Cybersecurity Manager: Business Information Security at Woolworths

Introduction

• At Woolies we are on a mission to maintain and develop a high-performing cyber security function in support of a complex business undergoing digital transformation. We are looking for a senior leader in the cybersecurity team to take responsibility for scaling information and cyber security across the Woolworths South Africa business. The focus is on business-related security capabilities including access management, security training and culture, third party and ecosystem security, and data security and protection. This role reports to the CISO and is a leadership role requiring experience in security risk management, analysis and advisory

Job description

PEOPLE

• Enhancing cyber intellectual capital: Leadership and management of the business information security team covering talent development and performance management.
• Building culture and teaming: Management of internal partnerships for execution, including context setting, skills transfer, and up-skilling.
• Management of key external security partner and service relationships.
• Fostering business and IT relationships to define requirements in the context of business risk.

PROCESS

• Work closely with Cyber Delivery Management, Architecture and Engineering capabilities to provide proactive advisory services to IT and business stakeholders.
• Take responsibility for core capabilities of access management, data security, third party security and awareness training, bridging the gap between business and cyber technical functions.
• Work with the SOC to manage threat and vulnerability management.
• Work with other cybersecurity team leaders, the CISO, and other key stakeholders to define and drive a threat-informed and risk-based cyber security strategy.
• Contribute to the ongoing improvement of cyber security processes and ways of working.
• Translate strategic security operational requirements into practical solutions and drive implementation.
• Contribute to the ongoing maintenance and enhancement of Cyber and Information Security Policies, Standards, Procedures and Guidelines.
• Remain aware of global security industry trends and influence the strategy accordingly.
• Manage forecasts and budgets.

CUSTOMER

• Understand Cyber, IT and Business strategies and contribute to the creation and delivery of the annual cyber security roadmap and execution with a specific focus on business information security and advisory.
• Plan and prioritize projects and workload to deliver to the roadmap.
• Provide updates, context and feedback to relevant stakeholders.
• Build close relationships with business and IT stakeholders to scale security and to drive the required level of controls over core assets.

Minimum requirements

• 8 years relevant experience in the cyber and information security discipline.
• 4-year IT qualification.
• Demonstrable experience in leading a specialised cybersecurity team within a large environment.
• Experience with security operations tools, frameworks, practices, and processes.
• Industry certifications (e.g. CISA, CISM, CISSP).
• Resiliency, determination, and pragmatism.
• May be required to assist outside of working hours

ADDITIONAL CRITERIA

• Comfortable giving presentations and training.
• People leadership experience is advantageous.
• Good report and technical writing skills.
• Working knowledge of PCI-DSS.
• Practical experience with the industry frameworks (e.g. CIS and COBIT).
• Hands-on technical security experience is highly advantageous.