Company: BP
Skills: IT - Analysis & Management, IT - Networking & Telecom, IT - Programming & Database
Experience: 2 + Years
Education: Bachelors/3-5 yr Degree
Employment Type: Full Time Contractor
Location: Houston, Texas, United States


Role Synopsis

The BP Cyber Emergency Response Team (BP-CERT) is comprised of incident management and forensic professionals based in London, Houston and Singapore. BP-CERT sits within the Counter Threat Unit (CTU) in the Digital Security & Risk division of BP's Information Technology & Services (IT&S) team. BP-CERT's primary purpose is to investigate and respond to malicious cyber activity affecting BP's information and systems, including industrial automation assets.

As the Forensic and Incident Response Lead, you will co-ordinate the on-duty incident response team and act as Incident Response Manager for the highest profile and most visible cyber incidents, leading and directing efforts to immediately respond quickly and efficiently to active threats.

BP-CERT maintains and develops skill sets to conduct forensic investigations, threat intelligence analysis, information sharing and coordination, and cyber exercising.

You will need the leadership mentality to influence people, and direct and co-ordinate discussions to quickly identify risks and impact in fast-paced, demanding situations.

Key Accountabilities

Team: You will lead and coordinate the response to digital security incidents through the initial triage phase and provide support to business and IT teams as they work to close identified gaps. This involves ensuring that threats are contained in a timely way to minimize the risk to BP's information assets, data and services. You will also participate in post-incident reviews assessing the effectiveness of controls, monitoring and responses to maximize lessons learnt and improve BP's cyber resilience.

Relationships: You will build and maintain close working relationships with the segment Heads of Digital Security, Digital Security Risk Officers, Service Management Office, Intelligence, Security & Crisis Management, Business Integrity, Group Communications and key strategic suppliers whose support and knowledge are vital in delivering the remediation of security events and incidents.

Security: You will enhance the design, documentation, and implementation of incident response processes, procedures, guidelines, and solutions. You will also lead and coordinate cyber exercises to ensure continuous improvement in BP's Digital Security response. You will maintain a strong awareness of technology, emerging cyber threats and industry best practice to enhance incident response.

Safety and Compliance: The safety of our people and customers is our highest priority. We will champion a culture of operational safety and ensure our architectures, designs and processes enhance and improve our digital security.Essential Education

  • You'll have a degree or technical certification (SANS, Cyber Security, CISSP)
  • Alternatively, you could have at least 3 years' direct working experience

Essential Experience and Job Requirements

  • You will have significant relevant experience in an information security and risk role, or similar.
  • You will have advanced technical knowledge and experience of delivering security solutions. This includes providing technical advice and overseeing security processes for your specialism.
  • You will have sound stakeholder management experience.

Technical capability

Essential:

  • Business Analysis (BUAN)
  • Consultancy (CNSL)
  • Incident Management (USUP)
  • Information Security (SCTY)
  • Performance Management (PEMT)
  • Relationship Management (RLMT)
  • Security Administration (SCAD)

Leadership and EQ

  • You always empower people - encouraging positive team morale and ensuring that every team member with expertise has the power to make decisions, at the lowest possible level.
  • You always get the basics right, from quality development conversations to recognition and ongoing performance feedback. You can develop, coach, mentor and inspire others.
  • You comply with BP's Code of Conduct and ensure your team does too. You also demonstrate strong leadership of BP's Leadership Expectations and Values & Behaviours.
  • You create an environment where people listen and can speak openly about the good, the bad, and the ugly, so that everyone can understand and learn.
  • You embrace a culture of change and agility, evolving continuously, adapting to our changing world.
  • You are an effective team player, naturally looking beyond your own area/organizational boundaries to consider the bigger picture and/or perspective of others, and building trust-based relationships with leaders and employees across IT&S and BP
  • You are self-aware and seek input from others on your impact and effectiveness.
  • You apply judgment and common sense at scale - you use insight and good judgment to deliver commercially sound, efficient and pragmatic decisions and solutions and to respond to situations as they arise.
  • Cultural fluency - you operate across cultural boundaries with sensitivity.

Desirable Criteria

  • You have considerable experience in the cyber security field
  • You have up-to-date knowledge of technology, cyber and information security threats facing oil and gas
  • You have Information Security certification (CISSP, CISM, etc.)
  • You have Incident and Forensic certification (ITIL, GIAC GCIA / GCIH)
  • You bring comprehensive understanding of risk management
  • You can articulate and communicate intelligence on adversaries, campaigns and threats facing BP