Principal Information Security OfficerUnited States - Texas - Houston
Job profile summary:
BP has embarked on an ambitious plan, to drive efficiency and new business models, by using digital technologies. As the Principal Information Security Officer, you will be responsible for managing a large team to deliver information security and cyber risk activities for Information Security (BIS).
You will use highly advanced technical capabilities to contribute to strategic development by defining and implementing processes and procedures. This will involve resolving complex, high-risk security issues, evaluating and amending solutions, and developing trusted relationships that improve the knowledge and capability within Information Security (BIS).
At IT&S, all the roles are within Chapters. While your role will continue to remain within the Chapter, your initial activities described below may change over time.
Providing guidance and support to front-line business personnel during a cyber incident is a core accountability of this Information Security Officer Lead role, including:
- Participating as cyber representative on incident management teams and serving as the primary interface into the SOC/CERT teams;
- Assessing business impacts, whether safety, reputational, regulatory, or commercial in nature;
- Driving local mitigation approaches, where appropriate;
- Providing technical advice on any breach or other regulatory notification, in support of the BP legal team;
- Supporting the return to normal operations in a cyber secure manner; and
- Driving adoption of cyber improvements, as a result of lessons learnt from previous incident responses.
- Liaising with other supporting functions such as Legal, Communications, Business Integrity and Procurement
- Assess and manage the role of suppliers in the incident response, using commercial experience to effectively assess what information should be shared, and what should be kept confidential
- Mitigating both the immediate impact and managing the risk of recurrence
Team: As a high-performing manager, you will effectively guide people and support those working in our cross-functional teams. You will help teams deliver the most agile and commercially cost-effective solutions. A true leader, you will delegate, motivate and be hands-on, alongside your team.
Relationships: You will act as a point of contact for all areas of information security within your accountability. You will develop and maintain a series of internal and external stakeholder relationships, delivering advanced technical knowledge to support project delivery. You will collaborate with others to identify challenges within our Cyber landscape -and ensure security solutions successfully protect BP against cyber risks. You will influence and inspire change in a positive and impactful way.
Security: You will provide highly advanced input and expertise to support the practices and processes for Information Security (BIS) across your area of responsibility. You will ensure all relevant standards are defined, maintained and implemented. You will be the go-to person for teams dealing with information security in their segment/functions. You will drive the implementation and application of relevant operating processes and procedures, and ensure all activities adhere to the relevant standards.
Technology: You will build awareness of internal and external technology developments, managing the delivery of process and system improvement. You will identify and implement continuous improvement plans for Information Security (BIS) and ensure the best practices are shared across the team.
Safety and Compliance: The safety of our people and customers is our highest priority. You will champion a culture of operational safety and ensure our architectures, designs and processes enhance and improve our digital security.
- You’ll have a tertiary level education and/or equivalent relevant work experience.
- Business Risk Management (BURM)
- Consultancy (CNSL)
- Information Assurance (INAS)
- Information Management (IRMG)
- Information security (SCTY)
- Relationship Management (RLMT)
- You have extensive relevant experience in either an internal or external information security and risk role, or similar.
- You have highly advanced technical knowledge in assigned specialism.
- You have highly advanced technical knowledge and experience in security solution development and risk identification.
- You can provide technical advice in developing relevant security processes, policies and frameworks for the specialism.
- You have great experience in leadership and stakeholder management.
Leadership and EQ:
- Within your team(s), you notice morale levels and work to positively influence this.
- You always empower people – encouraging positive team morale and ensuring that every team member with expertise has the power to make decisions, at the lowest possible level.
- You always get the basics right, from quality development conversations to recognition and ongoing performance feedback. You can develop, coach, mentor and inspire others.
- You comply with BP's Code of Conduct and ensure your team does too. You also demonstrate strong leadership of BP's Leadership Expectations and Values & Behaviours.
- You create an environment where people listen and can speak openly about the good, the bad, and the ugly, so that everyone can understand and learn.
- You promote a culture of change and agility, evolve continuously, adapting to our changing world.
- You work across organizational boundaries and build high quality, trust-based relationships with leaders and employees within IT&S & the wider BP, applying cultural sensitivity.
- You are self-aware and able to recognize and manage your impact on others.
- You apply judgment and common sense at scale.
- Cultural fluency – you operate across cultural boundaries with sensitivity.
We are a global energy business involved in every aspect of the energy system. We have 75,000 employees in 80 countries, working towards delivering light, heat and mobility to millions of people, every day. We are one of the very few companies equipped to solve some of the big complex challenges that matter for the future. We have a real contribution to make to the world's ambition of a low carbon future. Join us, and be part of what we can accomplish together.