Job summary

Entity:

Technology



Job Family Group:

IT&S Group



Job Description:

You Will Work With

This role connects digital security with Digital Core and OB&C business teams, advising on cyber, compliance, risk management, and operational recovery. Their deep IT systems knowledge allows them to balance usability and risk while staying compliant. They strategically integrate cybersecurity into new initiatives and technology roadmaps and tactically support incident management.

This role is a senior level leader and reports directly to the SVP of Digital Security as part of the Digital Security Leadership Team. This role will also be part of the regional Technology Leadership Team, as well as the Malaysia country Business and Technology Centre (BTC) Leadership forum.

Let Me Tell You About the Role

As an Information Security Principal, you will collaborate across digital security and functional business units (including Finance, Legal, HR, Company Secretary) as well as all teams across the Digital Core organization, ensuring that security controls align with business objectives and regulatory requirements by driving our cyber security strategy to stated risk tolerances. This role requires a deep understanding of both cyber security, IT, and business operations. You'll lead a team of cyber experts and manage digital security across the portfolio.

What You Will Deliver

Business outcomes: Collaborate with business units to identify and address cyber security risks and vulnerabilities. Develop and implement security policies, procedures, and guidelines that align with business goals.

Collaborate with business units to identify and address cyber security risks and vulnerabilities. Develop and implement security policies, procedures, and guidelines that align with business goals. Security Expertise: Provide technical expertise in Information Security, implementing operating processes and ensuring alignment to security standards across all activities including regulatory compliance.

Provide technical expertise in Information Security, implementing operating processes and ensuring alignment to security standards across all activities including regulatory compliance. Incident Management: Coordinate incident response efforts and lead communication with affected business units.

Coordinate incident response efforts and lead communication with affected business units. Team Leadership: Lead, mentor, and develop a resilient team across geographies, aligning with Technology vision and strategy, encouraging a culture of continuous improvement and career progression.

Lead, mentor, and develop a resilient team across geographies, aligning with Technology vision and strategy, encouraging a culture of continuous improvement and career progression. Relationship Management: Act as the main point of contact for information security for your area of accountability, building strong partnerships and influencing positive change.

Act as the main point of contact for information security for your area of accountability, building strong partnerships and influencing positive change. Safety: Prioritize operational safety, improving digital security through architecture, designs, and processes.

What You Will Need to Be Successful (Experience and Qualifications)

Tertiary level education or equivalent work experience.

Relevant certifications such as CISSP, CISM, or CISA are desirable.

Significant experience in internal or external information security and risk roles.

Solid understanding of cyber security frameworks, standards, and best practices.

Significant experience in IT operational processes, delivery, and operations.

Experience with financial, legal and HR systems, including ERPs.

Experience working in a large enterprise environment.

Technical knowledge in delivering security solutions and leading security processes.

Proven track record in forming effective partnerships with the business and collaborative management.

Additional Experience in Leadership and EQ:

Experience working in globally distributed teams with ability to work asynchronously.

Effectively influence and act as change agent for the front line and leadership.

Cultivate positive team morale and empower team members.

Demonstrate strong leadership, uphold BP's code of conduct and values.

Promote a culture of change, agility, and open communication.

Stay up-to-date with the latest cyber security trends, threats, and technologies.

About bp

bp is a global energy business with a purpose to reimagine energy for people and our planet. We aim to be a very different kind of energy company by 2030, helping the world reach net zero and improving people’s lives. We are committed to creating a diverse and inclusive environment where everyone can thrive. Join bp and become part of the team building our future!

We will ensure that individuals with disabilities are provided reasonable accommodation to participate in the job application or interview process, to perform crucial job functions, and to receive other benefits and privileges of employment. Please contact us to request accommodation.



Travel Requirement

No travel is expected with this role



Relocation Assistance:

This role is not eligible for relocation



Remote Type:

This position is a hybrid of office/remote working



Skills:



Legal Disclaimer:

We are an equal opportunity employer and value diversity at our company. We do not discriminate on the basis of race, religion, color, national origin, sex, gender, gender expression, sexual orientation, age, marital status, socioeconomic status, neurodiversity/neurocognitive functioning, veteran status or disability status. Individuals with an accessibility need may request an adjustment/accommodation related to bp’s recruiting process (e.g., accessing the job application, completing required assessments, participating in telephone screenings or interviews, etc.). If you would like to request an adjustment/accommodation related to the recruitment process, please contact us.



If you are selected for a position and depending upon your role, your employment may be contingent upon adherence to local policy. This may include pre-placement drug screening, medical review of physical fitness for the role, and background checks.