Cyber Risk Advisor

Our Opportunity

Work Location:  Perth, Western Australia.  Fortescue’s Perth office is located on the traditional lands of the Whadjuk people.

Roster:  Monday to Friday (5:2) 

The Cyber Security team is responsible for leading Fortescue's efforts to be a cyber resilient, safe and trusted organisation, by effectively managing risk across all assets enabled through technology (informational, industrial and operational) 

Reporting to the Superintendent of Cyber Risk and Advisory, the role will contribute to securing Fortescue’s information technology (IT) and operational technology (OT) environment by conducting cyber risk assessments and assurance activities and advising the business to ensure compliance with all applicable configuration standards and best practice frameworks. 

Key Responsibilities

• Perform cyber risk assessments, create risk treatment plans and explain prevention measures to risk owners of projects, proposed technology solutions, and other technology change. 

• Perform cyber risk assurance activities and support risk owners in the management of cyber risks. 

• Advise on Fortescue’s approach to cyber risk management related to corporate and/or operation technology domains. 

• Create, review, and update cyber security policies and procedures to ensure they align with industry standards and regulatory requirements. 

• Develop security patterns for key technologies based on threat modelling, and advise developers, engineers and architects on implementing security patterns. 

• Build strong relationships with various departments to integrate and uplift cybersecurity risk management into all business processes. 

Qualifications and Experience

• Degree, Diploma and/or Certificate in Information Technology, Computer Science, Electrical Engineering, mechatronics, or a related discipline. 

• General or specific Cyber Security certifications (e.g. CISSP, CRISC, GRID, etc.) would be beneficial. 

• A higher degree in information systems management, business administration, or a related discipline would be beneficial. 

• Experience in cyber security, risk management, IT audit, or a related field. 

• Proficiency in risk assessment tools, vulnerability management, security frameworks (such as NIST, ISO 27001), and understanding of regulatory requirements (like GDPR, SOCI). 

• Ability to exercise independent judgment and make informed, strategic decisions in cybersecurity risk management and communicate complex and technical issues to diverse audiences at all levels. 

About Us

Be part of something big. Fortescue is leading the world with our plan to decarbonise our iron ore operations, projects that harness renewable energy and the development of technology that will change our planet forever.

Our Commitment

Fortescue celebrates individual strengths and team members are encouraged to bring their whole selves to work. Our global workforce drives and promotes an inclusive culture, both within our organisation and throughout the communities we interact with. Diverse backgrounds include First Nations Peoples, people with disabilities, LGBTQ+ community, gender, neurodiverse, cultural diversity, all age groups, and those with an intersectional or multiple diverse characteristics. We encourage candidates from all backgrounds to apply.

Jobs at Fortescue | Fortescue

Internal Candidates / Current Contractors please apply via Success Factors Careers Portal. For further information on how to apply please visit the Fortescue Hub. 

Fortescue reserves the right to close applications early should a suitable pool of candidates be identified. Fortescue will never contact you to ask for payment of any kind, whether directly or through a third party.