.

About South32

South32 is a globally diversified mining and metals company. Our purpose is to make a difference by developing natural resources, improving people’s lives now and for generations to come. We are trusted by our owners and partners to realise the potential of their resources. We produce bauxite, alumina, aluminium, metallurgical coal, manganese, nickel, silver, lead and zinc at our operations in Australia, Southern Africa and South America. With a focus on growing our base metals exposure, we also have two development options in North America and several partnerships with junior explorers around the world.

The Opportunity

The Principal Cyber Security Governance, Risk & Compliance will be responsible for providing cyber risk leadership and expertise across our global organisation, helping to define and drive our ongoing cyber governance and risk management strategies.

You will be a trusted advisor to the business on defining and implementing best practice cyber security risk and controls, together with mentoring and supporting the broader Cyber Security team on key large scale work programs.

Accountabilities

Primary responsibilities are to:

• Provide subject matter expert advice on cyber security risk across our global business functions and operations, communicating confidently with senior business stakeholders to facilitate the identification of risk and improvement of controls
  

• Lead and support the definition of cyber security risk for the business, including risk assessments, control profiles, governance and risk management strategies, verification activities and maturity metrics for risk owners
  

• Oversee delivery and budget for key large scale Cyber Security work programs including;
  o Identity and Access Management
  o Vulnerability Management
  o Security Risk Assessments
  

• Define and lead cyber security governance processes and risk forums with key stakeholders across the business
  

• Drive and influence cyber security standards, policies, compliance and adoption within the business
  

• Lead and support preparation of risk reporting to the business, providing key insights to our senior leaders

Qualifications, Skills and Experience

• Bachelor’s degree in Information Technology or related discipline
  

• Minimum 5 years practical cyber security or related risk management experience working in a large organisation
  

• Exposure to risk bow ties and enterprise risk management, as it relates to Cyber or Information Security.
  

• Strong understanding and experience in NIST CSF
  

• Experience conducting security risk assessments on new projects or IT assets
  

• Working knowledge of leading cyber security frameworks such as ISO27001, ASD Essential 8, MITRE ATT&CK, OWASP

Our benefits

• Competitive Salaries
  

• Industry leading parental leave and family care policy
  

• Free onsite fitness classes
  

• Flexible working arrangement
  

• Education and career development
  

• Participation in the Employee Share Plan
  

• Incentive bonuses
  

• Additional employer superannuation contributions which depend on the level of employee contributions you choose.

Location

This role will be based at our corporate office in the heart of Perth CBD with stunning river views.

Our culture

At South32, our people are fundamental to our success. We’re focused on creating an inclusive workplace, with the right people in the right roles, who are engaged, empowered and appropriately rewarded.

We aspire to be an inclusive organisation, where our workforce reflects the broader demographic of the countries and communities where we operate.

South32 embraces diversity and encourages applications from people of all backgrounds.

Please note: This advertisement will close on the 28th July 2022