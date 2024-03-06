Job summary

Innovation & Engineering



IT&S Group



BP has embarked on an exciting strategy, to deliver on its net-zero ambition, by driving new efficiency and business models, using new digital technologies.



Putting our customers’ security at the heart of our products and processes we are transforming to become an integrated energy company and we are growing our Business Information Security team to meet the new demand.



You will be focusing on partnering alongside a range of bp entities and teams, to understand the business strategy enabling their digital ambitions to be delivered safely and securely.



The role forms part of the Cyber Behaviours & Risk (CB&R) team and you will have the opportunity to work across a number of different businesses and geographical locations within bp.

You’ll be responsible for protecting our businesses digital assets, working closely with senior leaders, team leads and business team members to ensure the appropriate awareness and adoption of cyber security practices and behaviours within the businesses.

You will facilitate information security support for digital engagements, and lead or support information security assessments implementing technical controls and policy requirements.

You will provide advice on risks as well as activities to mitigate potential cyber threats, preventing cyber breaches and reducing business impact. You will be increasing business awareness to cyber risk, understanding their specific threat landscape, and the potential business impacts.

YOUR ROLE

This role will report directly to the Information Security Principal.



Relationships: You will be first point of contact for all information security matters within your areas of accountability, developing and managing relationships with your partners to consult and advise on business activity. Collaborate with others, influence, and inspire change, proactively putting in place solutions to further protect bp against cyber incidents.



Security: Provide security expertise, to deliver the Digital Security strategy. Acting as the first point of contact for your customer (teams) you will own the implementation and application of relevant operating processes and procedures, and ensure all activities adhere to our Group’s security standards.



Technology: Promote and build awareness of internal and external technology developments, being responsible for the delivery of process and system improvements.



Safety: The safety of our people and customers is our highest priority. You will champion a philosophy of operational safety and ensure our architectures, designs and processes to enhance and improve bp’s digital security.



Team: Engage with colleagues and business and support those working across our multi-functional teams. To help teams grow and deliver the most agile and commercially beneficial solutions, whilst being able to delegate, inspire and be proactive, alongside your team.

Translation/integration: You will be skilled and experienced in a range of commercial and information security domains and being able to bridge the gap between the two areas in service of helping bp achieve it’s priorities.



ESSENTIAL EXPERIENCE AND JOB REQUIREMENTS

ESSENTIAL EDUCATION:

- You’ll have a tertiary level education and/or equivalent relevant work experience.



BUSINESS CAPABILITY:

Demonstrated significant experience in either an internal or external information security and risk role, or similar.

You will have digital security knowledge and experience in delivering security solutions, advice, and leading security processes.

Extensive experience and a consistent track record in establishing relationships to form effective partnerships with senior stakeholders within customer businesses.

Ideally you will have experience in providing information security / digital security advice to a variety of businesses and stakeholders and be able to do this in a risk led and people focused manner.

Experience in cyber governance reporting to senior stakeholders and 3rd party / supply chain risk management would be advantageous.

Technical knowledge in delivering security solutions, providing technical advice and leading security processes would be an advantage.



TECHNICAL CAPABILITY:

One of the following: CISM, CISSP, CRISC or extensive experience in the following:

Business Risk Management

Consultancy

Information Assurance

Information Management

Information Security

Relationship Management



Skills:

Automation system digital security, Conformance review, Consulting, Digital Forensics, Incident management, incident investigation and response, Information Assurance, Information Security, Information security behaviour change, Intrusion detection and analysis, Legal and regulatory environment and compliance, Risk Management, Secure development, Security administration, Security architecture, Security evaluation and functionality testing, Solution Architecture, Stakeholder Management, Supplier security management, Technical specialism



