Senior Cyber Specialist - Coles SO NSW

A new role means a new way to win together. We’ve been proudly serving Australian communities since 1914 and at the heart of our continued success lies our 115,000 team members working across the country. If you’re looking for a career-defining opportunity, take the next step and explore another way your work can have impact and make a difference.

About the team

Technology is the backbone of our business. Every day, our team solves complex and meaningful problems. Those solutions help thousands of our fellow team members succeed and make millions of customers' lives easier every day.

The Cyber Security team at Coles is accountable for protecting our customers, team members and reputation across strategy and architecture, governance, detection and response, cloud security and security technologies. This role sits within the Identity and Access Management area, helping make identity and access controls practical, evidenced and ready for governance.

The team works across product, architecture and delivery squads to move initiatives from front door, quotes and discovery through to delivery readiness, implementation and operational handover.

About the role

We are looking for an experienced Senior Cyber Specialist to help lead cyber-aware analysis across identity and access initiatives.

This is a role for someone who wants to work close to meaningful cyber delivery, not sit on the sidelines documenting requirements after decisions have already been made. You will help shape how Coles turns identity and access controls into practical, evidenced and delivery-ready outcomes that protect our customers, team members and business.

You will operate as a delivery connector between business stakeholders, Product Managers, IAM and Security Architects, engineers, Iteration Managers, Project Managers and governance teams. You will bring structure to ambiguity, challenge weak assumptions, and help teams make clear decisions on scope, requirements, risks, controls, evidence and delivery readiness.

This is not a Project Manager or Security Architect role. You will not be expected to own the project plan or design the technical solution. Your value will come from connecting the dots across business needs, cyber control outcomes, delivery constraints and governance expectations.

Strong outcomes in this role look like review-ready artefacts, traceable requirements, clear access models, well-managed risks and decisions, and delivery teams that can move with confidence.

Why this role matters

Identity and access management is one of the most important control areas in cyber security. The way identities, accounts, roles, privileges and approvals are designed can directly influence risk, audit outcomes, operational resilience and customer trust.

In this role, you will help make those controls practical. You will work on initiatives that improve how access is requested, approved, reviewed, removed and evidenced across the Coles environment. You will also help lift the way the team delivers by improving repeatability, documentation quality, control traceability and the use of better tooling, automation and AI-assisted ways of working.

What you'll be responsible for

• Lead or support discovery and refinement for IAM initiatives, including problem definition, scope clarification, stakeholder analysis, process mapping, options analysis and delivery readiness.
• Own the quality of key analysis artefacts such as requirements documents, application access models, IAM onboarding documents, epics, user stories, acceptance criteria, RAID logs, action logs, decision logs and evidence trails.
• Translate identity and access control objectives into practical requirements covering account types, personas, entitlements, approvals, lifecycle management, dormancy, user access reviews, privileged access, MFA, least privilege and segregation of duties.
• Partner with Product Managers to ensure business outcomes, prioritisation, funding assumptions and scope trade-offs are understood and reflected in the analysis.
• Partner with IAM architects to ensure requirements align with identity patterns, control requirements, architecture decisions and enterprise security direction.
• Work with Iteration Managers and engineers to support a clean transition from discovery into delivery, including scope lock-down, dependency mapping, estimation inputs and readiness checks.
• Challenge unclear ownership, unsupported assumptions, unmanaged exceptions and control gaps in a constructive way.
• Ensure analysis outputs are complete, evidence-based, traceable, validated by the right stakeholders and decision-ready for governance.
• Support Essential 8 and identity-related risk assessments by documenting scope, evidence, risk rationale, treatments, exceptions, owners and review status.
• Lead or contribute to quality assurance, testing, acceptance activity, release readiness and operational handover so delivered solutions meet business, security and operational needs.
• Mentor and guide other analysts by sharing patterns, calibrating quality, supporting peer review and reinforcing the team practice standard.
• Communicate clearly with technical and non-technical audiences, turning complex security and identity topics into practical choices, actions and decision points.

What you’ll bring

• Proven experience as a Senior Security Analyst, Cyber Business Analyst, IAM Analyst or similar role in cyber security, identity and access management, security governance or complex technology delivery.
• Strong knowledge of IAM concepts and controls, including joiner, mover and leaver lifecycle, account ownership, generic, service and bot accounts, RBAC, PAM, UAR, access modelling, entitlements, least privilege, segregation of duties and approval pathways.
• Practical understanding of control areas such as MFA, privileged access, administrative restrictions, identity governance and Essential 8 risk assessment.
• Strong capability in requirements elicitation, process analysis, business and functional design, user stories, acceptance criteria, traceability and evidence management.
• Experience working across Agile, Waterfall or hybrid delivery environments, including discovery, backlog refinement, implementation support, test planning, acceptance and transition to BAU.
• Thought leadership across cyber-aware delivery by sharing patterns, improving standards, mentoring others and helping the team move from task capture to risk-informed delivery.
• Ability to use structured delivery practices such as stakeholder maps, application scope summaries, RAID logs, action logs, decision logs and definition of ready checks.
• Strong stakeholder management skills, with the judgement to influence, challenge and escalate when scope, ownership, evidence or control outcomes are unclear.
• Experience working with Product Managers, Architects, engineering teams, Iteration Managers, Delivery Managers, business owners, vendors or system integrators.
• Clear written and verbal communication skills, including the ability to present recommendations and make risk, control and delivery implications easy to understand.
• Experience in a large, regulated or retail environment would be advantageous.
• Interest in using AI, automation and improved tooling to uplift cyber delivery practices, including faster analysis, better evidence management, reusable patterns and improved quality of artefacts.

About you and your skills

• 7+ years' experience in security analysis, cyber delivery, IAM, business analysis or a related technology role.
• Comfortable operating across ambiguity and turning incomplete information into clear questions, options, decisions and next steps.
• Curious and prepared to ask what risk, control outcome, decision or evidence is needed rather than simply capturing tasks.
• Structured and disciplined in documentation, with a focus on artefacts that are usable for delivery, governance and audit.
• Pragmatic, collaborative and able to balance cyber resilience, business value, customer impact and delivery momentum.
• Able to work independently while staying aligned to product, architecture and delivery priorities.
• Comfortable mentoring others and contributing to a shared standard of cyber-aware delivery.
• Highly Desirable: Experience in identity management tools such as CyberArk, Sailpoint and Entra

What’s in it for you?

• Flexible working options: We know that work is only one part of your life, so we actively encourage a positive work-life balance and provide hybrid working options to help you achieve it.
• Office perks: Take advantage of our gym facility and fitness classes, free parking, BBQ area, mini-Coles supermarket, fooderie hub where you can sample new products before they hit the shelves, school holiday program and so much more when you come in.
• Discounts: Eligible team members receive 5% discount all year round on your Supermarket and Liquor online and in-store purchases. We also offer additional periods of double discount (10%) at various times throughout the year. As well as hotdeals exclusive to team members that translate into additional savings.
• Reward through recognition: Give and receive recognition, linked to our Coles values, through our digital recognition platform ‘mythanks’. You can accumulate points to redeem in the online shop for exciting gifts and electronic gift cards from an extensive range of retailers.
• Opportunities for learning and development: No matter where you start within our diverse business, you’ll have experiences, exposure, and education to satisfy you. Discover and explore a variety of career development programs and job-specific training.
• Paid parental leave: We understand how important your life outside work is and offer permanent team members paid parental leave to support you in balancing work and family.
• Investment in your future: Our annual team member share plan offer allows eligible team members to make regular pre-tax salary sacrifice deductions to purchase Coles Group shares.

About the recruitment process

We’re continuing to build a gender equitable team, and a culture that is just as diverse, inclusive and welcoming as the communities we serve. We are committed to creating a workplace that is safe and respectful for our team. We encourage applications from people of all ages, cultures (including Aboriginal and Torres Strait Islander peoples), abilities, sexual orientation and gender identities.

We’re happy to adjust our recruitment process to support candidates with disability. For further information and additional contact details visit the ‘Our Recruitment Process’ section of our careers site or email inclusionrecruitment@coles.com.au

Job ID: 186704

#LI-AK2

Employment Type: Full time