Information Security Engineering Specialist

Job summary

Grade H Responsible for supporting information security and risk activities for the specialism, using sound technical capabilities to review and adjust information security processes, supporting the delivery of security solutions, recommending improvements to security strategies and managing external service providers, as required. Specialisms: Information Security Engineering; Information Security and Risk Management; Operational Security Management; Governance, Risk and Compliance; Forensics and Incident Response Management; Application Information Security.

Role Synopsis
The information security analyst will be focused on ensuring that the key elements of the recertification product are delivered through the following activities:

• To provide the product owner of recertification at bp assistance to manage relevant stakeholder engagement for current and new demand.
• To gather feedback from customers, Plan and manage processes and technical improvements, customer support, and ensure the overall product is working in line with compliance expectations.
• To ensure that the campaign team is well engaged, planning updates are in place, and handling of feedback and changes from the customer is managed.
• Develop new campaign types which enable more efficient reviews, for example, Event-Based Recertification, Risk-Based recertification.
• Conduct PoC’s work with the business and technical teams to deploy best-in-class campaigns reducing the overall compliance risk for bp.
• Ensure performance statistics, data analytics, and dashboard reporting are maintained and communicated on a regular basis.
• Engage with Internal and External Audit teams to walk through recertification campaigns, new functionality, and potential technical and functional improvements.

• Knowledge of at least one Identity Governance and Assurance solution e.g. Saviynt, SailPoint, Okta, etc.
• Competent working across complex Identity and Access Management processes and designs.
• Deep understanding of recertification across identities and data in a complex environment.
• Experience in large-scale project implementation in an identity platform
• Excellent understanding of general compliance and audit controls to include SOX, NIST, ISO standard, and other common compliance frameworks.
• A good understanding of automation and curiosity to innovate to constantly simplify.
• Proficient working knowledge of Agile and Waterfall delivery methodologies having worked to deliver across both methods.
• A Team player who is willing to speak up and share what they have learned.
• Excellent verbal and written communication skills.
• Positive interpersonal skills, including the ability to establish and maintain good working relationships with others.
• Strong documentation, process analysis, and design, requirement gathering and impact analysis

• Strong IAM process understanding across the entire identity platform to include application access governance, segregation of duties, identity compliance, and audit controls
• Experience in providing operational application support across a large stakeholder base ranging from senior stakeholders to suppliers and contractors
• Ability to project manage and people manage if required
• Broader understanding of cloud technologies and identity solutions

Grade H Responsible for supporting information security and risk activities for the specialism, using sound technical capabilities to review and adjust information security processes, supporting the delivery of security solutions, recommending improvements to security strategies and managing external service providers, as required. Specialisms: Information Security Engineering; Information Security and Risk Management; Operational Security Management; Governance, Risk and Compliance; Forensics and Incident Response Management; Application Information Security.