Grade H - Office/ CoreResponsible for supporting information security and risk activities for the specialism, using sound technical capabilities to review and adjust information security processes, supporting the delivery of security solutions, recommending improvements to security strategies and managing external service providers, as required. Specialisms: Information Security Engineering; Information Security and Risk Management; Operational Security Management; Governance, Risk and Compliance; Forensics and Incident Response Management; Application Information Security.
Entity:
Technology
IT&S Group
To enable the world to reach net zero, bp are looking for the brightest digital specialists to drive innovation as it transitions from an International Oil Company (IOC) to an International Energy Company (IEC).
Are you passionate about protecting what matters mostWere seeking someone who is passionate about identifying and implementing security solutions that make bp a cyber resilient organisation! Our Business Information Security team partners with the business to help them understand cyber risk and be accountable for cyber security.
Were looking for curious minds who are driven by opportunities to build value and deliver secure products and services to advance bps strategy.
Role Synopsis In the digital era, where data breaches and cyber threats are not just possibilities but realities, the role of a Global Information Security Specialist has never been more critical. Working closely with the Supply Trading and Shipping (ST&S) business areas, you will support the protection of IT systems and business data that are important to bps energy production capabilities.
You will conduct security assessments, respond to security queries, and provide security expertise. Your expertise will help ensure that ST&S teams can operate with confidence, knowing their systems and processes are secure.
Ready to make a real impact in energy trading securityJoin us in safeguarding the people, processes and systems that power our transition to net zero!
Key Accountabilities In this role you will deliver security activities to support the ST&S business areas. This role focuses on hands-on security assessment and advisory activities with the following key accountabilities:
-
Security Assessments : We need someone that can conduct comprehensive assessments of systems, identify risks and issues while recommending appropriate remediation measures.
-
Technical & Non-Technical Risk Advisory : Youll assess and communicate cybersecurity risks. We want our customers to understand potential impacts and mitigation strategies clearly.
-
Cyber Behaviour Promotion : We strive to build a strong cyber security culture. Youll assist with the development and promoting good cyber behaviours in day-to-day operations.
-
Incident Management Support : When security incidents happen, we need you to provide specialist security expertise. Youll support incident response activities and improvement recommendations.
-
Customer Support : We want you to act as the go-to point of contact for information security. Youll provide timely and accurate expertise on security matters affecting their systems or data.
You will:
-
Assess and Evaluate : Youll perform regular security assessments of ST&S systems. We use established methodologies to identify potential risks, weaknesses and security gaps.
-
Respond and Advise : We require someone who can offer our customers practical and tailored cyber security solutions. These solutions must align with operational requirements.
-
Analyse and Report : Youll evaluate risks and prepare clear, actionable recommendations, and communicate these with both business and technical audiences.
-
Support and Collaborate : We work closely with ST&S teams to implement security measures. Youll help maintain a robust security posture while aligning with operational needs.
-
Promote and Educate : We nurture positive cyber security behaviours! Youll work within P&O teams through targeted awareness activities, training support, and expert guidance.
-
Monitor and Review : We want someone who understands the security landscape affecting ST&S systems and stay ahead of emerging threats and industry standard methodologies.
Education -
Bachelors degree or equivalent experience in Information or Cyber Security, Computer Science, Engineering.
-
Working towards professional certifications such as Certified Information Security Manager (CISM), Certified Information Systems Security Professional (CISSP), or CompTIA Security+.
-
Knowledge of security frameworks such as ISO 27001/2, NIST, and CIS framework.
Desirable Experience and Capability -
Previous track record in information security roles, preferably with some exposure to trading technology (OT) or financial regulated environments.
-
Ability to explain security concepts to a variety of audiences in the ST&S domain.
-
Solid grasp of cyber risk assessment methodologies and the ability to translate technical findings into business impact assessments.
-
Attention to detail and ability to work independently while balancing multiple activities.
-
Ability to adapt security recommendations to different operating environments.
-
Ability to use technology, data, and insights to enable decision making.
Travel Requirement
Up to 10% travel should be expected with this role
Relocation Assistance:
This role is eligible for relocation within country
Remote Type:
This position is a hybrid of office/remote working
Skills:
Automation system digital security, Client Counseling, Conformance review, Digital Forensics, Incident management, incident investigation and response, Information Assurance, Information Security, Information security behaviour change, Intrusion detection and analysis, Legal and regulatory environment and compliance, Risk Management, Secure development, Security administration, Security architecture, Security evaluation and functionality testing, Solution Architecture, Stakeholder Management, Supplier security management, Technical specialism
