IT Cyber Security Specialist

The Power of Now

Fortescue Zero\’s mission is to be the world leader in zero emission power systems. We are developing and manufacturing the technologies needed to decarbonise our planet. We are expanding across the geographies of UK, US and Australia and becoming a global company. As part of Fortescue, our vision is to be the number one integrated green technology, energy, and metals company.

An opportunity has arisen for an IT Cyber Security Specialist to join the IT department in a rapidly expanding and exciting work environment.

About the role

Responsible for overseeing Information Security, Cyber Security and ICT Risk Management programs based on industry-accepted information security and risk management frameworks. This includes identifying and mitigating security risks, responding to security incidents, conducting security audits and providing the IT roadmap to relevant industry standard accreditations, e.g. Cyber Essentials/Cyber Essentials+, ISO27001 or NIST.

The Cyber Security Specialist will work closely with the wider IT service as well as business stakeholders, to ensure the security of the company\’s information assets.

What you will do

• Coordinate the continuous development, implementation and updating of cyber security and privacy policies, standards, guidelines, baselines, controls, processes and procedures in compliance with relevant regulations and standards for information systems.
• Develop and manage the frameworks, processes, tools and consultancy required to manage IT Cyber & Information Security risks and to make risk-based decisions related to IT activities.
• Proactively identifying and mitigating security risks and vulnerabilities through continuous assessment internally and working with external 3rd party auditors to conduct periodic reviews.
• Proactively identifying and mitigating IT risks as well as responding to observations identified by third-party auditors or examiners while assisting in developing periodic reports and dashboards presenting the level of controls compliance and current IT risk posture.
• Develop a framework for cyber security controls relating to Operational Technology infrastructure (OT) for manufacturing.
• Assist IT managers and staff with the audits and facilitate management response and remediation efforts.
• Ensure overall IT compliance with regulatory requirements through proactive planning, communication, ownership, and relationships with key stakeholders.
• Identify acceptable levels of residual risk and assist with action plans, policy and procedural changes for risk mitigation. Provide strategic recommendations to key IT projects to help improve project results, quality of deliverables, risk optimisation, security processes and compliance with regulations.
• Facilitate cyber security, information security management and regulatory (as required) training for all employees.
• Support internal investigations, prepare written findings and recommendations, and carry out follow-up activities.
• Coordinate Information Security Incident response activities, manage reporting for events and/or exploited vulnerabilities, including unauthorised system or network access, denial of service, inappropriate data access, data corruption, and/or collection of private or confidential information.
• IT point of contact for disputes, requests for exceptions and complaints regarding business-wide information systems security policies, practices and related issues, supported by the IT Management Team.
• Work as a liaison for external bodies requiring information and reports on IT security incidents.
• Create and maintain all relevant Cyber and Information Security documentation and procedures.
• Stay up to date on the latest security threats and technologies
• Work with other IT staff and business stakeholders to ensure the security of the company\’s information assets
• Contribute to solutions developed by Operations & Infrastructure, Applications and Service Delivery teams to ensure cyber security controls and principles and maintained and upheld at all times.
• Contribute to the IT Service Catalogue.
• Be a member of the IT Change Advisory Board and IT Incident Management and Response team.
• Support the Out Of Hours Incident Management process for cyber security incidents
• Work within the ITIL aligned IT management framework as lead by Head of IT
• Own additional IT Processes as identified/required.

About you

• Experience in a similar/IT related role – Essential
• Experience working within a Microsoft enterprise environment – Essential
• Knowledge of IT processes and controls and excellent understanding of risk and control frameworks e.g. CoBIT, ISO, NCSC, NIST and ITIL. – Essential
• Possess Certified Information Systems Security Professional (CISSP) or other information systems security certifications – Desirable
• An excellent understanding of information security regulatory requirements and standards such as ISO 27001/2, Cyber Essentials/Cyber Essentials Plus, SANS top 20, NIST SP-800-53 – Essential
• Understanding of ISO21434, TISAX and other related automotive standards – Desirable
• Good practical knowledge of security technologies and wider business solutions, including Firewalls, IDS/IPS, Identity and access management, SIEM, remote working and cloud technologies – Essential
• An excellent understanding of legislation and regulations that impact information Security, E.g., Data Protection Act (2018).
• A good understanding of Application Security threats and countermeasures.
• A degree level education in an IT or related technical discipline (e.g. Engineering) – Desirable
• A team player, used to learning new skills & taking on new challenges – Essential
• ITIL Foundation Qualified – Desirable
• A friendly and approachable disposition – Essential

What is in it for you?

Our typical hybrid roles at Fortescue Zero require 3 days in the office and 2 from home, making the ability to commute to the stated office location for the required days essential.

• Fortescue Zero bonus scheme
• Aviva Pension
• Group Life Assurance
• Group Income Protection
• Electric Car Scheme
• Health Cash Plan
• Employee Assistance Programme
• Private Medical Insurance
• 26 days holiday plus public holidays and the opportunity to purchase an additional 5 days per year
• Childcare Benefits
• Free on-site gym access and discounted national memberships

Our Commitment

Not near-zero

Not net-zero.

We are Fortescue Zero

Additional Information

Please note, if you are applying for a role which involves having access to personal data, you will be subject to a background check. Where checks are unsatisfactory or incomplete and/or a failure to reveal information relating to convictions that you are required to identify as part of the background checks, could lead to withdrawal of an offer of employment.

Fortescue celebrates individual strengths and team members are encouraged to bring their whole selves to work. Our global workforce drives and promotes an inclusive culture, both within our organisation and throughout the communities we interact with. Diverse backgrounds include First Nations Peoples, people with disabilities, LGBTQ+ community, gender, neurodiverse, cultural diversity, all age groups, and those with an intersectional or multiple diverse characteristics. We encourage candidates from all backgrounds to apply.

https://fortescue.com/careers

Internal Candidates / Current Contractors please apply via Success Factors Careers Portal. For further information on how to apply please visit the Fortescue Hub.

Fortescue reserves the right to close applications early should a suitable pool of candidates be identified. Fortescue will never contact you to ask for payment of any kind, whether directly or through a third party. #J-18808-Ljbffr