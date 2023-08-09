Job summary

Responsible for delivering information security and risk activities for the specialism, using highly advanced technical capabilities to contribute to strategic development by defining and implementing processes and procedures, resolving complex, high-risk security issues, evaluating and amending solutions and developing trusted relationships that improve the knowledge and capability within the specialism. Specialisms: Information Security Engineering; Information Security and Risk Management; Operational Security Management; Governance, Risk and Compliance; Forensics and Incident Response Management; Application Information Security.

Entity:

Innovation & Engineering



Job Family Group:

IT&S Group



Job Summary:

Job Description:

Job Summary:

At bp, we’re reimagining energy for people and our planet. With operations working across almost every part of the energy system, we’re leading the way in reducing carbon emissions and developing more sustainable methods for solving the energy challenge.

We’re a diverse team of engineers, scientists, traders, and business professionals determined to find answers to problems that must be solved. But we know we can’t do it alone. We’re looking for people who share our passion for reinvention to bring a new point of view, collaborative spirit, and to challenge our thinking in our ambition to achieve net zero! Data is at the core of bp's digital ambition.

Digital Security partners with our data and analytics community supporting the portfolio of platform services that addresses the increasing demand for data and development of advanced digital products across bp.

We are looking for Information Security Engineering Principal (Product and System Cyber Resilience) who will be responsible for providing security engineering technical expertise across M365, Data Lakes, and EndPoint clients, ensuring Product, Platforms and integrations align with digital security policy. We help Service Owners secure their Products and Services though our Security Engineering expertise, Security assurance reviews and Information Protection best practice.

So, data stored in their Products is secure, while enabling secure access and consumption by business users and applications. Enabling the business to deliver securely at speed. We are passionate technical leaders, driving innovation and working directly with product teams to protect bp’s data within their products and underlying platforms.

Leading and developing a team dedicated to training and supporting Product teams (development teams and software engineers, to write, deploy, integrate, and maintain applications at bp securely) across bp.

You will advocate for and ensure that the development teams adhere to secure software development best practices (e.g., threat modelling, technical design review, resilience testing, monitoring & alerting, code review, and documentation)

You will provide leading insight of industry and technology trends and best practices to shape bp’s product agenda and create a culture of excellence.

Job Description:

Key Responsibilities

Align strategy, processes, and decision-making across teams.

Set clear expectations with individuals based on their level and role and aligned to the broader organization’s goals. Meet regularly with individuals to discuss performance and development and provide feedback and coaching.

Create positive engagement and governance framework and drive an inclusive work environment with teams and collaborators including software engineers, developers, product owners, product managers and portfolio managers.

Evolve the roadmap to meet anticipated future information protection requirements and needs. Provide support to the squads providing technical guidance, managing dependencies and risks.

Set and implement dev standards, co-design schemas, ensure quality at the source, and find opportunities to (semi-) automate manual secure processes wherever possible.

Provide deep secure development domain knowledge and business context around securing applications and bp products.

Work with business partners to implement secure product strategies and to coordinate remediation activities to ensure products meet business requirements.

Adhere to and advocate for secure software development lifecycle standard methodologies.

Actively contributes to improve software development velocity, securely. Create and articulate materials on how to embed and measure security in the software development lifecycle.

Present results to peers and senior management to influence decision making.

Actively sponsor and mentor emerging talent and promote a culture of continuous development.

Technical Competencies

Seasoned senior leadership professional with experience leading, growing and developing a security/software engineering team of around 30-150 people.

Deep and hands-on experience designing, planning, productizing, maintaining, and documenting reliable and scalable data infrastructure and data products in complex environments.

Experience in a technical leadership role, overseeing projects.

Technical proficiency in Microsoft security, Identity and Access Management, Information Protection and Data Privacy concepts.

Full stack development experience

Deep knowledge and hands-on experience in technologies across all data lifecycle stages

Strong collaborator management and ability to lead teams through managerial and technical influence.

Continuous learning and improvement approach



Travel Requirement

Negligible travel should be expected with this role



Relocation Assistance:

This role is not eligible for relocation



Remote Type:

This position is a hybrid of office/remote working



Skills:

Automation system digital security, Conformance review, Consulting, Digital Forensics, Incident management, incident investigation and response, Information Assurance, Information Security, Information security behaviour change, Intrusion detection and analysis, Legal and regulatory environment and compliance, Risk Management, Secure development, Security administration, Security architecture, Security evaluation and functionality testing, Solution Architecture, Stakeholder Management, Supplier security management, Technical specialism



Legal Disclaimer:

