Grade GResponsible for delivering information security and risk activities for the specialism, using advanced technical capabilities to lead changes to security processes and procedures, review complex security issues, lead security solutions from identification to implementation, ensure adherence to policies, standards and best practices and provide technical expertise to internal and external stakeholders. Specialisms: Information Security Engineering; Information Security and Risk Management; Operational Security Management; Governance, Risk and Compliance; Forensics and Incident Response Management; Application Information Security.Entity:
Innovation & Engineering

Job Family Group:
IT&S Group

Job Description:

Do you want to work for a world-class organization that provides an exceptional career experience with an inclusive and collaborative culture? Want to make an impact that matters? Consider the Governance, Risk, and Compliance (GRC) team in Digital Security.

The GRC purpose is to provide bp with the capability to manage digital (including cyber) risks. We are looking for a Governance, Risk and Compliance lead to join our team with a focus on digital risk management, cyber board reporting and cyber risk quantification.

Responsibilities

• Develops and implements digital risk management procedures and guidelines aligned with Group risk framework and ensures processes are socialized and adopted by digital organization.
• Partners with stakeholders to create reports that help governance groups, such as the bp Board, to understand our cyber security posture, threat actor landscape and how digital security is helping bp to remain cyber safe.
• Drive how we evaluate risks using risk quantification techniques and tools - making risks relevant and understood in a business focused manner that enables timely decision making based on quantitative rather than qualitative footing.
• Contributes to, monitors, tests, reviews, and constructively challenges digital organization on their assessment of digital risks.
• Synthesises large data sets and risk themes to align with business context and priorities so that insights can be presented to senior stakeholders and support decision making and prioritisation. Identifies pervasive risk themes and proposes strategic risk mitigation actions.
• Develops and maintains strong digital technology and business relationships, becoming a trusted partner to all stakeholders.

Skills and Experience

• Strong people and stakeholder management and engagement skills.
• 8+ years of risk, control as well as information security experience.
• Expert knowledge of information / cybersecurity risk management, governance and metrics, and remediation.
• Experience of c-suite reporting desirable.
• Experience of implementing cyber risk quantification tools and techniques desirable.
• Experience with implementation and oversight of digital operational risk, tracking findings, and executing remediation activities.
• Experience with information security technology programs, audits, assessments, risk, or remediation management desirable.
• Experience with ServiceNow Integrated Risk Management platform and data analytics using Power BI or similar desirable.
• Detail oriented self-starter with strong conceptual, analytical, decision making, planning, time management and prioritization skills.
• Ability to communicate oral and written ideas in a clear, concise manner, at all levels of the organization.
• Prior experience in planning, coordination and implementation and the ability to work across teams and functions to execute and deliver.
• Aptitude to upskill and learn new technologies based on dynamic requirements.
• Ideally has managed direct reports previously including graduates.

Education and Training

• You'll have a tertiary level education and/or equivalent relevant work experience.
• Professional security management certification strongly desirable, such as Certified Information Systems Security Professional (CISSP), Certified in Risk and information Systems Control (CRISC), Certified Information Security Manager (CISM), Certified Information Systems Auditor (CISA) or other similar credentials.

Travel Requirement
No travel is expected with this role

Relocation Assistance:
This role is not eligible for relocation

Remote Type:
This position is not available for remote working

Skills:
Automation system digital security, Conformance review, Consulting, Digital Forensics, Incident management, incident investigation and response, Information Assurance, Information Security, Information security behaviour change, Intrusion detection and analysis, Legal and regulatory environment and compliance, Risk Management, Secure development, Security administration, Security architecture, Security evaluation and functionality testing, Solution Architecture, Stakeholder Management, Supplier security management, Technical specialism

Legal Disclaimer:

We are an equal opportunity employer and value diversity at our company. We do not discriminate on the basis of race, religion, color, national origin, sex, gender, gender expression, sexual orientation, age, marital status, socioeconomic status, neurodiversity/neurocognitive functioning, veteran status or disability status. Individuals with disabilities may request a reasonable accommodation related to bp's recruiting process (e.g., accessing the job application, completing required assessments, participating in telephone screenings or interviews, etc.). If you would like to request an accommodation related to the recruitment process, please contact us to request accommodations.

If you are selected for a position and depending upon your role, your employment may be contingent upon adherence to local policy. This may include pre-placement drug screening, medical review of physical fitness for the role, and background checks.