1. Home
  2. Careers
  3. Jobs at bp
  4. Information Security Lead

Information Security Lead

Information Security Lead

  • Location Malaysia - Kuala Lumpur
  • Travel required Negligible travel should be expected with this role
  • Job category IT&S Group
  • Relocation available This role is not eligible for relocation
  • Job type Professionals
  • Job code RQ075187
  • Experience level Senior
Apply Search all jobs at bp

Job summary


Innovation & Engineering

Job Family Group:

IT&S Group

Job Summary:

Why Join Us?

We have embarked on a new and ambitious strategy, to deliver on its net-zero ambition and to drive efficiency and new business models, by using digital technologies!

It’s an exciting time to embark on your journey with bp as we undergo technology transformation and growth which you can support in defining!

Role Overview: You will collaborate with product teams to deliver secure products promptly, ensuring swift business value realization. This role focuses on information security and cyber risk activities within Customer & Products business, supporting regional Mobility & Convenience, Castrol and Aviation teams.

Job Description:

Key Responsibilities:

Team Leadership: Lead, mentor, and develop a resilient team, aligning with technology vision and strategy, encouraging a culture of continuous improvement and career progression.

Relationship Management: Act as the main point of contact for information security for Product Security within ASPAC, building strong partnerships and influencing positive change.

Security Expertise: Provide technical expertise in Cyber Security, implementing operating processes and ensuring adherence to security standards across all activities.

Safety: Prioritize operational safety, improving digital security through architecture, designs, and processes.

As the Information Security Lead, you will :

  • Work closely with the Innovation & Engineering (I&E) Product Discovery and Delivery squads delivering solutions to the C&P businesses in ASPAC region. You will assess and identify cyber risks across digital products

  • Lead the regional Product Security Safety squad to proactively mitigate and coordinate the remediation of any findings from vulnerability scans, supplier assurance, compliance reviews, and support the squads in maintaining a ‘green’ Product Cyber score.

  • Review product architecture and any application changes to assess the implications to cyber risks and work with the Product Managers and Architects to perform threat modelling across products as new features are deployed.

  • Work to Agile delivery principles across technology and build security awareness by supporting awareness programs and establishing security standard methodologies within Product Teams.

Requirements :

  • Experience working in internal or external information security roles, including leading teams.

  • Experience in working in a Product led organization

  • Strong influencing skills with the ability to communicate technical information to both technical and non-technical audiences, clearly and concisely.

  • Sophisticated technical knowledge, ideally hands-on, and experience in delivering security solutions and providing technical advice.

  • Knowledge of relevant legal and regulatory frameworks

  • Experience working within developing digital ecosystems, with multiple partners and environments, ensuring suitable security is delivered.

  • Certification in Information security i.e. CISSP or CISM is preferred.

  • Knowledge of security frameworks such as ISO 27001/2, NIST, and CIS framework is highly advantageous.

  • Able to adapt to shifting priorities, demands, and timelines and keep customers abreast of impact (potential or actual) to defined delivery timescales and/or business impact.

Travel Requirement

Negligible travel should be expected with this role

Relocation Assistance:

This role is not eligible for relocation

Remote Type:

This position is a hybrid of office/remote working


Automation system digital security, Conformance review, Consulting, Digital Forensics, Incident management, incident investigation and response, Information Assurance, Information Security, Information security behaviour change, Intrusion detection and analysis, Legal and regulatory environment and compliance, Risk Management, Secure development, Security administration, Security architecture, Security evaluation and functionality testing, Solution Architecture, Stakeholder Management, Supplier security management, Technical specialism

Legal Disclaimer:

We are an equal opportunity employer and value diversity at our company.  We do not discriminate on the basis of race, religion, color, national origin, sex, gender, gender expression, sexual orientation, age, marital status, socioeconomic status, neurodiversity/neurocognitive functioning, veteran status or disability status. Individuals with disabilities may request a reasonable accommodation related to bp’s recruiting process (e.g., accessing the job application, completing required assessments, participating in telephone screenings or interviews, etc.).  If you would like to request an accommodation related to the recruitment process, please contact us to request accommodations.

If you are selected for a position and depending upon your role, your employment may be contingent upon adherence to local policy.  This may include pre-placement drug screening, medical review of physical fitness for the role, and background checks.

Apply Search all jobs at bp