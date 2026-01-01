Woolworths splits infosec and physical security again

Woolworths has called time on having a single executive run both physical and information security, following the departure of Pieter van der Merwe at the end of last year.

Woolworths splits infosec and physical security again

Van der Merwe was the chief security officer – a role with dual security responsibilities – for almost three-and-a-half years, and previously Woolworths’ CISO for seven years prior to that.

Woolworths was one of a number of large Australian organisations to centralise all security under a single executive; NAB and NBN Co are among organisations to have done the same.

But with van der Merwe’s departure, Woolworths has taken the opportunity to split up the information and physical security domains.

The retailer has reinstated its CISO role, for which it has hired Elrich Engel. 

Engel revealed the move on his LinkedIn and iTnews has since confirmed the hire.

“I am truly excited about the road ahead as the company undergoes a significant, multi-year technology transformation,” Engel wrote.

“We are shifting from traditional retail toward a data-driven, AI-enabled, and highly automated omnichannel business.”

A Woolworths spokesperson welcomed Engel in a statement to iTnews, saying he had started “earlier this month”.

“As a highly accomplished senior cyber security executive, we’re pleased to have him onboard,” the spokesperson said.

“Elrich’s dedicated focus leading our cyber security teams signals the importance of maintaining safe and secure shopping experiences for our customers.” 

Elrich is well-credentialed, coming from a strategic advisory role with Mandiant and having previously held down CISO roles at AMP and Vodafone Australia.

It does, however, mean that the CSO experiment is over.

iTnews understands that the sizable responsibility, growing complexity and specialised capabilities required in information security persuaded Woolworths to carve it out as a standalone function under a CISO.

Physical store security, meanwhile, is understood to have been returned to Woolworths’ resilience team where it resided before the retailer established the CSO role.

Physical security of customers, teams and facilities is equally recognised as a major undertaking, owing to the large presence of Woolworths in Australia and New Zealand, which is understood to have reinforced the decision to carve it out.

