Do you want to work for a world-class organization that provides an exceptional career experience with an inclusive and collaborative culture? Want to make an impact that matters? Consider the Governance, Risk, and Compliance (GRC) team in Digital Security.
The GRC purpose is to provide bp with the capability to manage Cyber, IT and Compliance risks. We are looking for a Governance, Risk and Compliance lead to join our team with a focus on our digital risk advisory service.
Skills and Experience
- Develops and implements digital risk management, procedures and guidelines aligned with Group risk framework and ensures processes are socialized and adopted by the digital organization
- Creates and implements digital security policy exception, procedure, tools, and reporting
- Contributes to, monitors, tests, reviews, and constructively challenges digital organization on their assessment of cybersecurity risks, including challenging on risk mitigation and management responses
- Performs risk data analysis to track progress on remediation of identified digital risks and provides appropriate reporting to leadership, including identification of pervasive risk themes and proposing strategic risk mitigation actions.
- Designs and implements risk management solutions and techniques that have potential to improve organization’s ability to improve management of risks.
- Develops and maintains strong digital technology and business relationships, becoming a trusted partner to all stakeholders
DESIRED EDUCATION / TRAINING
- 8+ years of risk and control as well as information security experience
- Minimum 5 years of experience with information security technology programs, audits, assessments, risk, or remediation management
- Experience with ServiceNow Integrated Risk Management platform and data analytics using Power BI
- Expert knowledge of information / cybersecurity risk management, governance and metrics, and remediation
- Experience with implementation and oversight of digital operational risk, tracking findings, and executing remediation activities
- Detail oriented self-starter with strong conceptual, analytical, decision making, planning, time management and prioritization skills
- Ability to communicate oral and written ideas in a clear, concise manner, at all levels of the organization
- Prior experience in planning, coordination and implementation and the ability to work across teams and functions to execute and deliver
- Aptitude to upskill and learn new technologies based on dynamic requirements
- Requires a deep knowledge of job area obtained through advanced education combined with experience
- Professional security management certification strongly desirable, such as Certified Information Systems Security Professional (CISSP), Certified Information Security Manager (CISM), Certified Information Systems, Certified in Risk and Information Systems Control (CRISC), Auditor (CISA) or other similar credentials