BP has embarked on an ambitious plan to modernize and transform using digital technologies to drive efficiency, effective and new business models. You are the IT Governance, Risk and Compliance Specialist, accountable for the delivery of IT compliance and information security assessment products. You will maintain IT compliance services, reporting, governance and oversight for IT compliance and security assessment processes.
You will operate in a dynamic and commercially focussed environment, with the resources of one of the world's largest IT departments, and some of the world's leading IT vendors at your fingertips.
At IT&S, all the roles are within Chapters. While your role will continue to remain within the Chapter, your initial activities described below may change over time.
- As part of this Business Partner Security focused role you will take part in supplier contract negotiations embedding information security requirements in our agreements.
- You will deliver action plans to suppliers to drive remediation of existing vulnerabilities as part of a monitoring and response capability.
- You will track remediation actions from assurance reviews to identify and remediate risks and confirm gaps are closed to prevent exposure to cyber threats.
- Contribute to the continuous improvement of supplier assurance procedures, guidelines, frameworks to help perform supplier security assurance in a consistent and quality manner.
Team: You will grow and develop the capability of your team by helping them deliver the most Agile and commercially cost-effective solutions. You will not just lead, but "do". Our culture is exploring, thinking and doing, and you will live this every day.
Relationships: You will remain aware of evolving security risks and trends by building a rapport with team members both inside and outside of BP. You will contribute to the continuous development of the wider IT&S team by proactively improving the quality standards and efficiency of delivery. To succeed you'll need the ability to influence and inspire change in a positive, impactful way.
Governance and Compliance: You will provide technical expertise in support of IT compliance assessments and track the delivery of a series of assessment activities. Facilitating the delivery of a programme of activities as agreed with the service provider will be one of your main tasks. You will provide oversight in the context of compliance and security assessment activities, identifying areas of risk and making appropriate recommendations.
Technology: You have a passion for understanding and learning. You will bring good hands-on skills in key technologies, and an ability to rapidly assess and identify the potential of new technologies with a commercial mindset. A keen interest in emerging technologies and a desire to help shape our digital vision are essential.
Safety and Compliance: The safety of our people and customers is our highest priority. We will champion a culture of operational safety and ensure our architectures, designs and processes enhance and improve our digital security.Essential Education
Essential Experience and Job Requirements
- Ideally, you'll have a degree-level qualification or equivalent experience
- You will have information security or risk industry accreditation (e.g. CISM, CISA, CISSP, CIRM) or membership of a professional body (e.g. IISP).
- You will bring technical knowledge in IT compliance, security assessments, governance or reporting.
- You have provenexperience in an information security and risk role, or similar, with highly advanced technical knowledge in your assigned specialism.
• Information management (IRMG)
• Information assurance (INAS)
• Consultancy (CNSL)
• Business risk management (BURM)
• Relationship management (RLMT)
• Information security (SCTY)
• Conformance review (CORE)Leadership and EQ:
- You embrace a culture of change and agility, evolving continuously, adapting to our changing world.
- You are an effective team player, looking beyond your own area/organizational boundaries to consider the bigger picture and/or perspective of others, while understanding cultural differences.
- You continually enhance your self-awareness and seek input from others on your impact and effectiveness.
- Well organized, you balance proactive and reactive approaches and multiple priorities to complete tasks on time.
- You apply judgment and common sense - you use insight and good judgment to inform actions and respond to situations as they arise.
- You comply with BP's Code of Conduct and demonstrate strong leadership through BP's Leadership Expectations and Values & Behaviours.
- You are familiar with IT&S, Digital Security and Risk functions.
- You have Big 4 consulting or technical consulting experience.
- You have experience of one or more new technology areas or ways of working (e.g. Cloud, Mobile, DevOps, Agile).
- You bring project management experience.
In IT&S we are committed to providing flexible working arrangements. Agile or flexible working encompasses a wide range of working options, which help people to achieve their full potential. It is more than ad-hoc home working or part time working; it's about role modelling BP's IT technology to get a job done, in a way that works well for both the business and our employees.
So even if a job is advertised as full time, please reach out to the hiring manager or the recruiter if you would like flexible working arrangements to be considered.