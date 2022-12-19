Job summary

Want to be part of something Electrifying? bp pulse fleet, a wholly owned subsidiary of bp, needs you to help us on our adventure to get to an Electric Future and become NetZero. We’re looking to meet the growing global demand for safe, sustainable, and affordable energy. bp pulse fleet is passionate about redefining the commercial transportation sector by removing the challenges, surprises, and learning curves that fleet operators often face when switching to electricity as a fuel. To do this, we need to rapidly grow our phenomenal team with the best EV authorities out there. You can help us get there! We’re searching for skilled EV experts who are passionate and curious individuals to join our team to help the world electrify!

In this role, the GRC Program Manager will be responsible for developing and supporting the processes to standardize user access based on roles for identified systems across the organization as well as the access certification process. The GRC Program Manager will report to our Director, Cybersecurity & Compliance, to help understand the threat landscape by scanning, tracking, analyzing, and reporting on vulnerabilities as part of the vulnerability management process. You will play a key role in supporting the security teams in vulnerability management initiatives and leading and developing our audit program.

Key Accountabilities:

Assist and Document security certification and audit. As the lead in the audit space, you will be encouraged to act completely independently while also keeping clear and direct communication with your supervisor and other high-level leaders inside and outside the organization

Mentor and advise more junior members of the team in order to increase both team and individual capabilities

Assist and Lead in Incident investigations, containments, and mitigations.

Work cross-functionally with product managers, program managers, operations, policy, and communications teams; to find gaps in current threat response processes such as detection and mitigation

Sit on a team of experts that not only respond to known bad actors, but proactively search and identify potential threats in order to build scalable protections

Identify and mitigate deceptive or targeting behavior of threat actors and collect signals in order to collaborate with data analysts and engineers to improve detection models and develop data driven mitigation strategies

Actively strengthen intelligence gathering, and investigation SOPs

Review and recommend fixes to trends and data to determine whether further investigation and/or stakeholder collaboration is required

Conduct vulnerability assessment on the target IT Infrastructure, applications and related information assets and implement plans to reduce their impact in our environment

Conducts risk assessments to evaluate the efficiency of existing controls and determine the impact of proposed changes to business processes

Conducts and leads proof of concepts, vendor comparisons and recommend solutions in line with business requirements

Handle daily monitoring of security reports to identify issues and follow these issues to resolution

Participate and take charge in security projects and the security testing of new and existing

Work with external security team as the main liaison to perform tests and uncover network vulnerabilities

Fix detected vulnerabilities to maintain a high-security standard

Help colleagues install security software and understand information security management

Enforce best practices and security standards for the organization

Job Requirements:

Essential Education

Bachelor’s degree is required in a related field; Information Systems, Computer Science, Mathematics, Economics, Business

Essential Experience and Job Requirements

Minimum 5+ years of work experience in Security Operations, Threat Intelligence, or Incident Response or IT Audit

Knowledge and understanding of the third-party management lifecycle and its overall business processes, controls, and risk exposure (e.g., third party identification, selection, management, termination), and applicable laws and regulations

Strong analytical skills and the desire to identify and implement process improvements to build efficiencies and improve our team’s effectiveness.

Knowledge and management on how information security tools are selected, implemented and monitored

Desired Qualifications