ABOUT THE ROLE

Responsible for overseeing Information Security, Cyber Security and ICT Risk Management programs based on industry-accepted information security and risk management frameworks. This includes identifying and mitigating security risks, responding to security incidents, conducting security audits and providing the IT roadmap to relevant industry standard accreditations, e.g. Cyber Essentials/Cyber Essentials+, ISO27001 or NIST.
The Cyber Security Specialist will work closely with the wider IT service as well as business stakeholders, to ensure the security of the company’s information assets.

WHAT YOU WILL DO

• Coordinate the continuous development, implementation and updating of cyber security and privacy policies, standards, guidelines, baselines, controls, processes and procedures in compliance with relevant regulations and standards for information systems.
• Develop and manage the frameworks, processes, tools and consultancy required to manage IT Cyber & Information Security risks and to make risk-based decisions related to IT activities.
• Proactively identifying and mitigating security risks and vulnerabilities through continuous assessment internally and working with external 3rd party auditors to conduct periodic reviews.
• Proactively identifying and mitigating IT risks as well as responding to observations identified by third-party auditors or examiners while assisting in developing periodic reports and dashboards presenting the level of controls compliance and current IT risk posture.
• Develop a framework for cyber security controls relating to Operational Technology infrastructure (OT) for manufacturing.
• Assist IT managers and staff with the audits and facilitate management response and remediation efforts.
• Ensure overall IT compliance with regulatory requirements through proactive planning, communication, ownership, and relationships with key stakeholders.
• Identify acceptable levels of residual risk and assist with action plans, policy and procedural changes for risk mitigation. Provide strategic recommendations to key IT projects to help improve project results, quality of deliverables, risk optimisation, security processes and compliance with regulations.
• Facilitate cyber security, information security management and regulatory (as required) training for all employees.
• Support internal investigations, prepare written findings and recommendations, and carry out follow-up activities.
• Coordinate Information Security Incident response activities, manage reporting for events and/or exploited vulnerabilities, including unauthorised system or network access, denial of service, inappropriate data access, data corruption, and/or collection of private or confidential information.
• IT point of contact for disputes, requests for exceptions and complaints regarding business-wide information systems security policies, practices and related issues, supported by the IT Management Team.
• Work as a liaison for external bodies requiring information and reports on IT security incidents.
• Create and maintain all relevant Cyber and Information Security documentation and procedures.
• Stay up to date on the latest security threats and technologies
• Work with other IT staff and business stakeholders to ensure the security of the company’s information assets
• Contribute to solutions developed by Operations & Infrastructure, Applications and Service Delivery teams to ensure cyber security controls and principles and maintained and upheld at all times.
• Contribute to the IT Service Catalogue.
• Be a member of the IT Change Advisory Board and IT Incident Management and Response team.
• Support the Out Of Hours Incident Management process for cyber security incidents
• Work within the ITIL aligned IT management framework as lead by Head of IT
• Own additional IT Processes as identified/required.

Our typical hybrid roles at Fortescue Zero require 3 days in the office and 2 from home, making the ability to commute to the stated office location for the required days essential.

• Fortescue Zero bonus scheme
• Aviva Pension
• Group Life Assurance
• Group Income Protection
• Electric Car Scheme
• Health Cash Plan
• Employee Assistance Programme
• Private Medical Insurance
• 26 days holiday plus public holidays and the opportunity to purchase an additional 5 days per year
• Childcare Benefits
• Free on-site gym access and discounted national membership