on the horizon as protecting our customers, team members and reputation is essential to being the most trusted retailer.
 
The Cyber Security team is accountable for all aspects of Cyber Security across Coles including Strategy & Architecture, Governance, Security Detection & Response, Cloud Security and Security Technologies. This role will be based within the Security Governance team and will play a collaborative role in uplifting the Coles’ Cyber Security Risk & Control maturity.

 

Control Assurance Program

  • Design and execute a comprehensive control assurance program to assess cybersecurity control effectiveness.
  • Review and test design and operating effectiveness of controls; identify risks and gaps.
  • Develop and maintain process documentation (SOPs, Terms of Reference, testing work papers).
  • Coordinate and conduct control testing (walkthroughs, sampling, evidence validation).
  • Analyse test results, identify root causes, and recommend remediation.
  • Track remediation activities and ensure timely closure of control gaps.

 

Stakeholder Engagement

  • Collaborate with business units on control frameworks and provide guidance on best practices.
  • Act as key point of contact for assessed controls.
  • Support reporting on compliance with frameworks (e.g., Essential 8, SoCI Act).
  • Assist with Internal Audit responses and evidence collection.
  • Prepare concise reports on control performance, weaknesses, and remediation actions.
  • Deliver timely, accurate reporting for internal stakeholders.

 

Compliance and Regulatory

  • Support reporting on compliance with frameworks (e.g., Essential 8, SoCI Act).
  • Support updates to the Cyber Security Framework and control library.
  • Support assurance methodology and approach enhancements.

 

Automation

  • Work with automation engineers to develop use cases for assurance automation and reporting.

 

Management Reporting

  • Prepare concise reports on control performance, weaknesses, and remediation actions.
  • Deliver timely, accurate reporting for internal stakeholders.

Cyber Insurance & Audit

  • Support cyber insurance renewal and related evidencing.
  • Facilitate audit engagements and ensure findings are agreed before finalisation.

 

Leadership & Compliance

  • Provide clear direction, guidance and mentoring to team members.
  • Ensure compliance with Coles’ policies, Code of Conduct, and applicable laws

 

 

About the role

 

  • Lead or coordinate the planning, execution, delivery, and monitoring of specific, often complex, cyber security initiatives, projects, functions, or services (e.g., vulnerability management program, security awareness campaign, GRC process implementation, project security engagement).
  • Provide specialist advice, guidance, and oversight to a range of stakeholders (business, technology, project teams) on the application of relevant policies, standards, processes, or frameworks within an area of expertise.
  • Build and maintain strong working relationships with internal and external stakeholders, facilitating collaboration, managing expectations, and influencing outcomes to ensure alignment with security objectives.
  • Contribute analytical insights to the development and refinement of operational practices, processes, or frameworks supporting an area of responsibility, and implement changes within a defined scope.
  • Guide and manage effective risk assessment processes and procedures relevant to the initiative or service, identifying risks, assessing impact, and developing mitigation strategies.
  • Prepare accurate and insightful reports and communications for both technical and non-technical audiences, detailing progress, status, risks, and outcomes related to the area of responsibility.
  • Coach, support, and guide other team members (e.g., Specialists, Engineers) involved in the initiative or service, contributing expertise and fostering collaborative problem-solving.
  • Anticipate complex issues, challenges, and opportunities within the area of responsibility and contribute to the development of relevant strategies or plans.

 

 

 

Experience:

 

  • Proven experience (typically 5+ years) leading or coordinating the delivery of a Control Assurance Program, within a cyber security or relevant technology context.
  • Demonstrated ability planning, scheduling, monitoring, and reporting on complex activities and progress against objectives.
  • Experience managing a pipeline of work or a portfolio of security initiatives, including demand intake, prioritisation, tracking progress, and ensuring effective resource allocation to meet delivery timelines and objectives.
  • Experience engaging with diverse stakeholders at various levels, facilitating collaboration, managing relationships, and influencing outcomes.
  • Experience providing specialist guidance on applying policies, standards, or processes within a defined technical or functional area.
  • Track record contributing to the development or refinement of operational practices, processes, or frameworks.
  • Experience investigating and resolving a broad range of complex issues related to an area of responsibility.
  • Experience navigating complexity and ambiguity to deliver results is highly desirable
  • Practical hands-on experience developing and executing on Control Assurance Programs, including but not limited to having awareness of control design principles, attributes, and testing requirements
  • Experience executing assessments and management of regulatory, systems, and application compliance requirements

 

 

About you and your skills

 

  • Strong knowledge and practical application skills in relevant cyber security domains (e.g., Information Security principles, Risk Management frameworks).
  • Excellent communication and interpersonal skills, including the ability to lead discussions and explain complex concepts clearly.
  • Strong collaboration and stakeholder management skills.
  • Effective planning, organisational, and workflow management skills, demonstrating autonomy and prioritisation.
  • Analytical and problem-solving skills with a broad systems perspective.
  • Ability to provide informal leadership, coaching, and mentorship.
  • Relevant tertiary qualification and or business experience with Technology/Information Security
  • Relevant industry certifications (e.g., CISSP, CISM, CRISC, relevant domain-specific certs) are highly regarded.

 

What’s in it for you?

 

  • Flexible working options: We know that work is only one part of your life, so we actively encourage a positive work-life balance and provide hybrid working options to help you achieve it.
  • Office perks: Take advantage of our gym facility and fitness classes, free parking, BBQ area, mini-Coles supermarket, fooderie hub where you can sample new products before they hit the shelves, school holiday program and so much more when you come in.
  • Discounts: Eligible team members receive 5% discount all year round on your Supermarket and Liquor online and in-store purchases. We also offer additional periods of double discount (10%) at various times throughout the year. As well as hotdeals exclusive to team members that translate into additional savings.
  • Reward through recognition: Give and receive recognition, linked to our Coles values, through our digital recognition platform ‘mythanks’. You can accumulate points to redeem in the online shop for exciting gifts and electronic gift cards from an extensive range of retailers.
  • Opportunities for learning and development: No matter where you start within our diverse business, you’ll have experiences, exposure, and education to satisfy you. Discover and explore a variety of career development programs and job-specific training.
  • Paid parental leave: We understand how important your life outside work is and offer permanent team members paid parental leave to support you in balancing work and family.
  • Investment in your future: Our annual team member share plan offer allows eligible team members to make regular pre-tax salary sacrifice deductions to purchase Coles Group shares.

 

About the recruitment process

 

We’re continuing to build a gender equitable team, and a culture that is just as diverse, inclusive and welcoming as the communities we serve. We are committed to creating a workplace that is safe and respectful for our team. We encourage applications from people of all ages, cultures (including Aboriginal and Torres Strait Islander peoples), abilities, sexual orientation and gender identities.

 

We’re happy to adjust our recruitment process to support candidates with disability. For further information and additional contact details visit the ‘Our Recruitment Process’ section of our careers site or email inclusionrecruitment@coles.com.au

 

Job ID: 174653

Employment Type: Full time

#LI-OR1

Apply now »