Information Security Engineering Lead

Job Description

Entity: Innovation & Engineering Job Family Group: IT&S Group bp is transforming from an International Oil Company (IOC) to an International Energy Company (IEC); bp are looking for the brightest digital specialists to help drive the innovation that bp and the world need to get to net zero.Are you excited by identifying and designing security solutions that make bp a cyber resilient organisation The Information Security team builds bp’s information security products and delivery, and implementation plans to ensure we can rapidly detect, respond,and protect ourselves from cyber-attacks, and that we can quickly and effectively lead any impacts. We solve some of the world’s biggest problems by designing effective cyber security products and work with our teams to uphold our global standards and drivealignment to our operating processes and procedures.We’re looking for curious minds who are driven by opportunities to create and deliver an exciting suite of digital products and services to advance the global energy transition.Do you seek to explore, experiment, and excel Put your interest in solving complex business challenges with pioneering digital solutions to work, whilst collaborating and co-innovating globally. Be known for your delivery excellence to simplify the complex,strengthening bp’s digital foundation. Above all, you’ll be backed by a culture that encourages creativity and curiosity to learn and grow, coupled with a team that cares about you and brings the best out in each other. Let’s hear from you.Role SynopsisBP has embarked on an ambitious plan to modernize and transform using digital technologies to drive efficiency, effectiveness, and new business models. As the IS Engineering Lead, you will be responsible for delivering information security and risk activities.Using sophisticated technical capabilities, you will lead changes to security processes and procedures, review complex security issues and oversee security solutions from identification to implementation.You will see that we follow policies, standards and best practices and provide technical expertise to internal and external collaborators. It’s a chance to operate in a dynamic and delivery-focused environment, with the resources of one of the worlds mostforward-thinking IT departments and leading IT vendors at your fingertips.

• Security Engineering Lead builds, develop and lead the continuous improvement of security engineering practises and responsible for the quality of Cyber advice, guidance and standards used across bp.
• The successful candidate is a SME in the AWS Security Engineering space and is responsible for architecting and maintaining multiple AWS Products and their automation deployments.
• You will work within an agile delivery squad directly contacting our customers, development teams, business product owners and 3rd party vendors.
• In depth knowledge of CI/CD process, Experience of automation and development tooling such ADO, GIT, Code pipeline and ability to learn other tools

Key Accountabilities

• Team:You will provide advanced technical expertise to support information security and risk activities specific to your specialism. This could involve designing and developing security solutions to work across BP IT environments that are consistentwith current policy; running investigations and incident response processes and providing a consistent response to cyber-based malicious activity; and acting as a collaborator with various teams dealing with information security in their segment/functionsetc. You will drive the implementation and application of relevant operating processes and procedures, and ensure all activities follow relevant standards. You will also manage outreach for the wider Security Engineering Function to support them in Technologyadoption.
• Relationships: You will develop and maintain relationships with partners, delivering advanced technical knowledge to support project delivery, collaboratively identify key challenges and ensure that security solutions protect BP against cyber risks.As a senior professional, you will provide informal mentoring/training to junior members of the team. You will also work across Security Engineering & Enterprise AliCloud Squads and other teams to align and optimize activities and provide backup as vital forincidents and projects. We’ll expect you to supervise ordering process for solutions and align with yearly budget by working with finance support.
• Technology:You will build awareness of internal and external technology developments, managing the delivery of process and system improvements, identifying, and implementing continuous improvement plans for the specialism and ensuring best practiceis shared across the team.
• Safety and Compliance:The safety of our people and customers is our highest priority. We will champion a culture of operational safety and ensure our architectures, designs and processes enhance and improve our digital security.

People Manager Expectations:

• Provide ongoing feedback to your employee tree, both formally and informally, with the aim of supporting their performance and development within the Chapter.
• Coach and mentor to help build domain experience among peers.
• Be responsible for Chapter member’s personal development and the management of performance evaluations.
• Contribute to relevant supply and demand conversations, to adequately staff squads with appropriately skilled employees.
• Assess candidates as part of the Talent Acquisition process, interviewing to identify future I&E digital talent.
• Sharing knowledge (cross-pollination) between Chapter members that can be utilised by various Squads.

Desirable Education

• BSc in Information Security or similar

Desirable Experience and CapabilityYears of experience:8-10 years, with a minimum of 5 years of relevant experience.Required Criteria / Experience

Architect technical solutions within AWS platform to improve the overall security posture.

Develop and deploy security solutions using terraform and other languages to automate the security capability within the platform using automation.

Provide guidance and advice to the overall platform and customers regarding security risks by performing regular risk assessments, threat modelling and security testing.Develop Security knowledge base by publishing AWS security standards, architectu