Responsible for delivering information security and risk activities for the specialism, using advanced technical capabilities to lead changes to security processes and procedures, review complex security issues, lead security solutions from identification to implementation, ensure adherence to policies, standards and best practices and provide technical expertise to internal and external stakeholders. Specialisms: Information Security Engineering; Information Security and Risk Management; Operational Security Management; Governance, Risk and Compliance; Forensics and Incident Response Management; Application Information Security.Role Synopsis:
Responsible for the development and maintenance of IT security control framework including policies, standards and guidance. Responsible for the development and agreement of formal positions to meet new and changing threat and external requirements. Responsible for the oversight, reporting and improvement of requirements management processes and toolset. Key Accountabilities:
- Develops and maintains IT security policies, standards and guidance
- Provides technical expertise in area of information security policy and standards.
- Produces best practice guidance in support of emerging threats
- Assesses new external requirements including legal and regulatory requirements
- Maintains awareness of the evolving security risks and trends in area of specialism.
- Monitors and maintains customer service in the specialist area.
- Delivers continuous improvement actions for the specialism.
Essential Experience and Job Requirements:Technical capability
- A degree level qualification is desirable though not essential.
- Information security or risk industry accreditation (e.g. CISM, CISA, CISSP, CIRM) or membership of a professional body (e.g. IISP)
- Technical knowledge in areas of information and cyber security and including policy, standards.
- Experience of new and emerging technological threats (E.g. mobile, cloud).
- Risk management experience
Leadership and EQ
- A minimum of 5 years' experience in either an internal or external information security and risk role, or similar, with highly advanced technical knowledge in assigned specialism.
- Stakeholder and relationship management experience
- Experience managing projects or a portfolio of engagements
- Effective team player
- Embraces a culture of change and agility, evolving continuously
Desirable criteria are those that may enable the job holder to perform better or require a shorter familiarisation period.
- Technical consulting experience
- Experience of modern new ways of working (E.g. Cloud, Mobile, DevOps, Agile)
- Operational security experience
- Security architecture
0Responsible for the development and maintenance of IT security control framework including policies, standards and guidance. Responsible for the development and agreement of formal positions to meet new and changing threat and external requirements. Responsible for the oversight, reporting and improvement of requirements management processes and toolset.
- In IT&S we are committed to the provision of flexible working arrangements. Agile or flexible working encompasses a wide range of working options which support individuals to their full potential. It is more than ad-hoc home working or part time working, it's about finding the best way and role modelling BP's IT technology to get a job done, that works well for both the business and our employees.
- So even if a job is advertised as full time, please reach out to the hiring manager or the recruiter as flexible working arrangements may be considered.