BP has embarked on an ambitious plan to modernize and transform using digital technologies to drive efficiency, effective and new business models.
As an Information Security Engineering Lead, you will be part of a team focussing on the technical security assurance aspects in the design of systems that need to be able to deal robustly with possible sources of disruption and malicious acts. Your primary motivation is to support the delivery of secure engineering solutions that satisfy pre-defined requirements of preventing misuse and malicious behaviour in addition to working with Engineering teams to develop new patterns that can be applied for future use cases. In addition, you will provide periodical assurance of solutions that are already deployed.
You will ensure adherence to policies, standards and best practices and provide technical expertise to internal and external stakeholders. Using advanced technical capabilities to lead innovation to security processes and procedures continuously using an agile mindset, you will review complex security challenges and lead security solutions from identification to implementation in collaboration with extended security teams. Furthermore, you will be responsible for supporting information security and risk activities for Information Security Engineering.
An appetite for problems-especially those big, intractable, complicated problems whose solutions make a permanent difference in security will be key.
In Information Technology & Services (IT&S), all the roles are within Chapters (how we do things). While your role will continue to remain within the Chapter, your initial activities described may change over time providing opportunity for change but also supporting an ever-changing environment in a flexible manner. You will be deployed to Squads, which is where your value generation will contribute to our continuous transformation agenda.
As a high-performing, technical lead, you will effectively manage people and support those working in our cross-functional teams. You will help teams grow and deliver agile and commercially cost-effective solutions. You will delegate, motivate and be hands-on, alongside your team. You will play an integral role in building the entire team's skillset, including your own. You will help the team grow and deliver the most agile bullet proofing, reinforcing, ruggedizing or products and services in an optimized way. You will be self-motivated and be hands on, alongside your team and others. Information Security Engineering:
You will provide sound technical expertise in support of information security & risk activities, specific to Information Security Engineering. You will help design and facilitate delivery of security solutions to improve products or features across the BP IT environments and across all phases of the agile lifecycle. You will support the implementation and application of relevant operating processes and procedures helping secure our products. One of your top priorities is to ensure all activities adhere to the relevant standards or help adjust those standards to changing circumstances. Relationships:
You will develop a strong working rapport with other team members to drive innovative initiatives. You will liaise with various teams and senior stakeholders across BP, to advise on information security and risks in the technical domain, working very closely with other teams like Strategy and Architecture and Identity and Access management services inter alia. You will support third party service providers stay secure and help to deliver related projects as required. You will use your abilities to influence and inspire change in a positive and impactful way and contributing to moderating our Security transformation by implementing Shift Left principles to everything we do.Essential Education:
- College degree or relevant Technical Certification from institutes like SANS, ISC2, ISACA, etc.
- Experience of 5 years + in related fields.
- Real work experience trumps any formal degree.
- Security & Risk Management
- Network Security
- Identity and Access Management
- Security Assessment & Testing
- Software Development Security
- Working with tools like Azure DevOps
Leadership and EQ:
- You have significant experience in either an internal or external information security and risk role, or similar.
- You pride yourself on having advanced technical knowledge and experience in delivering security solutions, providing technical advice and overseeing security processes for the specialism.
- You have a great experience in stakeholder management.
- You always empower people - encouraging positive team morale and ensuring that every team member with expertise has the power to make decisions, at the lowest possible level.
- You always get the basics right, from quality development conversations to recognition and ongoing performance feedback. You can develop, coach, mentor and inspire others. You understand cultural differences.
- You comply with BP's Code of Conduct and ensure your team does too. You also demonstrate strong leadership of BP's Leadership Expectations and Values & Behaviours.
- You create an environment where people listen and can speak openly about the good, the bad, and the ugly, so that everyone can understand and learn.
Specific to the Role
- You must have an external accreditation - recognized by the IT&S Information Security Profession (e.g. CISM, GICSP, CISSP, M.Inst.ISP). If you do not have it, we expect you to hold this accreditation within 12 months of taking up the role.
- We also find it desirable if you have an alternative accreditation in industrial control systems.
- Work experience with leading audit or consultancy firms.
: IT assets in BP must undergo a digital security review to ensure that the solutions comply with our internal policies as well as security best practices. We are transforming the way we do reviews, hence the need to continuously innovate our current processes in order to scale in this changing environment. As Information Security Engineering Lead, you will assist the team to facilitate this process and identify/help stakeholders manage risks. You will have agood understanding of security control frameworks, knowledge or experience in common security frameworks/standards like ISO 2700X, COBIT, NIST, CSA, GDPR. In addition, you will have a good understanding of the following domains: Identity and Access Management, Networking, Systems Maintenance & Development, IT Systems Auditing, etc. You will work across different teams and different technologies.