Cyber Vulnerability Management Lead

Job Family Group:

IT&S Group

Job Description:

BP has embarked on an ambitious plan to modernize and transform using digital technologies to drive efficiency, effectiveness and new business models. As the Operational IS specialist you will be using your advanced technical capabilities, you will influence changes to security processes and procedures, review complex security issues and oversee security risk reduction from identification to implementation. You will see that we follow policies, standards and provide technical expertise to internal and external collaborators. It’s a chance to operate in a dynamic and delivery-focused environment, with the resources of one of the world's most forward-thinking IT departments and leading IT vendors at your fingertips.

The successful candidate in this role will

• Build develop and lead the continuous improvement of security engineering practices and also responsible for the quality of Cyber advice, guidance and standards used across bp.
• Lead and develop the technology & processes for enabling and operating the practice of identifying, classifying, prioritizing, remediating, and mitigating vulnerabilities across bp.
• Work within an agile delivery squad directly interacting with our customers, development teams, business product owners and 3rd party vendors.
• Come with In-depth knowledge and operational support of vulnerability and cyber posture management
• Be part of a dynamic team responsible for identifying, assessing, and managing cyber vulnerabilities across our global infrastructure. This position offers an excellent opportunity for someone with some security experience to grow.

Key Accountabilities

Safety and Compliance: The safety of our people and customers is our highest priority. We will champion a culture of operational safety and ensure our architectures, designs and processes enhance and improve our digital security.

Team Leadership:

• Lead and mentor a team of 6-8 security experts.
• Drive team performance and professional development.
• Foster a culture of continuous learning and innovation.
• Manage team capacity, workload, and project priorities.
• Coordinate with other security teams to ensure aligned security strategies.
• Develop and maintain succession plans for key team roles.
• Lead recruitment and talent development initiatives.

Relationships:

• Develop and implement the strategic roadmap for BP's vulnerability management program.
• Drive continuous improvement in security posture measurement and reporting.
• Lead the integration of security tools and processes across cloud and on-premises environments.
• Build and maintain relationships with senior collaborators across Engineering, Operations, and Business units.
• Manage team budget and resource allocation.
• Define and track key security metrics and key performance indicators for executive reporting.
• Champion security automation and innovation initiatives
• Develop and maintain relationships with collaborators, delivering advanced technical knowledge to support project delivery, collaboratively identify key challenges and ensure that security solutions protect BP against cyber risks.

Technology:

• Architect enterprise-scale vulnerability management solutions - Guide the implementation of advanced security automation - Oversee the integration of security tools into DevSecOps pipelines.
• Lead security tool evaluation and procurement processes.
• Drive adoption of emerging security technologies and standard methodologies
• Provide technical escalation support for complex security issues.
• Review and approve security architecture decisions.

As an IS Engineering Lead on our Security Engineering team you'll get to work with teams who are proactively searching for areas that may be subject to cyber-attack and protecting them. You will be securing bp as it innovates and scales. Protecting its most critical systems and applications in areas such as:

• Operate and maintain vulnerability scanning tools (such as Qualys, Tenable, and Rapid7) across cloud and on-premises environments.

• Advanced Security Tools
  • Enterprise vulnerability management platforms
  • Cloud security posture management (CSPM)
  • Security orchestration and automation (SOAR)
  • Cloud native security platforms

• Leadership Competencies
  • Critical thinking and planning.
  • Team building and mentorship.
  • Collaborator management.
  • Budget management.
  • Risk management.
  • Change Management.
  • Vendor relationship management.

• Innovation Leadership
  • Research and evaluate emerging security technologies.
  • Drive adoption of new security tools and methodologies.
  • Lead proof-of-concept initiatives.
  • Develop innovative solutions for complex security challenges.
  • Guide the team's research and development efforts.

• Business Impact
  • Reduce mean time to remediate vulnerabilities.
  • Improve security visibility across the organization.
  • Enhance security automation and efficiency.
  • Drive cost optimization in security operations.
  • Demonstrate security value through metrics and reporting.
  • Reduce security risk through proactive measures.

Essential Experience and Job Requirements

• A solid understanding of information and cyber security principles and standard methodologies.
• Professional and technical security certifications such as CISSP, CISM, GEVA, CEH, OSCP or equivalent are a plus.
• Minimum of 5 years of experience in Information Security, Vulnerability management or Threat management area.
• Principles, methods, and tools for assessing vulnerabilities and developing, or recommending, appropriate mitigation countermeasures.
• Experience with two or more of the following security technologies/areas: Security Information and Event Management (SIEM), Intrusion Prevention or Detection System (IPS/IDS), Email Security Gateways, Web Security Gateways, Multi-Factor Authentication (MFA) Systems (MFA), Endpoint Protection, Endpoint Detection and Response (EDR), Security Orchestration Automation and Response (SOAR), Firewalls, Vulnerability Scanners
• Foundational knowledge of security frameworks such as CIS CSC, NIST CSF, NIST 800-53, ISO 27001, etc.
• Foundational knowledge of security standards, industry laws, and regulations such as Payment Card Industry Data Security Standards (PCI-DSS), General Data Protection Regulation (GDPR), California Consumer Privacy Act (CCPA) and Sarbanes-Oxley (SOX)
• Working knowledge of vulnerability management tools (Qualys, Rapid7 Tenable, or similar)
• Configure/maintain/tune and implement vulnerability management tools to perform weekly vulnerability scans and determine at-risk endpoints (computers, servers, infrastructure, network hardware, etc.).
• Plan and work with IT Teams to remediate identified vulnerabilities Participate in table-top exercises to test security breach scenarios and recommend updates to VM policies/practices/tools to limit the attack surface
• Recommend controls to support the security policies
• Uncover weaknesses in the environment and/or configuration, detail the risk associated with each, and propose resolutions.
• Keep informed regarding pending industry changes, trends, and best practices and assess the potential impact of these changes on organizational processes.
• Contribute to the creation, improvement, and maintenance of information security policies, standards, and control procedures especially as it relates to vulnerability and threat management.
• Maintain, track and report vulnerabilities and threats, including creation and management of relevant metrics for vulnerability and Threat management team.
• Assesses performance of applications across all components to identify potential vulnerabilities or threats; assists developers and infrastructure support staff with planning and implementing security countermeasures.
• Stay ahead of the global threat landscape and the technologies used to defend the organization.
• Work with the technical security team to provide guidance on internal/external assessments and audits as needed.
• Advise senior leadership by identifying critical security issues and recommending risk-reduction solutions.

Technical capability

Essential:

• Incident Management
• Information Security
• Problem Management
• Relationship Management
• Security Administration

• Vulnerability Management
  • Vulnerability scanning, prioritization and assessment
  • Risk prioritization
  • Remediation tracking
  • Patch management concepts

• Cloud Security
  • Basic AWS/Azure security controls
  • Cloud vulnerability scanning
  • Security group management
  • Identity and access management (IAM)

• Security Tools & Automation
  • REST API integration
  • Basic scripting and automation
  • Security tool administration
  • Dashboard creation and reporting

Why join us?

At bp, we provide an excellent working environment and employee benefits such as an open and inclusive culture, a great work-life balance, tremendous learning and development opportunities to craft your career path, life and health insurance, medical care package and many others.

We support our people to learn and grow in a diverse and exciting environment. We believe that our team is strengthened by diversity. We are committed to crafting an inclusive environment in which everyone is respected and treated fairly.

There are many aspects of our employees’ lives that are significant, so we offer benefits to enable your work to fit with your life. These benefits can include flexible working options, collaboration spaces in a modern office environment, and others benefits.

Reinvent your career as you help our business meet the challenges of the future. Apply now!

Travel Requirement:

Up to 10% travel should be expected with this role

Relocation Assistance:

This role is not eligible for relocation

Remote Type:

This position is a hybrid of office/remote working

Skills:

Automation system digital security, Automation system digital security, Client Counseling, Collaborative Leadership, Conformance review, Digital Forensics, Incident management, incident investigation and response, Information Assurance, Information Security, Information security behaviour change, Intrusion detection and analysis, Legal and regulatory environment and compliance, Risk Management, Safety Compliance, Secure development, Security administration, Security architecture, Security evaluation and functionality testing, Security Management, Security Risk, Security Vulnerability Assessments, Solution Architecture, Stakeholder Management, Supplier security management, Technical specialism {+ 2 more}

​
Legal Disclaimer:

We are an equal opportunity employer and value diversity at our company. We do not discriminate on the basis of race, religion, color, national origin, sex, gender, gender expression, sexual orientation, age, marital status, socioeconomic status, neurodiversity/neurocognitive functioning, veteran status or disability status. Individuals with an accessibility need may request an adjustment/accommodation related to bp’s recruiting process (e.g., accessing the job application, completing required assessments, participating in telephone screenings or interviews, etc.). If you would like to request an adjustment/accommodation related to the recruitment process, please contact us.

If you are selected for a position and depending upon your role, your employment may be contingent upon adherence to local policy. This may include pre-placement drug screening, medical review of physical fitness for the role, and background checks.