Supplier Cyber Risk Specialist

Job Description

Entity: Innovation & Engineering Job Family Group: IT&S Group Job Summary: The Business Partner Security (BPS) team sits within the Cyber Behaviours and Risk portfolio in Digital Security, which is part of the Innovation and Engineering entity in bp. We are looking for a Business Partner Security Specialist to join our team with a focus on supplier information security and third party risk management. The BPS team provides supplier cyber risk assessments and contract mediation support to procurement forthe information security requirements in the contracting process. The team also provides training and awareness, and governance for business partner security. Job profile summaryAs part of this Business Partner Security focussed role:

• You will lead and supervise the end-to-end supplier security assessment process
• You will take part in supplier contract negotiations, embedding information security requirements in our agreements
• You will deliver action plans to suppliers to drive remediation of existing vulnerabilities as part of monitoring and response capability
• You will supervise remediation actions from assurance reviews to identify and remediate risks and confirm gaps are closed to prevent exposure to cyber threats
• Put forward recommendations to the continuous improvement of supplier assurance procedures, guidelines, framework to help perform supplier security assurance in a consistent and quality manner.
• You will establish relationships and lead partner engagements across the various bp businesses.

We expect the individual to be an excellent teammate and have good experience in handling supplier assessment processes, working with procurement and legal through contract negotiations, using various GRC tools, and collaborating with partners.Key responsibilitiesRelationships: You will remain aware of evolving cyber security risks and trends by forming relationships with team members both inside and outside of BP, and through external research. You will assist the continuous development and awareness of supplierassurance processes by leading partner training or awareness campaigns and proactively improving the quality standards and efficiency of delivery processes. The ability to drive and inspire change in a positive, impactful way within varied environments willbe a key skill required for this role.Governance: You will bring technical expertise in support of supplier assurance assessments and supervise the delivery of a series of assessment activities. You will be involved in contracting process with procurement and legal to ensure the rightlevel of cyber clauses and assurance is in place to support the contracting process. Facilitating the delivery of a programme of activities as agreed with leadership will be one of your main tasks. You will provide oversight in the context of supplier cybersecurity activities, identifying areas of risk and making appropriate recommendations.Technology: You have a passion for understanding and learning. You will bring good hands-on skills in key technologies, and an ability to rapidly assess and identify the potential of new technologies with a commercial mentality. You bring a keen curiosityabout new technologies and a desire to help craft our digital visionEducation

• Ideally, you will have information security or risk industry accreditation (e.g., CISSP, CISM, CRIC) or membership of a professional body (e.g., IISP).

Experience and Job Requirements

• Proficiency in all areas related to supplier information security and third party cyber risk (assessments, contractual clauses, vulnerability monitoring and governance)
• Experience of supplier risk assessment across multiple supplier types and services.
• Experience with third party vulnerability monitoring tools.
• You will bring hands on experience and knowledge of supplier risk and assurance.
• You will be involved in supplier contract reviews and redlining activity in relation to cyber security clauses, engaging with legal and procurement where their input is required.
• You are an effective teammate, looking beyond your own area/organizational boundaries to consider the bigger picture and/or perspective of others, while understanding cultural differences.
• Superb communication and presentation skills.
• Ability to influence across a variety of partners and resolve disagreements
• Well organized, you balance proactive and reactive approaches and multiple priorities to complete tasks on time.
• You apply judgment and common sense – you use insight and good judgment to advise actions and respond to situations as they arise.
• You follow bps Code of Conduct and demonstrate strong leadership through bps Leadership Expectations and Values & Behaviours.

Travel Requirement Negligible travel should be expected with this role Relocation Assistance: This role is not eligible for relocation Remote Type: This position is a hybrid of office/remote working Skills: Automation system digital security, Conformance review, Consulting, Digital Forensics, Incident management, incident investigation and response, Information Assurance, Information Security, Information security behaviour change, Intrusion detection and analysis,Legal and regulatory environment and compliance, Risk Management, Secure development, Security administration, Security architecture, Security evaluation and functionality testing, Solution Architecture, Stakeholder Management, Supplier security management,Technical specialism Legal Disclaimer:We are an equal opportunity employer and value diversity at our company. We do not discriminate on the basis of race, religion, color, national origin, sex, gender, gender expression, sexual orientation, age, marital status, socioeconomic status, neurodiversity/neurocognitivefunctioning, veteran status or disability status.Individuals with disabilities may request a reasonable accommodation related to bp’s recruiting process (e.g., accessing the job application, completing required assessments, participating in telephone screeningsor interviews, etc.). If you would like to request an accommodation related to the recruitment process, pleasecontact usto request accommodations. If you are selected for a position and depending upon your role, your employment may be contingent upon adherence to local polic