Cyber Security Specialist II: Business Information Security

Listing reference: woolw_001434
Listing status: Online
Apply by: 2 April 2026
Position summary
Industry: FMCG & Supply Management
Job category: FMCG, Retail, Wholesale and Supply Chain
Location: Western Cape
Contract: Permanent
Remuneration: Market related
EE position: No
Introduction
At Woolworths we are on a mission to maintain and develop a high-performing cyber and information security function in support of a complex business undergoing digital transformation. We are looking for a passionate Cybersecurity Specialist: Business Information Security to help strengthen security where business and technology meet, influence behaviour and drive practical security improvements. You’ll be working as part of the Business Information Security (BIS) team to defend Woolworths against cyber threats and information security risks. You will work closely with the rest of the Cyber team, IT GRC, and partners across the Group to continually improve our security posture, plus supporting and transforming our security capabilities by embedding security practices into business practices, third party ecosystems, data handling and workforce behaviours to reduce cyber risk while supporting business objectives. This role acts as a bridge between cybersecurity and business, translating cyber risk into business risk and enabling secure adoption of technology, data and digital partnerships. The role also requires good people skills to effectively interact and communicate with various stakeholders across Woolworths.
Job description

  • Identity and Access Management (IAM) - strengthen identity governance by supporting access reviews, adoption of IAM standards & controls, and the effective operation of IAM/PAM processes across the business.
  • Security Awareness & Culture – drive engaging security awareness initiatives, support security-first culture transformation initiatives and security champion programs with business teams.
  • Data Security & Protection – support implementation of data protection controls, including the use of data security tools (DLP/CASB) and the investigation of data-related alerts.
  • Third-Party & Ecosystem Security – conduct and track security assessments for vendors and partners and help manage risks across the broader ecosystem.
  • Business Security Advisory & Risk – Provide practical security guidance to business units and support incident response and reporting activities.
  • Governance, Risk & Compliance – Support implementation of security policies, standards and control frameworks. Support audit, regulatory and assurance activities.
  • Vulnerability Management – Support vulnerability identification, tracking and remediation by coordinating with technical teams, and helping the business understand and prioritise risks.
  • Maintaining and enhancing existing and new toolsets (like DLP) required for mature active defence.
  • Investigating new approaches, technology, and automation to challenge traditional thinking and raise the level of security.
  • Embedding continuous control validation practices across technology and data environments to ensure security controls remain effective in protecting business operations and information assets.
  • Reporting and metrics – assist with building and maturing BIS reporting mechanisms such as dashboards and key cyber metrics. 
  • Establish relationships with key stakeholders for effective cross-team collaboration and implementation of security operations processes.
  • Provide context and guidance to implement security improvements.

 Additional Responsibilities

  • Collaborate with the broader Cyber Security Team to drive and support various operational and strategic initiatives.
  • Champion or co-champion internal security solutions and/or processes.

Minimum requirements

  • 3 years relevant experience in cyber security, information security, or related technology risk roles.
  • Experience with security technologies and processes covering identity & access management, data security, third party risk management, people security & culture, vulnerability management and general infrastructure (network, platform, cloud, and endpoint) security.
  • Good understanding of common security libraries, frameworks, and tools.
  • Very good people skills to engage with the various stakeholders across the business, while ensuring that professionalism is maintained.
  • Ability to engage with and contribute to the Information Security community.

Advantageous

  • Relevant qualifications and certifications such as ISO27001, CISM, CISSP or similar certification is highly advantageous. 

Additional Criteria

  • May be required to assist outside of working hours.
  • Working knowledge of PCI-DSS.
  • Presents problem analysis and a recommended solution rather than just identifying and describing the problem itself
  • Demonstrates a results-oriented mindset in planning and implementing activities/projects.
  • Monitors and tracks progress to ensure delivery of all planned commitments, and keeps the appropriate people informed
  • Prepares written reports and briefs and communicates ideas clearly
  • Speaks fluently in team meetings when presenting information
  • Manages existing partnerships within established agreements or contracts; negotiates adjustments when mutually beneficial to do so
  • Genuinely cultivates personal bonds with colleagues to enhance performance throughout the organisation
  • Adjusts to work effectively within new work structures, processes, requirements, or cultures
  • Demonstrates resourcefulness in acquiring necessary knowledge, skills, and competencies to adapt to change

Our website uses cookies so that we can provide you with the best user experience. By continuing to use our website, you agree to our use of cookies.