BP has embarked on an ambitious plan to modernize and transform using digital technologies to drive efficiency, effectiveness and new business models. As the Operational IS Lead, you will be responsible for delivering information security and risk activities for Operational Security Management. Using advanced technical capabilities, you will lead changes to security processes and procedures, review complex security issues and oversee security solutions from identification to implementation.
You will see that we follow policies, standards and best practices and provide technical expertise to internal and external stakeholders. It's a chance to operate in a dynamic and delivery-focused environment, with the resources of one of the world's most forward-thinking IT departments and leading IT vendors at your fingertips.
Technology Risk and Controls experience spread across major ERP applications covering IT control framework design and testing, Security design and assessment, SOX reviews/testing, GRC Platform design and implementation, Segregation of duties and business controls framework testing/review.
Sound knowledge on IAM tools, RPA (UI Path) design and build, Data Analytics, cloud environment and SAAS services and model.
Must have prior understanding around the importance of security and compliance concepts.
Must have deep knowledge how Application Security and Compliance demands can be technically fulfilled.
Excellent blend of business analytical skills with functional and technical knowledge
Good Understanding of Legal & Regulatory Frameworks like SOX, PCI-DSS, GDPR and their impact on Data Privacy and Financial Integrity of Application Platforms.
Solid Technical Understanding of GRC Platform Vendor's like SAP, SNOW, MetricStream Etc.Team:
You will provide advanced technical expertise to support information security and risk activities specific to your specialism. This could involve designing and developing security solutions to work across BP IT environments that are consistent with current policy; running investigations and incident response processes and providing a consistent response to cyber-based malicious activity; and acting as an interface with various teams dealing with information security in their segment/functions etc. You will drive the implementation and application of relevant operating processes and procedures, and ensure all activities follow relevant standards. You will also manage outreach for the CTU including secondments into the team.
You will develop and maintain relationships with stakeholders, delivering advanced technical knowledge to support project delivery, collaboratively identify key challenges and ensure that security solutions protect BP against cyber risks. A senior professional, you will provide informal mentoring/training to junior members of the team. You will also work across CTU and other teams to align and optimize activities and provide backup as necessary for incidents and projects. We'll expect you to track ordering process for solutions and align with yearly budget by working with finance support.
You will build awareness of internal and external technology developments, managing the delivery of process and system improvements, identifying and implementing continuous improvement plans for the specialism and ensuring best practice is shared across the team.
Safety and Compliance:
The safety of our people and customers is our highest priority. We will champion a culture of operational safety and ensure our architectures, designs and processes enhance and improve our digital security.
- You'll have a tertiary level education and/or equivalent relevant work experience.
- You have significant experience in either an internal or external information Security Engineering role with , or similar.
- You are considered a subject matter expert pride yourself on having advanced technical knowledge and experience in delivering security solutions, providing technical advice and overseeing security processes for the specialism.
- You have a great experience in stakeholder management.
- You empower people at all times - encouraging positive team morale and ensuring that every team member with expertise has the power to make decisions, at the lowest possible level.
- You always get the basics right, from quality development conversations to recognition and ongoing performance feedback. You can develop, coach, mentor and inspire others.
- You comply with BP's Code of Conduct and ensure your team does too. You also demonstrate strong leadership of BP's Leadership Expectations and Values & Behaviours.
- You create an environment where people listen and can speak openly about the good, the bad, and the ugly, so that everyone can understand and learn.
- Within your team(s) you notice morale and works to positively influence this.
- You embrace a culture of change and agility, evolving continuously, adapting to our changing world.
- You are an effective team player, naturally looking beyond your own area/organizational boundaries to consider the bigger picture and/or perspective of others, and build trust-based relationships with leaders and employees across IT&S and BP.
- You are self-aware and seek input from others on your impact and effectiveness.
- You must have an external accreditation - recognized by the IT&S Information Security Profession (e.g. CISM, GICSP, CISSP, M.Inst.ISP). We expect you to hold this accreditation within 12 months of taking up the role.
- We also find it desirable if you have an alternative accreditation in GRC Platforms Technologies like SAP, SNOW etc.