Entity:Innovation & Engineering
Job Family Group:
Why Join Us?
Team Leadership: Lead, mentor, and develop a resilient team, aligning with technology vision and strategy, encouraging a culture of continuous improvement and career progression.
Relationship Management: Act as the main point of contact for information security for Product Security within ASPAC, building strong partnerships and influencing positive change.
Security Expertise: Provide technical expertise in Cyber Security, implementing operating processes and ensuring adherence to security standards across all activities.
Safety: Prioritize operational safety, improving digital security through architecture, designs, and processes.
As the Information Security Lead, you will :
Work closely with the Innovation & Engineering (I&E) Product Discovery and Delivery squads delivering solutions to the C&P businesses in ASPAC region. You will assess and identify cyber risks across digital products
Lead the regional Product Security Safety squad to proactively mitigate and coordinate the remediation of any findings from vulnerability scans, supplier assurance, compliance reviews, and support the squads in maintaining a ‘green’ Product Cyber score.
Review product architecture and any application changes to assess the implications to cyber risks and work with the Product Managers and Architects to perform threat modelling across products as new features are deployed.
Work to Agile delivery principles across technology and build security awareness by supporting awareness programs and establishing security standard methodologies within Product Teams.
Experience working in internal or external information security roles, including leading teams.
Experience in working in a Product led organization
Strong influencing skills with the ability to communicate technical information to both technical and non-technical audiences, clearly and concisely.
Sophisticated technical knowledge, ideally hands-on, and experience in delivering security solutions and providing technical advice.
Knowledge of relevant legal and regulatory frameworks
Experience working within developing digital ecosystems, with multiple partners and environments, ensuring suitable security is delivered.
Certification in Information security i.e. CISSP or CISM is preferred.
Knowledge of security frameworks such as ISO 27001/2, NIST, and CIS framework is highly advantageous.
Able to adapt to shifting priorities, demands, and timelines and keep customers abreast of impact (potential or actual) to defined delivery timescales and/or business impact.
Negligible travel should be expected with this role
This role is not eligible for relocation
This position is a hybrid of office/remote working
Automation system digital security, Conformance review, Consulting, Digital Forensics, Incident management, incident investigation and response, Information Assurance, Information Security, Information security behaviour change, Intrusion detection and analysis, Legal and regulatory environment and compliance, Risk Management, Secure development, Security administration, Security architecture, Security evaluation and functionality testing, Solution Architecture, Stakeholder Management, Supplier security management, Technical specialism
We are an equal opportunity employer and value diversity at our company. We do not discriminate on the basis of race, religion, color, national origin, sex, gender, gender expression, sexual orientation, age, marital status, socioeconomic status, neurodiversity/neurocognitive functioning, veteran status or disability status. Individuals with disabilities may request a reasonable accommodation related to bp’s recruiting process (e.g., accessing the job application, completing required assessments, participating in telephone screenings or interviews, etc.). If you would like to request an accommodation related to the recruitment process, please contact us to request accommodations.
If you are selected for a position and depending upon your role, your employment may be contingent upon adherence to local policy. This may include pre-placement drug screening, medical review of physical fitness for the role, and background checks.