Job summary

Entity:

Innovation & Engineering



Job Family Group:

IT&S Group



Job Description:

Do you want to work for a world-class organization that provides an exceptional career experience with an inclusive and collaborative culture? Want to make an impact that matters? Consider the Governance, Risk, and Compliance (GRC) team in Digital Security.

The GRC purpose is to provide bp with the capability to manage digital (including cyber) risks. We are looking for a Governance, Risk and Compliance lead to join our team with a focus on digital risk management, cyber board reporting and cyber risk quantification.

Responsibilities

Develops and implements digital risk management procedures and guidelines aligned with Group risk framework and ensures processes are socialized and adopted by digital organization.

Partners with stakeholders to create reports that help governance groups, such as the bp Board, to understand our cyber security posture, threat actor landscape and how digital security is helping bp to remain cyber safe.

Drive how we evaluate risks using risk quantification techniques and tools - making risks relevant and understood in a business focused manner that enables timely decision making based on quantitative rather than qualitative footing.

Contributes to, monitors, tests, reviews, and constructively challenges digital organization on their assessment of digital risks.

Synthesises large data sets and risk themes to align with business context and priorities so that insights can be presented to senior stakeholders and support decision making and prioritisation. Identifies pervasive risk themes and proposes strategic risk mitigation actions.

Develops and maintains strong digital technology and business relationships, becoming a trusted partner to all stakeholders.

Skills and Experience

Strong people and stakeholder management and engagement skills.

8+ years of risk, control as well as information security experience.

Expert knowledge of information / cybersecurity risk management, governance and metrics, and remediation.

Experience of c-suite reporting desirable.

Experience of implementing cyber risk quantification tools and techniques desirable.

Experience with implementation and oversight of digital operational risk, tracking findings, and executing remediation activities.

Experience with information security technology programs, audits, assessments, risk, or remediation management desirable.

Experience with ServiceNow Integrated Risk Management platform and data analytics using Power BI or similar desirable.

Detail oriented self-starter with strong conceptual, analytical, decision making, planning, time management and prioritization skills.

Ability to communicate oral and written ideas in a clear, concise manner, at all levels of the organization.

Prior experience in planning, coordination and implementation and the ability to work across teams and functions to execute and deliver.

Aptitude to upskill and learn new technologies based on dynamic requirements.

Ideally has managed direct reports previously including graduates.

Education and Training

You’ll have a tertiary level education and/or equivalent relevant work experience.

Professional security management certification strongly desirable, such as Certified Information Systems Security Professional (CISSP), Certified in Risk and information Systems Control (CRISC), Certified Information Security Manager (CISM), Certified Information Systems Auditor (CISA) or other similar credentials.



Skills:

Automation system digital security, Conformance review, Consulting, Digital Forensics, Incident management, incident investigation and response, Information Assurance, Information Security, Information security behaviour change, Intrusion detection and analysis, Legal and regulatory environment and compliance, Risk Management, Secure development, Security administration, Security architecture, Security evaluation and functionality testing, Solution Architecture, Stakeholder Management, Supplier security management, Technical specialism



