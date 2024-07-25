Up to 10% travel should be expected with this role

Job summary

Job Family Group:

IT&S Group



Job Description:

Reporting to the VP Cyber Defense, the Global Cyber Emergency Response and Incident Management (CERT/IM) Lead is a significant leadership position with the digital security organization and will have responsibility for the management and development of a global team of CERT and incident management professionals working in bp’s security operations centre. The CERT/IM teams currently operates from several bp hub locations, including the US (Houston, Texas) ; the UK (London/Sunbury); and Malaysia (Kuala Lumpur); with resources in Pune, India and Singapore as well.

In addition to managing the global CERT/IM team, this role will also be responsible for providing thought leadership with respect to driving a variety of digital forensics investigations; conducting advanced threat hunting; and conducting insider threat investigations; as well as participating fully as a member of the bp digital security Cyber Defence leadership team.

Key Accountabilities:

Manage the Global CERT/IM Team

Lead the professional development of the CERT and incident management team members, including assessing skill levels and guiding professional development within the team

Coordinate activities across the global CERT/IM team locations, working closely with the local CERT/IM leads within the larger hub locations

Manage the financial aspects of the CERT/IM operations, including operating expenses and any required project investments or refresh of the physical kit or solutions required to support CERT/IM activities

Direct the engagement and interfaces with other digital security teams, including Threat Intelligence; Cyber Emergency Response/Incident Management; Defence Analytics and Integration; and Security Data Services – among others

Drive and Maintain Operational Discipline

Improve the operational maturity of the current CERT/IM operations against industry standards (e.g., NIST 2.0)

Identify opportunities to continuously improve operational discipline within the CERT/IM team

Maintain and improve upon the delivery against established key performance indicators (KPIs); as well as identify additional KPIs to drive further excellence within the team

Incident Response and Management

Lead and coordinate the cyber emergency response and incident management of all digital security incidents escalated to the team by the security operations centre (SOC)

Ensure all cyber threats are contained in a timely manner and within established service levels as measured by established key performance indicators (KPIs)

Lead the engagement of key business and digital stakeholders in the event of significant incidents

Lead Incident Management Teams (IMTs) driven by digital security; and provide strong representation and digital security guidance on all other Incident Management Teams and Business Support Teams (BSTs), as needed

Forensic Investigation

Lead and coordinate the forensic investigation for all digital security incidents escalated to the team by the security operations centre (SOC)

Ensure all cyber threats are contained in a timely manner and within established service levels as measured by established key performance indicators (KPIs)

Provide leadership in post-incident reviews ensuring the team assesses the effectiveness of security monitoring and controls and develops recommendations to improve BP's cyber resilience

Assess CERT/IM performance against established baselines and timelines for incidents

Insider Threat Investigation

Apply thought-leadership in the insider threat arena and identify opportunities to continuous improvement our defences against insider threats

Ensure the team is focusing on the highest risk aspects of the insider threat; including developing KPIs to help measure the impact of the team’s efforts on this threat

Lead the engagement with key stakeholders of the insider threat process, including physical security, ethics and compliance, and business integrity; as well as key business leaders

Stakeholder Management and Engagement

Serve as a visible leader for digital security, including providing education and learning through participation in context-based SOC tours (representing the CERT/IM activity set), delivering presentations and attending events within bp and externally, where appropriate

Participate in the management of major incidents, including serving as the digital security lead on incident management teams and/or business support teams, when necessary

Maintain and grow key relationships with local regulatory and/or law enforcement stakeholders

Intelligence Sharing

Remain current on cyber security trends and intelligence (both open-source and commercial) and encourage intelligence led thinking across the CERT/IM team, working closely with the digital security Threat Intelligence team

Support local CERT/IM leads and their analysts in the further development of intelligence-led methodologies, practice and threat hunting

Documentation and Procedures

Accountable for data accuracy with respect to both the quality of documentation for, and the metrics associated with, the forensic analysis conducted in support of cyber incidents

Oversee documentation owned by the team including but not limited to Standard Operating Procedures (SOPs) and forensic methods

Support the development and documentation of new forensic procedures; incident management approaches; and insider threat processes - as appropriate

Improve and develop new operational metrics and KPIs based on observed and measured CERT/IM activity

Work with engineers within digital security to implement new or enhanced capabilities, ensuring all CERT/IM analysts are briefed and trained as required

Essential Education and Experience:

Bachelor’s degree in Computer Science, Business Administration or equivalent educational or professional experience and/or qualifications.

Advanced cyber qualifications/certifications

10 years of information security related experience, in areas such as: security operations, incident analysis, incident handling, forensic analysis, insider threat management and vulnerability management or testing, log analysis, intrusion detection and IT infrastructure management

Prior hands-on SOC, CERT and/or IM experience, both in analyst and leadership roles

Hands-on experience with attacker tactics, techniques and procedures (TTP’s); knowledge of both Windows and Linux operating systems to conduct host-based forensics and analysis; knowledge of cloud platforms such as AWS; Azure; and Alibaba

Hands-on experience with many different types of log sources such as firewall, web and database to identify anomalous activity

Deep understanding of network communications and protocols

Ability to communicate effectively and document investigative findings and supporting timelines, in a clear and concise manner

Excellent written and oral communication skills

Self-motivated to improve knowledge and skills

Demonstrated ability to engage with senior leaderships, both internally and external to the organization

Detail oriented, with a strong desire to drive improvements regarding the “what” as well as the “why” and the “how” of security incidents

A passion for leading and growing the capabilities of global teams; as well as for embracing/leveraging diverse perspectives and cultures within a team to achieve greater results

Demonstrable ability to think beyond the immediate situation and use critical thinking, context and judgment in the analysis of complex data sets, threat intelligence, and security events

Ability to work under pressure and in crisis situations while maintaining a high degree of professionalism and leadership when engaging the CERT/IM team and internal/external stakeholders

Ability to lead large teams in the adoption of new technologies and processes in a rapidly changing environment

Considering Joining bp?

At bp, we support our people to learn and grow in a diverse and exciting environment. We believe that our team is strengthened by diversity. bp is committed to encouraging an inclusive environment in which everyone is respected and treated fairly. There are many aspects of our employees’ lives that are meaningful, so we offer benefits to enable your work to fit with your life. These benefits can include flexible working options, a generous paid parental leave policy, excellent retirement benefits, and more!



Travel Requirement:

Up to 10% travel should be expected with this role



Relocation Assistance:

This role is not eligible for relocation



Remote Type:

This position is a hybrid of office/remote working



Skills:



Legal Disclaimer:

We are an equal opportunity employer and value diversity at our company. We do not discriminate on the basis of race, religion, color, national origin, sex, gender, gender expression, sexual orientation, age, marital status, socioeconomic status, neurodiversity/neurocognitive functioning, veteran status or disability status. Individuals with disabilities may request a reasonable accommodation related to bp’s recruiting process (e.g., accessing the job application, completing required assessments, participating in telephone screenings or interviews, etc.). If you would like to request an accommodation related to the recruitment process, please contact us to request accommodations.

If you are selected for a position and depending upon your role, your employment may be contingent upon adherence to local policy. This may include pre-placement drug screening, medical review of physical fitness for the role, and background checks.