Information Security Lead
Full time
at BP p.l.c.
in
Online
Posted on May 8, 2024
Job details
- Travel required Negligible travel should be expected with this role
- Job category IT&S Group
- Relocation available This role is not eligible for relocation
Requirements :
Experience working in internal or external information security roles, including leading teams. Experience in working in a Product led organization Strong influencing skills with the ability to communicate technical information to both technical and non-technical audiences, clearly and concisely. Sophisticated technical knowledge, ideally hands-on, and experience in delivering security solutions and providing technical advice. Knowledge of relevant legal and regulatory frameworks Experience working within developing digital ecosystems, with multiple partners and environments, ensuring suitable security is delivered. Certification in Information security i.e. CISSP or CISM is preferred. Knowledge of security frameworks such as ISO 27001/2, NIST, and CIS framework is highly advantageous. Able to adapt to shifting priorities, demands, and timelines and keep customers abreast of impact (potential or actual) to defined delivery timescales and/or business impact. Travel Requirement Negligible travel should be expected with this roleJob summary
Entity: Innovation & Engineering Job Family Group: IT&S Group Job Description:Key Responsibilities:
Team Leadership: Lead, mentor, and develop a resilient team, aligning with technology vision and strategy, encouraging a culture of continuous improvement and career progression. Relationship Management: Act as the main point of contact for information security for Product Security within ASPAC, building strong partnerships and influencing positive change. Security Expertise: Provide technical expertise in Cyber Security, implementing operating processes and ensuring adherence to security standards across all activities. Safety: Prioritize operational safety, improving digital security through architecture, designs, and processes. As the Information Security Lead, you will :- Work closely with the Innovation & Engineering (I&E) Product Discovery and Delivery squads delivering solutions to the C&P businesses in ASPAC region. You will assess and identify cyber risks across digital products
- Lead the regional Product Security Safety squad to proactively mitigate and coordinate the remediation of any findings from vulnerability scans, supplier assurance, compliance reviews, and support the squads in maintaining a ‘green’ Product Cyber score.
- Review product architecture and any application changes to assess the implications to cyber risks and work with the Product Managers and Architects to perform threat modelling across products as new features are deployed.
- Work to Agile delivery principles across technology and build security awareness by supporting awareness programs and establishing security standard methodologies within Product Teams.
Requirements :
- Experience working in internal or external information security roles, including leading teams.
- Experience in working in a Product led organization
- Strong influencing skills with the ability to communicate technical information to both technical and non-technical audiences, clearly and concisely.
- Sophisticated technical knowledge, ideally hands-on, and experience in delivering security solutions and providing technical advice.
- Knowledge of relevant legal and regulatory frameworks
- Experience working within developing digital ecosystems, with multiple partners and environments, ensuring suitable security is delivered.
- Certification in Information security i.e. CISSP or CISM is preferred.
- Knowledge of security frameworks such as ISO 27001/2, NIST, and CIS framework is highly advantageous.
- Able to adapt to shifting priorities, demands, and timelines and keep customers abreast of impact (potential or actual) to defined delivery timescales and/or business impact.
Apply safely
To stay safe in your job search, information on common scams and to get free expert advice, we recommend that you visit SAFERjobs, a non-profit, joint industry and law enforcement organization working to combat job scams.