Woolworths hires first-ever CISO

Woolworths Australia has appointed its first ever chief information security officer in an effort to bolster its infosec credentials, hiring a former KPMG exec and security consultant to the position.

Pieter van der Merwe

The supermarket giant first advertised for a CISO in January this year.

It is understood the infosec functions were previously held by Peter Cooper as group information security manager. According to his LinkedIn profile, Cooper left the retailer last year to join building fixtures supplier GWA Group as its IT risk manager.

The CISO role at Woolworths role is responsible for "planning, organising and directing the availability, integrity and confidentiality of the enterprise IT networks, systems and procedures, while ensuring business objectives are met in a secure and commercial manner", according to its job ad.

This month, Woolworths appointed Pieter van der Merwe to the position.

"This move reflects the wider threat from cyber crime and will place us in a stronger position to deal with that threat," a Woolworths spokesperson told iTnews.

Van der Merwe was most recently the director in charge of information security at audit and advisory firm KPMG, a position he held for just short of seven years.

Prior to that he spent 18 months at IBM in various technology risk roles. He has also worked as an information security consultant at Dimension Data.

His new position is split into strategic planning and administration, operations (oversight of infosec architecture and engineering, day-to-day info ops, controls and "security rigour"), and compliance (PCI and other regulatory requirements, as well undertaking regular reviews of partners, systems and processes).

Van der Merwe will lead the retailer's existing IT security team and report into Woolworths CIO Clive Whincup.

Woolworths is looking to gain a better understanding of the security risk present in its IT systems and processes through the new hire, among other things.

As CISO, van der Merwe will be judged on his ability to deliver a Woolworths security strategy, clearly and coherently communicate security functions to partners, stakeholders, the board and the wider business; and manage relationships.

The retailer is one of several big-name organisations to boost its IT security ranks in recent times.

The Commonwealth Bank earlier this year resurrected a dormant CISO role to give the title for former cyber security chief Ben Heyes, while WA Police will soon appoint someone as the force's first infosec chief.