Job category: Information Technology & Services
Sub-category: Information Security
Countries (State/Region): United Kingdom - South East
The role-holder is the lead digital security and IT operational risk officer for International Gas (IG) and Treasury which are two major business-facing parts of BP’s Corporate Business Activities & Functions (CBA&F) organisation. IG is one of BP’s commodity trading businesses who work in close partnership with Upstream and Downstream, providing the commercial face for BP’s trading activities and Treasury is BP’s internal bank.
This is in an exciting opportunity to support some of BP’s critical business areas. The role will report directly to the Head of Digital Security & Risk for CBA&F and will be part of the global Digital Security & Risk team assisting in the execution of global cyber security responsibilities and initiatives.
The role will encompass all aspects of digital security and IT operational risk and will be an extended part of the IT&S Director’s team under the overall direction of the Head of Digital Security & Risk for CBA&F.
Within their IT&S Director’s team and the businesses it supports:
• Develop and maintain relationships and build trust across stakeholders in IT&S and the business, supporting Group Leaders in meeting their security requirements.
• Champion the digital security agenda and enrolling senior management and leadership for their guidance and support.
• Manage consistency and quality of the risk framework which includes triaging and overseeing managed-service delivered outcomes, for projects, assets and suppliers; manage demand for centrally provided security and risk services.
• Review, manage and escalate findings and actions from security and risk activities.
• Participate in business risk governance, identify risks and coordinate risk remediation, escalation, reporting and exception processes.
• Monitor compliance with specific regulations relevant to the business, using the services of and in conjunction with the DSR Governance Risk & Compliance team.
• Drive the adoption of strong security behaviours and awareness in conjunction with the central security behavioural change team.
• Provide access to the whole range of central DSR services and programmes including security incident management, process control centre of excellence, security investment programmes etc.
• Provide security consultancy advice and interpretation of standards and policies.
Essential experience and job requirements
Candidates should have a good track record in applying information security and / or IT operational risk knowledge and processes to real-world business problems in a complex, global organisation. This could be based either on a strong background in security methods or IT operational risk. It should also include experience of applying a formal risk assessment process.
Key competencies are:
Business Risk Management – Able to apply risk management practices to ensure that information security and IT operational risks are identified and properly managed.
Being influential – Gravitas and confidence to drive change. Excellent communications skills including the ability to explain technical issues in business language
Information Assurance - Operates as a focus for Information assurance governance expertise for the organisation.
Working with Autonomy - Ability to deal with a broad set of activities across a broad stakeholder group and manage ambiguity well.