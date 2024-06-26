This role is eligible for relocation within country

No travel is expected with this role

Job summary

Job Family Group:

IT&S Group



Job Description:

You will be responsible to ensure that we follow policies, standards and best practices and provide technical expertise to internal and external collaborators. It’s a chance to operate in a dynamic and delivery-focused environment, with the resources of one of the world's most forward-thinking IT departments and leading IT vendors at your fingertips.

Key Responsibilities:

Security Assessments: Conduct regular security assessments and audits to identify vulnerabilities in systems, applications, and processes, aligned to Finance/P&C/Legal digital products and business outcomes.

Identity & Access Management: Manage and monitor access controls to ensure appropriate levels of access to sensitive information.

Data Protection & Privacy: Implement data protection measures, including encryption, to safeguard sensitive information.

Collaboration: Work closely with IT, finance, P&C, legal, and other relevant teams to integrate security practices into business processes and projects.

Reporting: Align to group level OKRs around digital security and ensure that relevant KPIs for Information security teams are understood and reported.

Continuous Improvement: Stay up to date with the latest security trends, threats, and technologies, and recommend improvements to enhance security posture.

Cloud & Emerging tech security: Exploring new technology trends and their security implications, ensuring the security of cloud-based systems and applications and adopting best practises for securing emerging tech like AI, Machine Learning, LLMs)

Key Accountabilities

Team: You will provide advanced technical expertise to support information security and risk activities specific to the security specialisation. This could involve designing and developing security solutions to work across BP IT environments that are consistent with current policy; running investigations and incident response processes and providing a consistent response to cyber-based malicious activity; and acting as a collaborate with various teams dealing with information security in their segment/functions etc. You will drive the implementation and application of relevant operating processes and procedures, and ensure all activities follow relevant standards.

Technology: You will build awareness of internal and external technology developments, managing the delivery of process and system improvements, identifying, and implementing continuous improvement plans for the security specialisation and ensuring best practice is shared across the team.

Safety and Compliance: The safety of our people and customers is our highest priority. We will champion a culture of operational safety and ensure our architectures, designs and processes enhance and improve our digital security.

Risk Management: You will identify, assess, and mitigate information security risks associated with finance, P&C, and legal functions.

Compliance: You will ensure alignment to relevant regulatory and compliance frameworks such as GDPR, SOX, and other industry standards.

Incident Response: You will lead and coordinate responses to security incidents and breaches, ensuring timely resolution and mitigation of risks.

Security Awareness: You will develop and deliver training programs to enhance security awareness across the organization, working closely with our central behaviours team.

Desirable Education

BSc/B.E./B.Tech in Information Security or similar

Desirable Experience and Capability

Years of experience: 5-8 years, with a minimum of 3 years of relevant experience.

Required Criteria / Experience

Security Technologies: Proficiency with security tools and technologies, including firewalls, IDS/IPS, SIEM, endpoint protection, and vulnerability management tools.

Risk Management: Solid understanding of risk assessment methodologies and frameworks.

Compliance and Standards: Knowledge of regulatory and compliance requirements such as GDPR, SOX, PCI-DSS, ISO 27001, and NIST.

Incident Response: Experience with incident response and handling procedures.

Access Control: Experience with identity and access management (IAM) systems.

Networking: Understanding of network protocols, architecture, and security.

Software Security: Knowledge of secure software development practices and application security.

Cloud Security: Experience with cloud security principles and technologies (e.g., AWS, Azure,).

Communication: Strong written and verbal communication skills, with the ability to convey complex security concepts to non-technical collaborators.

Analytical Skills: Excellent problem-solving and analytical skills to identify and mitigate security risks.

Digital Product Management/Metrices: Actively managing and developing products and services through their lifecycle from discovery, growth, maturity, scale to retirement. Understands the different applications for objectives and key results (OKRs) to set and measure a team's progress against goals. Effectively uses North Star Metrics to anchor a product to focused outcomes and measurable impact. Effectively uses periodic metrics to show progress towards these goals.

Key Behaviours:

Empathetic: Cares about our people, our community, and our planet

Curious: Seeks to explore and excel

Creative: Imagines the extraordinary

Inclusive: Brings out the best in each other



What you can expect from us!

Our commitment to diversity, equity and inclusion:

At bp, you could be part of Business Resource Groups (BRGs) which believe in the power of inclusion, deeper connections, and shared experiences. They provide a place for employees to learn and share knowledge, to connect, and to improve. The BRGs focus on and encourage talent engagement, development, and retention while creating a broadened sense of community and inclusion for bp employees. The groups cultivate leadership growth by involving employees in developmental opportunities they would not otherwise have access to. Formal and informal mentoring also helps employees develop their professional goals and connect with colleagues. The BRGs’ dedication to growth at all levels helps employees feel more engaged and energized. The BRGs break down barriers, so we can all do better together. Examples of BRGs include (but are not limited to):

bpWIN (bp Women’s International Network)

Pride

Working parents

PEN (Positively Ethnic Network)

bpInclusia (bp’s Asian community)

bpEnergía (bp’s Latin community)



Remote Type:

This position is not available for remote working



Skills:

Automation system digital security, Conformance review, Consulting, Digital Forensics, Incident management, incident investigation and response, Information Assurance, Information Security, Information security behaviour change, Intrusion detection and analysis, Legal and regulatory environment and compliance, Risk Management, Secure development, Security administration, Security architecture, Security evaluation and functionality testing, Solution Architecture, Stakeholder Management, Supplier security management, Technical specialism



Legal Disclaimer:

We are an equal opportunity employer and value diversity at our company. We do not discriminate on the basis of race, religion, color, national origin, sex, gender, gender expression, sexual orientation, age, marital status, socioeconomic status, neurodiversity/neurocognitive functioning, veteran status or disability status. Individuals with disabilities may request a reasonable accommodation related to bp’s recruiting process (e.g., accessing the job application, completing required assessments, participating in telephone screenings or interviews, etc.). If you would like to request an accommodation related to the recruitment process, please contact us to request accommodations.

If you are selected for a position and depending upon your role, your employment may be contingent upon adherence to local policy. This may include pre-placement drug screening, medical review of physical fitness for the role, and background checks.