Cyber Resilience Specialist

Company Description

We’re re-imagining mining to improve people’s lives. That includes the lives of everyone who works for Anglo American. We strive to be a great company where employees are happy and inspired to do their best work. A place where every colleague can grow, develop and realise their potential. To live up to our Always with Purpose employee value proposition, we’re putting the development and growth of colleagues first by ensuring everyone at Anglo American has the career experience they deserve.

Job Description

Purpose

Ensure that Cyber Risk and Disaster Recovery and associated business continuity requirements are defined and assessed in accordance with the business needs of the company’s operations. Refine and execute business continuity and disaster recovery plans to ensure company resilience and swift recovery from disruptive incidents. Maintain and implement adequate cyber risk assessments and solutions (mitigations) to support the overall resilience of the business.

Key Outputs and Accountabilities

• Anticipate any changes in the companies’ operational risk profile, providing insight and reporting current and likely future security risks and disaster recovery plans
• Develop and maintain Global business continuity and disaster recovery plans
• Assure risk management for Anglo American’s Information Security risks, related to company operations and activities by delivering cyber risk assessments
• Identifies, evaluates, and reports on information security risks, which supports the effective protection of information assets.
• Deliver risk mitigation plans in response to changes in risk profile driven by internal and external events and through lessons learned.
• Collaborate with business units to identify critical processes and assets for recovery planning
• Conduct regular business impact analyses and risk assessments
• Conduct disaster recovery exercises and tests
• Facilitate guidance and training to employees on business continuity procedures
• Monitor and update business continuity plans based on changes in business operations

Qualifications

Qualifications

An undergraduate qualification (Bachelors / Honours degree or equivalent) in computer science, business informatics, engineering/technology or equivalent.

Preferred: A postgraduate qualification (Masters / Doctoral degree or equivalent) in computer science, business informatics, engineering/technology or equivalent.

Certifications

Professional certifications and experience in Information Security from industry standard security frameworks, e.g. ISACA, BCS, CIPP, ITIL, Crest, ISC2, COMPTIA and key security vendors including Microsoft, Crowdstrike, Qualys, IBM or equivalent.

Preferred: A recognised Information Security, Risk and Audit qualification/certification(s) (e.g. CRISC, CISA, CISM, ISO27001 Lead Auditor).

Technical Skills

• Strong English language skills are essential for both verbal communication and report writing and presentation work. Other languages (Spanish) are desirable
• Understanding of IM Security frameworks, specifically NIST, but also able to reference CIS and ISO related cyber risk controls & approaches
• Performs risk assessment, business impact analysis and accreditation for major information systems
• Understanding of network protocols, architectures, and components
• Familiarity with firewalls, intrusion detection/prevention systems (IDS/IPS), and network monitoring tools
• Proficiency in securing various operating systems, including Windows, Linux, and macOS
• Knowledge of system hardening techniques, patch management, and access controls
• Ability to monitor and analyze threat intelligence sources to identify potential risks
• Understanding of threat actors, attack vectors, and emerging cyber threats
• Understanding of DLP solutions to prevent unauthorized data leakage
• Knowledge of cloud security principles and best practices.
• Experience with securing cloud environments on platforms like AWS, Azure, or Google Cloud
• Understanding of secure coding principles to develop and maintain secure applications.
• Awareness of relevant cybersecurity regulations and standards (e.g., GDPR, HIPAA, NIST)
• Understanding of TCP/IP protocols, subnetting, routing, and network architecture
• Ability to analyze network traffic and identify anomalies
• Understanding of mobile device security, including mobile operating systems and app security

Additional Information

At Anglo American we are committed to promoting an inclusive and diverse environment, in which all colleagues are valued and respected for who they are, and where everyone can fulfill their potential.

Our main enablers are:

• Inclusive leaders who value diversity and the unique contributions of each colleague.
• Flexible, inclusive, and supportive workplace.
• Colleagues are valued and respected, who feel safe to bring their whole selves to work
• Safe, effective, and favorable environment for all our stakeholders.

For this reason, all our vacancies are available to all who meet the job description. We are an inclusive company, and we want you to be part of it. Diversity in gender, LGBT+, age, culture/religion, ethnicity, or disability status (Law 21,015) is welcome.