Entity:

Technology

Job Family Group:

IT&S Group

Job Description:

Job Description

Our purpose is to deliver energy to the world, today and tomorrow. For over 100 years, bp has focused on discovering, developing, and producing oil and gas in the nations where we operate. We are one of the few companies globally that can provide governments and customers with an integrated energy offering. Delivering our strategy sustainably is fundamental to achieving our ambition to be a net zero company by 2050 or sooner!

You will work with

This team is responsible for safeguarding the company’s digital assets and ensuring robust cyber resilience. They cover various aspects of cybersecurity, including threat and exposure management, security engineering, cyber incident response, security DevOps, and insider threat. Each team has specific responsibilities and areas of focus, collaborating closely with other digital security teams and business units to ensure a cohesive approach to cybersecurity.

Each of these teams collaborates closely with wider digital security teams, technology teams, and various business units to ensure a cohesive and comprehensive approach to cybersecurity.

Let me tell you about the role

This role is responsible for setting the strategic and technical direction for cyber security across the Cyber Threat and Engineering (CTE) portfolio. This includes defining and maintaining portfolio-wide security strategies, technical requirements, and reference architectures that guide the secure design and operation of CTE platforms, products, and services. The team also leads horizon-scanning and innovation efforts to identify new technologies and approaches that can improve bp’s cyber resilience.

What you will deliver

• Architecture authority for Cyber Threat and Engineering (CTE) and Digital Security products and services, including ownership of their Technical Reference Models (TRMs).
• Defining and communicating CTE architecture standards, strategies, and roadmaps across CTE estate.
• Supporting CTE platform and product teams in embedding security into their designs and architectures.
• Horizon-scanning and experimentation with new capabilities and approaches to address bp’s cyber security challenges.
• Leading innovation efforts including proof-of-concepts and technology evaluations.
• Providing architectural oversight and assurance for security-related initiatives.

What you will need to be successful (experience and qualifications)

• Over 10 years of experience in cybersecurity, with at least 4 to 5 years in enterprise security architecture roles. This extensive experience includes creating security strategies, architecture roadmaps, and capability models for global multi-vendor, multi-product security solutions, including cloud and hybrid environments.
• Experience in conducting security assessments and leading all aspects of architecture governance for cloud security, application security, data security, infrastructure & network security capabilities (within complex environments).
• Proven experience with at least one of the following architecture frameworks: SABSA, Zero Trust Architecture, and NIST Cybersecurity Framework. Knowledge of risk, compliance, and security practices ensures that all architectures support secure and reliable engineering and operations.
• Experienced in using agile methodologies and design thinking for digital transformation and architectural innovation.
• Proficiency in conveying complex technical concepts in clear, accessible language suitable for collaborators at all organizational levels.

Plus:

• A degree or equivalent experience in computer science or engineering from a recognized institute is preferred. Certifications like CISSP, CISM, CISA, TOGAF are desirable.
• Exposure to adjacent domains such as enterprise architecture, cloud security, security engineering, secure application development, integration technologies, databases, identity and access management, and master data management is beneficial.
• Knowledge of authentication, access control, encryption, and security for cloud, operating systems, networks, and databases is desirable.

About bp

bp is a global energy business with a purpose to reimagine energy for people and our planet. We aim to be a very different kind of energy company by 2030, helping the world reach net zero and improving people’s lives. We are committed to creating a diverse and inclusive environment where everyone can thrive. Join bp and become part of the team building our future!

We will ensure that individuals with disabilities are provided reasonable accommodation to participate in the job application or interview process, to perform crucial job functions, and to receive other benefits and privileges of employment. Please contact us to request accommodation.

Travel Requirement

Negligible travel should be expected with this roleThis role is not eligible for relocationThis position is a hybrid of office/remote workingConsulting, incident investigation and response, Incident Management, Information Assurance, Information Security, Information security behaviour change, Risk Management, Stakeholder Management, Supplier Relationship Management, Supplier security management

Legal Disclaimer:

We are an equal opportunity employer. We do not discriminate on the basis of protected characteristics like race, religion, color, sex, national origin, sexual orientation, veteran status or disability status. Individuals with an accessibility need may request an adjustment/accommodation related to bp’s recruiting process (e.g., accessing the job application, completing required assessments, participating in telephone screenings or interviews, etc.). If you would like to request an adjustment/accommodation related to the recruitment process, please contact us.

If you are selected for a position and depending upon your role, your employment may be contingent upon adherence to local policy. This may include pre-placement drug screening, medical review of physical fitness for the role, and background checks.