Security Risk & Resiliency Analyst

Company Description
For over 100 years, BlueScope continues to build on our reputation of quality brands and products, leading technology and a customer-first spirit. Through our global brands, we are one of the largest manufacturers of building solutions in the world. Our diverse, bright and inspired workforce is committed to bettering the communities we serve through breakthrough thinking and innovations. Your goals, ideas and perspective can help shape our future – we look forward to hearing them!   

Security Risk & Resiliency Analyst will play a critical role in safeguarding the organization’s assets, data, and operations by identifying, assessing, and mitigating security risks. This role ensures the organization’s resilience against cyber threats, physical disruptions, and operational failures by implementing robust risk management and business continuity strategies tailored to the manufacturing sector.

The Security Risk & Resiliency Analyst will be a highly autonomous and strategic thinker who can build and drive risk initiatives, influence leadership, and develop forward-thinking solutions to mitigate risk build resiliency in the organization.

The analyst will possess strong competencies in leadership, emotional intelligence, manufacturing business processes, technology risk management, business continuity planning, and compliance auditing.

It will be imperative that this specialist excels at self-governance. This specialist will need to proactively seek the best practices in mitigating security risk and building business continuity in a manufacturing environment.

Key Focus Areas

Risk Management & Assessment

• Conduct comprehensive risk assessments across systems, applications, and business processes.

• Develop and maintain risk registers and mitigation plans.

• Collaborate with stakeholders to prioritize and remediate identified risks.

• Conduct risk assessments across enterprise IT and manufacturing OT systems to identify, analyze, and document cybersecurity risks and control gaps

• Evaluate security and operational risks across systems and processes; develop and implement appropriate mitigating controls.

Resiliency & Continuity Planning

• Design and implement business continuity and disaster recovery strategies in IT and OT space

• Coordinate tabletop exercises and simulations to test resiliency plans.

• Ensure alignment with industry standards (e.g., NIST, ISO 22301, CIS).

• Review and track changes to Business Continuity and Disaster Recovery documentation

Compliance & Governance

• Ensure adherence to regulatory requirements (e.g., GDPR, HIPAA, PCI-DSS).

• Assist in audits and assessments related to security and resiliency.

• Maintain documentation and evidence for compliance purposes.

• Assist with internal and external security audits, including preparation of evidence, response to audit findings, and follow-up on remediation activities.

Reporting & Metrics

• Develop and present risk and resiliency dashboards, reports, and key risk indicators (KRIs) to leadership.

• Provide actionable insights into risk exposure and recommend proactive risk mitigation strategies.

Stakeholder Engagement

• Provide training and awareness programs on risk and resiliency topics.

• Act as a liaison between technical teams and business units.

• Communicate risk posture and mitigation strategies to leadership.

Required Qualifications & Experience: To be considered for this position, you must possess the following qualifications:

• Bachelor’s degree in Cybersecurity, Information Technology, Engineering, or related field; OR equivalent practical experience

• 2+ years of experience in cybersecurity risk and resiliency role or other cybersecurity role, preferably within manufacturing, industrial, or critical infrastructure sectors.

• Familiarity with cybersecurity frameworks and standards such as CMMC 2.0, NIST Cybersecurity Framework, ISO 27001, NIST 800-82 (Guide to ICS Security), or similar.

• Experience supporting security audits, risk assessments, and compliance initiatives across IT and/or OT systems in a global highly federated environment

• Strong analytical, problem-solving, and communication skills, with the ability to collaborate across technical and operational teams.

Desired Qualifications: To be considered an ideal candidate, you should possess some or all of the following qualifications:

• Experience conducting risk assessments and security reviews in IT and OT environments

• Familiarity with supply chain security and risk management processes in the manufacturing sector.

• Hands-on experience with platforms such as ServiceNow GRC, Archer, or similar tools.

• Knowledge of regulatory requirements impacting manufacturing operations, such as NIST 800-171, CMMC, or sector-specific standards.

• Ability to work effectively across multi-site manufacturing operations.

• Professional certifications such as CBCI, CBCP, ABCP, CRISC, CISA, or equivalent are a plus.

Skills and Abilities

At BlueScope we believe in investing in our employees through our Leading at BlueScope Attributes.  Below are attributes that will key to your success at BlueScope:

• Driver of Future Readiness – Takes a strategic orientation to shape the direction; ensures impact-driven strategy; Is a thought leader in their own way.

• Creative Problem Solver – Seeks and leverages diverse perspectives; fosters innovation and creative solutions; finds smarter solutions and uncovers value.

• Change Facilitator – Models continual improvement; seizes opportunities to adapt; is optimistic about change and motivates others in the change journey.

• Results Achiever – Delivers against continually higher levels of performance; strives for constant improvement; looks for ways to work smarter; pushes forward despite ambiguity.

• Builder of Customer Value – Seeks to know customers deeply; walks in the customers shoes; constantly thinks about adding value to customer relationships.

• Collaborative Partner – Seeks to understand; shares knowledge; builds/uses diverse networks for greater impact; uses a range of skills and approaches to influence others.

Work Environment

• BlueScope embraces flexible working arrangements where possible and mutually agreed.

Additional Information
The preceding job responsibilities and tasks were designed to indicate the general nature and level of work performed by associates in this job.  It is not designed to contain or be interpreted as a comprehensive inventory of all job duties and responsibilities required of associates assigned to this job.  Associates may be required to perform other duties as assigned.  Additional job competencies, individual goals, and performance measurements are set at the department level.

The benefits are just as rewarding as the work at BlueScope.  To support our goal, we offer a total compensation plan and an outstanding benefits package that includes health insurance, life insurance, short and long term disability, paid time off, and retirement. 

EEO: Employer/M/F/Disabled/Protected Veteran

BlueScope is an equal opportunity employer.  All qualified applicants will receive consideration for employment without regard to race, religion, color, national origin, sex, sexual orientation, gender identity, age, status, as a protected veteran, among other things, or status as a qualified individual with disability.