Principal Cybersecurity-Adelaide, Brisbane, Perth

About the Role

Identity and Access Management is a key technical leadership role responsible for defining, engineering, and governing the enterprise IAM strategy, platforms, and architecture across BHP’s environments. Reporting to the Head of Digital Trust, this role acts as the security subject matter expert for identity and access, ensuring the implementation of Zero Trust principles, policy-driven access control, and secure identity lifecycle management. The role ensures IAM is embedded by design in platforms, services, and transformation initiatives, balancing security, usability, and compliance. This role can be based out of any of our corporate offices in Adelaide, Brisbane or Perth.

• Ensure identity-related controls align with NIST CSF, ISO 27001, CPS 234, GDPR, and internal audit standards. Support evidence gathering and remediation activities for internal/external audits.
• Partner with cloud and application teams to embed identity-aware security controls into infrastructure-as-code (IaC) pipelines, APIs, and CI/CD platforms.
• Champion IAM enablement of DevOps and developer access flows.
• Support threat detection and incident response related to identity abuse, credential theft, MFA fatigue, insider threats, and misconfigured roles. Integrate IAM telemetry with SIEM and SOAR platforms.
• Collaborate with platform owners, HR, IT, risk, and business leaders to align IAM controls with business needs while ensuring strong security posture. Provide regular updates and briefings to the Head of Digital Trust and Cyber Governance stakeholders.
• Identifies, implements and evaluates the success of continuous improvement activities/initiatives to improve safety, productivity, cost and revenue outcomes for the business.
• Conducts presentations and facilitates workshops using storytelling to connect influence and engage the audience, and couches other leaders and direct reports on the same.
• Applies an understanding of the business context, BOS and the BHP operating model and ways of working to enhance decision-making, productivity and value chain performance.
• Engages the capabilities of the entire organisation; standardises best practice to drive the function to achieve 100% safety, 100% customer value and 0% waste;Knows our customers and is obsessed with meeting their needs.

About You

• Lead the design and implementation of enterprise IAM and privileged access solutions in complex, hybrid, and multi-cloud environments.
• Architected and delivered IAM integrations across SaaS, PaaS, on-prem systems, and developer platforms using modern authentication and authorisation protocols.
• Implemented and governed identity lifecycle automation (JML), RBAC, and conditional access policies across workforce and non-human identities.
• Managed compliance-driven IAM controls aligned to ISO 27001, APRA CPS 234, NIST CSF, or GDPR, and provided evidence for internal/external audits.
• Delivered IAM capabilities within a Zero Trust architecture model, focusing on identity as the new perimeter.
• Partnered with security architects, DevOps, HR, and infrastructure teams to embed IAM controls into digital transformation and business-as-usual (BAU) initiatives.
• Certifications (Preferred): CISSP, CCSP, GIAC GSLC/GIAM, Microsoft Identity and Access Administrator (SC-300), or equivalent IAM-focused certifications.
• IAM Platforms: Demonstrated experience with enterprise IAM and PAS platforms such as Microsoft Entra (Azure AD), Azure AD, Silverfort, Saviyant, CyberArk, and/or HashiCorp Vault.
• Authentication and Federation Protocols: Strong knowledge of SAML 2.0, OIDC, OAuth 2.0, SCIM, LDAP, Kerberos, and certificate-based authentication.
• Cloud IAM: Deep expertise in cloud-native IAM constructs in AWS (IAM, STS, IAM Roles), Azure (RBAC, Conditional Access), and GCP (IAM Policies).
• Security Frameworks: Familiarity with NIST CSF, ISO/IEC 27001, MITRE ATT&CK (for credential access), Zero Trust Architecture (NIST 800-207).
• Soft Skills: Strong stakeholder engagement, risk articulation, and the ability to translate technical IAM requirements into business-aligned solutions.
• Scripting & Automation: Skills in scripting for identity management (e.g., PowerShell, Python, APIs) to drive automation and integration.