Cybersecurity Manager: Business Information Security
Listing reference: woolw_001095
Listing status: Online
Apply by: 2 March 2025
Position summary
Industry: FMCG & Supply Management
Job category: FMCG, Retail, Wholesale and Supply Chain
Location: Western Cape
Contract: Permanent
Remuneration: Market Related
EE position: No
Introduction
At Woolies we are on a mission to maintain and develop a high-performing cyber security function in support of a complex business undergoing digital transformation. We are looking for a senior leader in the cybersecurity team to take responsibility for scaling information and cyber security across the Woolworths South Africa business. The focus is on business-related security capabilities including access management, security training and culture, third party and ecosystem security, and data security and protection.
This role reports to the CISO and is a leadership role requiring experience in security risk management, analysis and advisory
Job description
- PEOPLE
- Enhancing cyber intellectual capital: Leadership and management of the business information security team covering talent development and performance management.
- Building culture and teaming: Management of internal partnerships for execution, including context setting, skills transfer, and up-skilling.
- Management of key external security partner and service relationships.
- Fostering business and IT relationships to define requirements in the context of business risk.
- PROCESS
- Work closely with Cyber Delivery Management, Architecture and Engineering capabilities to provide proactive advisory services to IT and business stakeholders.
- Take responsibility for core capabilities of access management, data security, third party security and awareness training, bridging the gap between business and cyber technical functions.
- Work with the SOC to manage threat and vulnerability management.
- Work with other cybersecurity team leaders, the CISO, and other key stakeholders to define and drive a threat-informed and risk-based cyber security strategy.
- Contribute to the ongoing improvement of cyber security processes and ways of working.
- Translate strategic security operational requirements into practical solutions and drive implementation.
- Contribute to the ongoing maintenance and enhancement of Cyber and Information Security Policies, Standards, Procedures and Guidelines.
- Remain aware of global security industry trends and influence the strategy accordingly.
- Manage forecasts and budgets.
- CUSTOMER
- Understand Cyber, IT and Business strategies and contribute to the creation and delivery of the annual cyber security roadmap and execution with a specific focus on business information security and advisory.
- Plan and prioritize projects and workload to deliver to the roadmap.
- Provide updates, context and feedback to relevant stakeholders.
- Build close relationships with business and IT stakeholders to scale security and to drive the required level of controls over core assets.
Minimum requirements
- 8 years relevant experience in the cyber and information security discipline.
- 4-year IT qualification.
- Demonstrable experience in leading a specialised cybersecurity team within a large environment.
- Experience with security operations tools, frameworks, practices, and processes.
- Industry certifications (e.g. CISA, CISM, CISSP).
- Resiliency, determination, and pragmatism.
- May be required to assist outside of working hours
- ADDITIONAL CRITERIA
- Comfortable giving presentations and training.
- People leadership experience is advantageous.
- Good report and technical writing skills.
- Working knowledge of PCI-DSS.
- Practical experience with the industry frameworks (e.g. CIS and COBIT).
- Hands-on technical security experience is highly advantageous.
