Digital Security & Risk Officer (m/f)

Firma:
BP Europa SE
Veröffentlicht am:
Donnerstag, 27. Juli 2017
Gewünschtes Eintrittsdatum:
zum nächstmöglichen Zeitpunkt
Beschäftigungsart:
Feste Anstellung
Standort:
Bochum, London, Chicago
Firmenprofil:

Our business is the exploration, production, refining, trading and distribution of energy. This is what we do, and we do it on a truly global scale. BP operates with business activities and customers in more than 80 countries across six continents. Every day, we serve millions of customers around the world. We are continually looking for talented, committed and ambitious people to help us shape the face of energy for the future. 

BP is one of the three largest energy companies in the world, operating in over 100 countries across 6 continents. Information Technology & Services (IT&S), provides a full range of IT services to BP's global business segments.

IT&S plays a critical role in the delivery of defined world-class operational services that BP businesses can rely upon in support of their own performance. Our specific accountabilities include the delivery of services to specified target levels, including availability, recoverability and cost to the corporation. These services must also be delivered safely and secured against the growing risk of viruses and other security threats. 

We aim to benchmark our performance favorably against a defined peer group of the world's best and intend to deliver our services with professionalism to rival any major business corporation in the world - this is what we mean by being 'World Class'. To achieve this exciting level of performance will require a commensurate level of enthusiasm, commitment and expertise in our people.

Jobbeschreibung:

Digital Security & Risk (DSR) works in partnership with all areas of BP to protect BP’s information, systems, assets and people against current and emerging cyber security & technology risks.

The vision of Digital Security & Risk is to make BP a cyber and technology risk resilient organisation by implementing an effective, agile, risk-based and cost-efficient capability.

The role holder manages the demand for centrally provided information security and IT risk services. They also act as a trusted advisor to Retail Group Leaders and IT&S Directors acting in partnership to ensure that their business areas are secure and that employees and contractors are adopting good cyber security behaviours.

Responsibilities:

  • Accountable for ensuring that information security and IT risks are properly identified, recorded and managed for the Retail Business.
  • Responsible for assessing, managing and reporting on the IT risk in the Retail business.
  • Manage the demand for centrally provided information security and IT risk services. Acting as the Trusted advisor and Subject matter expert to Retail Group Leaders and IT&S Directors
  • Partnering with Business to embed Exellent Cyber Security behaviours to all Retail Staff and contractors
  • Work in Partnership with ISC to deliver a security strategy for Retail sites
  • Lead the Retail teams on Cyber Strategy, ensuring that retails network and Systems is resilient
  • As we move into the next phase of retail including IOT, BPMe, retail site of the future etc, Work with the Business and IT&S directors to ensure that all new innovation maintains security and compliance. Controls are embedded in the right places and able to be monitored and measured.

Key accountabilities

  • Develop and maintain relationships and build trust across stakeholders in IT&S and the Business, supporting Group Leaders in meeting the security requirements of the Group Policy on information & IT systems’ security
  • Accountable for ensuring that information security and IT risks are properly identified, recorded and managed for the Retail Business.
  • Lead the business in identifying, assessing, recording, managing and reporting on the IT risk in the Retail business.
  • Manage the demand for centrally provided information security and IT risk services. Acting as the Trusted advisor and Subject matter expert to Retail Group Leaders and IT&S Directors
  • Partnering with Business to embed Excellent Cyber Security behaviours and awareness Work in Partnership with ICS to deliver a security strategy for Retail sites
  • Manage consistency and quality of risk assurance framework engagements, including triage and managed-service delivered outcomes, for projects, assets and suppliers; manage demand for centrally provided DSR services
  • Review, manage and escalate findings & actions from assurance activities
  • Monitor compliance with specific regulations relevant to the business, using the services of and in conjunction with the DSR Governance Risk & Compliance team
  • Provide access to the whole range of central DSR services and programmes including security incident management
  • Participate in Incident and Problem Management as and when needed
  • Provide Security advice and guidance as and when needed
  • Act as stakeholder / SME on IT&S Projects delivering into retail space

Essential experience and job requirements

Candidates should have a good track record in applying information security and / or IT operational risk knowledge and processes to real-world business problems in a complex, global Retail organisation. This could be based either on a strong background in security methods and / or IT operational risk. It should include experience of applying a formal risk assessment process.
A thorough understanding of both B2B and B2C security in large retail organisation with online presence. Experience in PCI, compliance and changing country specific directives/laws and regulations globally.
Experience in Fleet and Loyalty card system security

Key competencies are:

  • Business Risk Management – Able to apply risk management practices to ensure that information security and IT operational risks are identified and properly managed.
  • Being influential – Gravitas and confidence to drive change. Excellent communications skills including the ability to explain technical issues in business language
  • Information Assurance - Operates as a focus for Information assurance governance expertise for the organisation
  • Working with Autonomy - Ability to deal with a broad set of activities across a broad stakeholder group and manage ambiguity well.

Desirable criteria & qualifications

A good degree in a numerate or scientific discipline is advantageous but not essential.

External accreditation in both security and risk, as recognised by the IT&S Information Security & Risk Profession (e.g. CISM, CISSP, M.Inst.ISP in security, CRISC in risk) is highly desirable; in any event achievement of both such accreditations within 12 months of taking up the role would be expected.

Kontaktinformationen:

Req ID 80819BR

Apply here