Company: BP
Skills: Security
Experience: 5 + Years
Education: High School/Secondary
Location: Sunbury, United Kingdom


Responsible for delivering information security and risk activities for the specialism, using advanced technical capabilities to lead changes to security processes and procedures, review complex security issues, lead security solutions from identification to implementation, ensure adherence to policies, standards and best practices and provide technical expertise to internal and external stakeholders. Specialisms: Information Security Engineering; Information Security and Risk Management; Operational Security Management; Governance, Risk and Compliance; Forensics and Incident Response Management; Application Information Security.
Role SynopsisBP Digital Security Platforms is a high visibility team that solves security challenges at a massive scale. We are looking for Security Engineers who are ready to take on a front-line role in addressing security issues across one of largest Oil & Gas companies in the world. Security issues at this scale and speed require a passion for engineering robust solutions to complex security challenges, as well as the ability to quickly design and build internal tools to address them.

BP is looking for Security Engineers to ensure that our IT Platform operates to the highest standards required to maintain and enhance internal and external customer trust. If you enjoy analysing, engineering, and architecting system services, custom services, Enterprise products, operating systems, networks, infrastructure applications, and you are skilled at investigating security issues and new threat scenarios, this position will provide you with a challenging opportunity to work alongside world-class talent in solving complex and far-reaching problems. A successful candidate will have a good mix of deep technical knowledge and a demonstrated background in Security Engineering.

At IT&S, all the roles are within Chapters. While your role will continue to remain within the Chapter, your initial activities described below may change over time.Key AccountabilitiesTeam: As a high-performing, technical lead, you will effectively form part of a multidisciplinary team supporting those working in our cross-functional teams. You will help teams grow and deliver agile and commercially cost-effective solutions. You will delegate, motivate and be hands-on, alongside the teams you form part of.

Security Engineering: You will provide advanced technical expertise in support of information security & risk activities, specific to Information Security Engineering. You will help design and deliver secure solutions to project and products across the BP environment. You will manage the implementation and application of relevant operating processes and procedures. One of your top priorities is to ensure all activities adhere to the relevant standards. You will collaborate with other extended teams to operate investigations and incident response processes and provide a consistent response to cyber-based malicious activity for the team you work with.

Relationships: You will develop a strong working rapport with other team members to drive innovative initiatives. You will liaise with various teams and senior stakeholders across BP, to advise on information security and risks. You will manage third party service providers that are helping to deliver related projects as required. You will use your abilities to influence and inspire change in a positive and impactful way.

Technology: You will bring good hands-on skills in key technologies. You will use your ability to rapidly assess and identify the potential of new technologies with a commercial mindset.

Safety and Compliance: The safety of our people and customers is our highest priority. You will champion a culture of operational safety and ensure our architectures, designs and processes enhance and improve our digital security.Essential Education:We will focus on experience rather than education although we endorse a continuous learning cultureEssential Experience and Job RequirementsDesirable Criteria:Key Technical capability:
  • Have at least Five years of hands on experience with SAP Products and its Security Landscape, not just limited to Access and Authorizations. Experience of managing SAP on AWS/AZURE is essential.
  • Sound understanding of IT Controls design on different layers in the stack and work with Architects/Digital Security Teams to ensure continuous compliance is maintained.
  • Advanced understanding and implementation experience of cyber security recommendations related to Application Security and authentication protocols
  • Strong understanding and hands on experience in Applications like SAP, SALESFORCE etc.
  • Strong understanding of Identity and Access Management Principles
  • Strong Knowledge on API Security and OWASP Guidelines.
  • Experience in large enterprise environment in an Agile/DevOps environment.

Business capability:
  • You have significant experience in either an internal or external information security and risk role, or similar.
  • You pride yourself on having advanced technical knowledge and experience in delivering security solutions, providing technical advice and overseeing security processes for the specialism.
  • You have a great experience in stakeholder management.

Leadership and EQ:
  • You always empower people - encouraging positive team morale and ensuring that every team member with expertise has the power to make decisions, at the lowest possible level.
  • You always get the basics right, from quality development conversations to recognition and ongoing performance feedback. You can develop, coach, mentor and inspire others.
  • You comply with BP's Code of Conduct and ensure your team does too. You also demonstrate strong leadership of BP's Leadership Expectations and Values & Behaviours.
  • You create an environment where people listen and can speak openly about the good, the bad, and the ugly, so that everyone can understand and learn.
  • You embrace a culture of change and agility, evolving continuously, adapting to our changing world.
  • You are an effective team player, naturally looking beyond your own area/organizational boundaries to consider the bigger picture and/or perspective of others, and building trust-based relationships with leaders and employees across IT&S and BP.
  • You are self-aware and seek input from others on your impact and effectiveness.
  • You apply judgment and common sense at scale - you use insight and good judgment to deliver commercially sound, efficient and pragmatic decisions and solutions and to respond to situations as they arise.
  • Cultural fluency - you operate across cultural boundaries with sensitivity.
Desirable Criteria:
  • You must have an external accreditation - recognized by the IT&S Information Security Profession (e.g. CISM, GICSP, CISSP, M.Inst.ISP). We expect you to hold this accreditation within 12 months of taking up the role.
  • We also find it desirable if you have an alternative accreditation in industrial control systems.
Flexible WorkingIn IT&S we are committed to providing flexible working arrangements. Agile or flexible working encompasses a wide range of working options, which help people to achieve their full potential. It is more than ad-hoc home working or part time working; it's about role modelling BP's IT technology to get a job done, in a way that works well for both the business and our employees.

So even if a job is advertised as full time, please reach out to the hiring manager or the recruiter if you would like flexible working arrangements to be considered.