Cyber Risk Advisor

About Us

Fortescue is both a proud West Australian company and a global green solutions business. We are recognised for our culture, innovation and industry-leading development of infrastructure, mining assets and green energy initiatives.

Our Opportunity

Work Location:  Perth.  Perth, Western Australia.  Fortescue’s Perth office is located on the traditional lands of the Whadjuk people.

Roster:  Monday to Friday 

The Cyber Security team is responsible for leading Fortescue's efforts to be a cyber resilient, safe and trusted organisation, by effectively managing risk across all assets enabled through technology (informational, industrial and operational)

Reporting to the Superintendent of Cyber Risk Advisory, the role will be responsible for protecting Fortescue’s information technology (IT) and operational technology (OT) environment through compliance with all applicable configuration standards and best practice frameworks for any cyber risk assessment and assurance activities, performing Threat Assessments and Modelling activities, cyber security reviews, development of Security patterns and assisting with incident response activities

Key Responsibilities

• Carries out cyber security risk management activities within a specific function, technical area, or project of medium complexity.
• Identifies cyber risks and vulnerabilities, assesses their impact and probability, develops mitigation strategies and reports to the business.
• Involves specialists and domain experts as necessary.
• Maintains documentation of risks, threats, vulnerabilities, and mitigation actions.
• Advises on Fortescue’s approach to cyber risk management related to corporate and/or Operation Technology domains.
• Identifies typical risk indicators and explains prevention measures.
• Identifies risk mitigation measures required in addition to the standard organisation or domain measures.
• Develop security patterns for key technologies based on threat modelling.
• Reviews and performs cyber risk assessments and risk treatment plans. Identifies typical risk indicators and explains prevention measures.

Qualifications and Experience

• Degree / Diploma / Certificate in Information Technology, Computer Science, Electrical Engineering, mechatronics, or a related discipline.
• General or specific Cyber Security certifications e.g. CCNA, CISSP, GSEC, GRID, GICSP, OSCP CEH, CISM etc.;
• Degree / Diploma / Certificate in information systems management, business administration, or a related discipline would be beneficial.
• Independent judgement and strong decision-making capabilities;
• An ability to communicate complex and technical issues to diverse audiences at all levels;
• An understanding of organizational mission, values, and goals and consistent application of this knowledge;
• Ability to react to high pressure dynamic changing environments;
• Ability to effectively work independently or as part of a team.

Our Commitment

Fortescue is deeply committed to providing a safe culture that builds respect, fosters inclusiveness, and values diversity. We celebrate individual strengths and team members from all backgrounds are encouraged to bring their whole selves to work. Our global workforce drives and promotes an inclusive culture, both within our organisation and throughout the communities we interact with across the world. Diverse backgrounds include First Nations Peoples, people with differing abilities, LGBTIQ+ community, gender, neurodiverse, cultural diversity, all age groups, and those with an intersectional or multiple diverse characteristics. We encourage candidates from all backgrounds to apply.

https://fortescue.com/careers 

Internal Candidates / Current Contractors please apply via Success Factors Careers Portal. For further information on how to apply please visit the Fortescue Hub. 

Fortescue reserves the right to close applications early should a suitable pool of candidates be identified. Fortescue will never contact you to ask for payment of any kind, whether directly or through a third party.