The Business Entitlement Engineering team are a team of security technology experts providing core engineering capabilities in entitlement design, build, testing, and operation along with Identity Audit and Identity Application Security capabilities whilst continually innovating with the latest technologies and products.
The Information Security Engineering lead is responsible for providing security solutions that protect bp’s applications from a Developer and Identity Audit and Applications Security perspective, ensuring bp’s environments are adhering to strict compliance standards and requirements.
The primary activities that are required are as follows:
- Management of Internal and External Auditors focusing on a broad set of SAP and Non-SAP applications across Developer and Identity and Access Management platforms.
- A deep understanding of SAP security with hands on experience of at least 5 years.
- A thought, leader with an innovative mindset who constantly looks to push what is possible to reduce workloads and costs through automation whilst enhancing the customer experience.
- Explore and support continuous improvements to ensure solutions bring value to bp.
- An experienced product owner who has managed squads working with an Agile delivery mind set.
- The ability to interact directly the customer, development teams, business product owners and 3rd party vendors and suppliers.
- Team: Collaborate within the Developer and Identity platforms team, specifically in the identity space ensuring that all best practises are deployed across all work and ensure they are aligned across the team.
- Relationships: build and develop relationships across the business, within the digital Innovation and Engineering organisation and across supplier and software vendors working with bp to bring best in class knowledge across all stakeholders.
- Technology: Constantly looking to work with and bring in new technology, develop new ways of working which are bleeding edge ensuring best in class efficiency.
- Safety and Compliance: Consistently adhering to bp standard and compliance requirements to ensure all bp application are protected to the highest level.
Desirable Experience And Capability
- At least one of the following: CISSP, CISA, CISM
Required Criteria / Experience
- Years of experience: 8-12 years, with a minimum of 7 years of relevant experience.
- Experience in managing SOX compliance audits working with both internal and external auditors
- Deep understanding of SAP Security and how it directly relates to compliance and regulatory audit requirements
- Knowledge of GRC solutions, Identity Governance and Assurance solutions e.g. SAP GRC, SNOW GRC, Saviynt
- Competent in working across Identify & Access Management process and designs.
- Experienced at managing multiple large supplier teams working across multiple time zones.
- Ability to manage direct reports located across multiple time zones and a broad stakeholder community both internally and externally.
- Commercial experience of managing investments budgets in excess of $1 million.
- Good working knowledge of Agile and Waterfall delivery methodologies having worked to deliver across both methods.
- Team player who is willing to speak up and share what they have learned.
- Great interpersonal and communication skills.
- Willingness to think outside the box and adopt the latest technologies and thinking.
- Mentality of innovating, sharing and pushing boundaries without fear of failure.
- Empathetic: Cares about our people, our community and our planet
- Curious: Seeks to explore and excel
- Creative: Imagines the extraordinary
- Inclusive: Brings out the best in each other