Information Security - Governance Risk and Compliance Specialist

Job Family Group: IT&S Group Job Description: We are hiring for an information security professional, specializing in governance risk and compliance. The candidate must have in-depth GRC experience and successfully operated information security and compliance processes in complex and regulated global organizations. In this role you will deliver a set of GRC activities including managing compliance programs and leading remediation to meet regulatory (SOX) and contractual requirements (PCI-DSS, including: Design and lead the delivery of compliance programs for specific areas of business. Supporting the implementation of information security policies and control framework Managing PCI-DSS compliance, the business audit program, and the relationship with PCI QSA Enable compliance with regulatory requirements and required remediation (e.g. SOX, PCI-DSS, CCPA) Support the delivery of business information security certifications (e.g. NIST CSF) Monitor and report on effectiveness of information security policies. Respond to observations identified by auditors, assess and report on their impact to key collaborators. Required Skills and Capabilities Technical skills In-depth knowledge of information security management frameworks (NIST-CSF, CCPA, PCI-DSS, CIS-CSC). Solid understanding of the legal and regulatory landscape, audit and IT controls. Good understanding of enterprise and operational risk management, risk governance and regulatory compliance. Understanding and experience using GRC platforms. Leadership skills Ability to manage and influence senior collaborators. Ability to manage multiple projects simultaneously and meet demanding deadlines. Superb communication and interpersonal skills, with the ability to collaborate with collaborators at all levels and influence outside of management line. Thinking and problem-solving skills - navigates thru complex information, identify root cause(s) and builds a plan. Excellent Initiative and follow through skills – capacity to navigate thru different non-ideal risk scenarios and propose sound plans to improve them; overcomes obstacles and drives problems to a closure. Ability to use technology, data, and insights to enable decision making. Desirable qualifications CISM, CRISC, CISA, PCI - ISA or CISSP Why join us At bp, we support our people to learn and grow in a diverse and exciting environment. We believe that our team is strengthened by diversity. We are committed to fostering an inclusive environment in which everyone is respected and treated fairly. There are many aspects of our employees’ lives that are important, so we offer benefits to enable your work to fit with your life. These benefits can include flexible working options, a generous paid parental leave policy, and excellent retirement benefits, among others We will ensure that individuals with disabilities are provided reasonable accommodation to participate in the job application or interview process, to perform essential job functions, and to receive other benefits and privileges of employment. Please contact us to request accommodation. Travel Requirement: Up to 10% travel should be expected with this role Relocation Assistance: This role is not eligible for relocation Remote Type: This position is a hybrid of office/remote working Skills: Compliance SOX, Conformance review, Governance Risk and Compliance (GRC) Platforms, Information Assurance, Information Security, IT Governance Risk and Compliance (GRC), Legal and regulatory environment and compliance, PCI DSS Compliance, Risk Management, Stakeholder Management ​ Legal Disclaimer: We are an equal opportunity employer and value diversity at our company. We do not discriminate on the basis of race, religion, color, national origin, sex, gender, gender expression, sexual orientation, age, marital status, socioeconomic status, neurodiversity/neurocognitive functioning, veteran status or disability status. Individuals with an accessibility need may request an adjustment/accommodation related to bp’s recruiting process (e.g., accessing the job application, completing required assessments, participating in telephone screenings or interviews, etc.). If you would like to request an adjustment/accommodation related to the recruitment process, please contact us . If you are selected for a position and depending upon your role, your employment may be contingent upon adherence to local policy. This may include pre-placement drug screening, medical review of physical fitness for the role, and background checks.