Information Security Specialist (Supply Chain Security)

Job summary

Entity:

Technology

Job Family Group:

IT&S Group

Job Description:

You will work with

This is an information security specialist role in the supply chain security team.

The DGRC organisation fosters a culture of transparency, accountability, and trust by promoting good governance, effective risk management, and regulatory compliance. These capabilities help bp balance security with usability, optimize technology investments, and proactively counter cyber threats.

Let me tell you about the role

You will be part of the team that delivers supplier security services (including risk assessments, contract clause reviews, supplier monitoring and tooling). You will work in partnership with procurement and legal to make the business aware of the cyber risk a third-party supplier poses to bp and help them to make informed decisions on whether to progress the relationship with the supplier, and how to monitor and manage this risk throughout the contract lifecycle.

What you will deliver

• Support the end-to-end supplier security assessment process
• Take part in supplier contract negotiations, embedding information security requirements in our agreements
• Deliver action plans to suppliers to drive remediation of existing vulnerabilities as part of monitoring and response capability
• Track remediation actions from assurance reviews to identify and remediate risks and confirm gaps are closed to prevent exposure to cyber threats
• Highlight and deliver continuous improvement initiatives, with a focus on how we can use AI and automation to improve effectiveness and efficiency of supplier assurance processes, technology and measurement
• Build relationships with key digital and business stakeholders

What you will need to be successful (experience and qualifications)

Education

You’ll have a tertiary level education and/or equivalent relevant work experience.

Experience

• Experience in a similar information security role preferably for a large scale organisation
• Hands on experience and knowledge in all areas related to supplier information security and third party cyber risk (assessments, contractual clauses, monitoring and governance)
• Proficient engaging with legal and procurement teams where their input is required.
• Superb communication and presentation skills.
• Well organized, you balance proactive and reactive approaches and multiple priorities to complete tasks on time.

Leadership and EQ:

• Uphold bp's code of conduct and values
• Promote strong team ethics based on doing the right thing
• Able to apply judgment and common sense – you use insight and good judgment to inform actions and respond to situations as they arise
• Naturally look beyond own area to consider the bigger picture and/or perspective of others
• Self-aware and able to recognize and manage your impact on others.
• Cultural fluency – you operate across cultural boundaries with sensitivity.

About bp

bp is a global energy business with a purpose to reimagine energy for people and our planet. We aim to be a very different kind of energy company by 2030, helping the world reach net zero and improving people’s lives. We are committed to creating a diverse and inclusive environment where everyone can thrive. Join bp and become part of the team building our future!

We will ensure that individuals with disabilities are provided reasonable accommodation to participate in the job application or interview process, to perform crucial job functions, and to receive other benefits and privileges of employment. Please contact us to request accommodation.

Travel Requirement

No travel is expected with this role

Relocation Assistance:

This role is not eligible for relocation

Remote Type:

This position is a hybrid of office/remote working

Skills:

Automation system digital security, Client Counseling, Conformance review, Digital Forensics, Incident management, incident investigation and response, Information Assurance, Information Security, Information security behaviour change, Intrusion detection and analysis, Legal and regulatory environment and compliance, Risk Management, Secure development, Security administration, Security architecture, Security evaluation and functionality testing, Solution Architecture, Stakeholder Management, Supplier security management, Technical specialism

Legal Disclaimer:

We are an equal opportunity employer and value diversity at our company. We do not discriminate on the basis of race, religion, color, national origin, sex, gender, gender expression, sexual orientation, age, marital status, socioeconomic status, neurodiversity/neurocognitive functioning, veteran status or disability status. Individuals with an accessibility need may request an adjustment/accommodation related to bp’s recruiting process (e.g., accessing the job application, completing required assessments, participating in telephone screenings or interviews, etc.). If you would like to request an adjustment/accommodation related to the recruitment process, please contact us.

If you are selected for a position and depending upon your role, your employment may be contingent upon adherence to local policy. This may include pre-placement drug screening, medical review of physical fitness for the role, and background checks.