Company: BP
Skills: IT - Analysis & Management, Risk Management
Education: Bachelors/3-5 yr Degree
Employment Type: Full Time Salaried Employee
Location: Sunderland, England, United Kingdom
No location/work authorization restrictions found.


Responsible for delivery of specific information security governance risk and compliance products, processes or supports the delivery of governance risk and compliance services.

Responsible for the delivery and maintenance of specific governance risk and compliance services in a specialist area.

Specialisms include: Information Technology (IT) Legal & Regulatory compliance, IT requirements compliance, IT risk management, governance and reporting.Role Synopsis:

Responsible for delivery of specific information security governance risk and compliance products, processes or supports the delivery of governance risk and compliance services.

Responsible for the delivery and maintenance of specific governance risk and compliance services in a specialist area.

Specialisms include: Information Technology (IT) Legal & Regulatory compliance, IT requirements compliance, IT risk management, governance and reporting.

Key Accountabilities:
  • Provides technical expertise in support of IT controls compliance specific to the specialism.
  • Manages the delivery and maintenance of IT controls compliance and associated risk management.
  • Maintains standards in an area of specialism, shares best practice and understands internal and external trends in this area.
  • Develops and maintains strong relationships across internal and external stakeholders.
  • Maintains awareness of the evolving IT compliance risks and trends in area of specialism.
  • Monitors and maintains customer service in the specialist area.
  • Delivers continuous improvement actions for the specialism.
Essential Education:
  • A degree level qualification is desirable though not essential.
  • Information security or risk industry accreditation (e.g. CISM, CISA, CISSP, CIRM) or membership of a professional body (e.g. IISP)
Essential Experience and Job Requirements:

Technical capability
  • Technical knowledge in areas of specialism and experience in security solution development, risk identification, and providing technical controls advice in developing relevant compliance processes, policies and frameworks for the specialism.
  • Audit expertise in the areas of specialism to include framework(s) interpretation, conformance techniques and effective resolution skills.
  • Areas of specialism desired: SOx, PCI, NISR, HSSE
  • Information management (IRMG) - 3
  • Information assurance (INAS) - 3
  • Consultancy (CNSL) - 3
  • Business risk management (BURM) - 3
  • Relationship management (RLMT) - 3
  • Information security (SCTY) - 2
  • Conformance review (CORE) - 3

    Business capability
  • Extensive experience in either an internal or external information security and risk role, IT auditor, or similar, with highly advanced technical knowledge in assigned specialism.
  • Leadership and EQ
  • Strong senior stakeholder management experience
  • Effective leader and team player
  • Embraces a culture of change and agility, evolving continuously, adapting to our changing world