Company: BP
Skills: IT - Analysis & Management
Education: High School/Secondary
Location: Sunbury, United Kingdom

Responsible for managing a team to deliver information security and risk activities for the specialism, leading changes to security processes and procedures, reviewing complex security issues, leading security solutions from identification to implementation, ensuring adherence to policies, standards and best practices and providing technical expertise to internal and external stakeholders. Specialisms: Information Security Engineering; Information Security and Risk Management; Operational Security Management; Governance, Risk and Compliance; Forensics and Incident Response Management; Application Information Security.
Role SynopsisBP Digital Security Platforms is a high visibility team that solves security challenges at a massive scale. We are looking for Security Engineers who are ready to take on a front-line role in addressing security issues across one of largest Oil & Gas companies in the world. Security issues at this scale and speed require a passion for engineering robust solutions to complex security challenges, as well as the ability to quickly design and build internal tools to address them.

BP is looking for Security Engineers to ensure that our IT Platform operates to the highest standards required to maintain and enhance internal and external customer trust. If you enjoy analysing, engineering, and architecting system services, custom services, COTS products, operating systems, networks, infrastructure applications, and you are skilled at investigating security issues and new threat scenarios, this position will provide you with a challenging opportunity to work alongside world-class talent in solving complex and far-reaching problems. A successful candidate will have a good mix of deep technical knowledge and a demonstrated background in Security Engineering.

At IT&S, all the roles are within Chapters. While your role will continue to remain within the Chapter, your initial activities described below may change over time.Key AccountabilitiesTeam: As a high-performing, technical lead, you will effectively form part of a multidisciplinary team supporting those working in our cross-functional teams. You will help teams grow and deliver agile and commercially cost-effective solutions. You will delegate, motivate and be hands-on, alongside the teams you form part of.

Security Engineering: You will provide advanced technical expertise in support of information security & risk activities, specific to Information Security Engineering. You will help design and deliver secure solutions to project and products across the BP environment. You will manage the implementation and application of relevant operating processes and procedures. One of your top priorities is to ensure all activities adhere to the relevant standards. You will collaborate with other extended teams to operate investigations and incident response processes and provide a consistent response to cyber-based malicious activity for the team you work with.

Relationships: You will develop a strong working rapport with other team members to drive innovative initiatives. You will liaise with various teams and senior stakeholders across BP, to advise on information security and risks. You will manage third party service providers that are helping to deliver related projects as required. You will use your abilities to influence and inspire change in a positive and impactful way.

Technology: You will bring good hands-on skills in key technologies. You will use your ability to rapidly assess and identify the potential of new technologies with a commercial mindset.

Safety and Compliance: The safety of our people and customers is our highest priority. You will champion a culture of operational safety and ensure our architectures, designs and processes enhance and improve our digital security.Essential Education:We will focus on experience rather than education although we endorse a continuous learning cultureEssential Experience and Job RequirementsKey Technical capability:
  • Has hands on experience with Microsoft Azure AD Identity services and features. Including but not limited to Single Sign On, Azure Application Proxy, Azure AD, Conditional Access, Multi Factor Authentication, MCAS, PIM
  • Hands on Experience of implementation and supporting different Authentication protocols e.g. SAML, OIDC, OAUTH, IWA
  • Advanced understanding and implementation experience of cyber security recommendations related to Application Security and authentication protocols
  • Strong understanding and hands on experience in hybrid AD environment MS Active directory, power shell scripting, AAD Sync,
  • Experience in large enterprise environment in an Agile/DevOps environment.

Business capability:
  • You have significant experience in either an internal or external information security and risk role, or similar.
  • You pride yourself on having advanced technical knowledge and experience in delivering security solutions, providing technical advice and overseeing security processes for the specialism.
  • You have a great experience in stakeholder management.

Leadership and EQ:
  • You always empower people - encouraging positive team morale and ensuring that every team member with expertise has the power to make decisions, at the lowest possible level.
  • You always get the basics right, from quality development conversations to recognition and ongoing performance feedback. You can develop, coach, mentor and inspire others.
  • You comply with BP's Code of Conduct and ensure your team does too. You also demonstrate strong leadership of BP's Leadership Expectations and Values & Behaviours.
  • You create an environment where people listen and can speak openly about the good, the bad, and the ugly, so that everyone can understand and learn.
  • You embrace a culture of change and agility, evolving continuously, adapting to our changing world.
  • You are an effective team player, naturally looking beyond your own area/organizational boundaries to consider the bigger picture and/or perspective of others, and building trust-based relationships with leaders and employees across IT&S and BP.
  • You are self-aware and seek input from others on your impact and effectiveness.
  • You apply judgment and common sense at scale - you use insight and good judgment to deliver commercially sound, efficient and pragmatic decisions and solutions and to respond to situations as they arise.
  • Cultural fluency - you operate across cultural boundaries with sensitivity.
Desirable Criteria:
  • You must have an external accreditation - recognized by the IT&S Information Security Profession (e.g. CISM, GICSP, CISSP, M.Inst.ISP). We expect you to hold this accreditation within 12 months of taking up the role.
  • We also find it desirable if you have an alternative accreditation in industrial control systems.
Flexible WorkingIn IT&S we are committed to providing flexible working arrangements. Agile or flexible working encompasses a wide range of working options, which help people to achieve their full potential. It is more than ad-hoc home working or part time working; it's about role modelling BP's IT technology to get a job done, in a way that works well for both the business and our employees.
So even if a job is advertised as full time, please reach out to the hiring manager or the recruiter if you would like flexible working arrangements to be considered.