Responsible for supporting information security and risk activities for the specialism, using sound technical capabilities to review and adjust information security processes, supporting the delivery of security solutions, recommending improvements to security strategies and managing external service providers, as required. Specialisms: Information Security Engineering; Information Security and Risk Management; Operational Security Management; Governance, Risk and Compliance; Forensics and Incident Response Management; Application Information Security.Role Synopsis:
Responsible for the delivery of IT security compliance and information security assessment products. Responsible for the maintenance of compliance services, reporting, governance and oversight for IT compliance and security assessment processes. Key Accountabilities:
- Provides technical expertise in support of IT security compliance and security assessments.
- Manages the delivery of a programme of activities as agreed with the service provider.
- Monitors and strengthens customer service delivered by the outsourced security provider that relates to compliance and security assessments.
- Provides oversight in the context of compliance and security assessment activities, identifies areas of risk and makes appropriate recommendations.
- Provides insights into results of compliance and security assessment activities and drives improvements to security practices through remediation and awareness.
- Provides regular insightful management reporting.
- Maintains awareness of the evolving security risks and trends in domain area.
- Contributes to the continuous development of the wider IT&S team by proactively improving the quality standards and efficiency of delivery.
Essential Experience and Job Requirements:Technical capability
- A degree level qualification is desirable though not essential.
- Information security or risk industry accreditation (e.g. CISM, CISA, CISSP, CIRM) or membership of a professional body (e.g. IISP)
- Technical knowledge in information security or IT security
- Experience of security or IT compliance, governance and reporting
- Security assessments, assurance or audit experience
Leadership and EQ
- Experience in either an internal or external information security and risk role, or similar
- Advanced technical knowledge in assigned specialism.
- Stakeholder management experience
- Effective team player
- Embraces a culture of change and agility, evolving continuously
- In IT&S we are committed to the provision of flexible working arrangements. Agile or flexible working encompasses a wide range of working options which support individuals to their full potential. It is more than ad-hoc home working or part time working, it's about finding the best way and role modelling BP's IT technology to get a job done, that works well for both the business and our employees.
- So even if a job is advertised as full time, please reach out to the hiring manager or the recruiter as flexible working arrangements may be considered.