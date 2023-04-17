Job summary

Responsible for supporting information security and risk activities for the specialism, using sound technical capabilities to review and adjust information security processes, supporting the delivery of security solutions, recommending improvements to security strategies and managing external service providers, as required. Specialisms: Information Security Engineering; Information Security and Risk Management; Operational Security Management; Governance, Risk and Compliance; Forensics and Incident Response Management; Application Information Security.

Information Security Specialist – B2B Product Security



bp has embarked on a new and ambitious strategy, to deliver on its net-zero ambition and to drive efficiency and new business models, by using digital technologies.

It’s an exciting time to embark on your journey with bp as we undergo technology transformation and growth which you can support in defining.



As part of its continued growth, BP is seeking an Information Security Lead within the B2B Product Security Team to partner with B2B product teams from the wider Innovation & Engineering (I&E) team and the Customer & Products business to deliver secure products faster and more securely.



As the Information Security Lead, you will:

Work closely with the B2B Innovation & Engineering (I&E) Product Discovery and Delivery squads to assess and identify cyber risks across B2B products including technology, delivery, operational, and other areas.

Lead the multi-disciplined B2B Safety squad to proactively mitigate these cyber risks and coordinate the remediation of any findings from vulnerability scans, supplier assurance, compliance reviews, and the Product Cyber score.

Review product architecture and any application changes to assess the implications to cyber risks and work with the Product Managers and Architects to perform threat modelling across B2B products as new features are deployed.

You will work to Agile delivery principles across technology and build security awareness by supporting awareness programs and establishing security best practices within Product Teams.

Experience working in internal or external information security roles, including leading teams.

Strong influencing skills with the ability to communicate technical information to both technical and non-technical audiences, clearly and concisely.

Sophisticated technical knowledge, ideally hands-on, and experience in delivering security solutions and providing technical advice.

Knowledge of relevant legal and regulatory frameworks

A track record of delivering business benefits by balancing the need to protect the organization with the need to do business.

Experience working within developing digital ecosystems, with multiple partners and environments, ensuring suitable security is delivered.

Knowledge of security frameworks such as ISO 27001/2, NIST, and CIS framework is highly advantageous.

Experience working with internal and external customers/suppliers.

Able to adapt to shifting priorities, demands, and timelines and keep customers abreast of impact (potential or actual) to defined delivery timescales and/or business impact.

This is a very exciting and high-profile role and one that will play a key part in our continued transformation.With benefits such as an open and inclusive culture, a great work-life balance, tremendous learning, and development opportunities to enable you to craft your own career path, life and health insurance, medical care package and many others. In this role you will feel empowered, capable, energised, and able to act as a key decision maker and influencer.​Diversity sits at the heart of our company and as an equal opportunity employer, we stay true to our mission by ensuring that our place can be anyone's place. We do not discriminate based on race, religion, colour, national origin, gender and gender identity, sexual orientation, neuro diversity, age, marital status, veteran status, or disability status.​We operate a 60/40% hybrid model encompassing office, remote home working and a flexible working policy to offer that work life balance!