Information Security Specialist - Supply Chain Security

You will work with

This is an information security specialist role in the supply chain security team.

The DGRC organisation fosters a culture of transparency, accountability, and trust by promoting good governance, effective risk management, and regulatory compliance. These capabilities help bp balance security with usability, optimize technology investments, and proactively counter cyber threats.

Let me tell you about the role

You will be part of the team that delivers supplier security services (including risk assessments, contract clause reviews, supplier monitoring and tooling).

You will work in partnership with procurement and legal to make the business aware of the cyber risk a third-party supplier poses to bp and help them to make informed decisions on whether to progress the relationship with the supplier, and how to monitor and manage this risk throughout the contract lifecycle.

• Support the end-to-end supplier security assessment process
• Take part in supplier contract negotiations, embedding information security requirements in our agreements
• Deliver action plans to suppliers to drive remediation of existing vulnerabilities as part of monitoring and response capability
• Track remediation actions from assurance reviews to identify and remediate risks and confirm gaps are closed to prevent exposure to cyber threats
• Highlight and deliver continuous improvement initiatives, with a focus on how we can use AI and automation to improve effectiveness and efficiency of supplier assurance processes, technology and measurement
• Build relationships with key digital and business stakeholders

• Experience in a similar information security role preferably for a large-scale organisation
• Hands on experience and knowledge in all areas related to supplier information security and third-party cyber risk (assessments, contractual clauses, monitoring and governance)
• Proficient engaging with legal and procurement teams where their input is required.
• Superb communication and presentation skills.
• Well organized, you balance proactive and reactive approaches and multiple priorities to complete tasks on time.

bp is a global energy business with a purpose to reimagine energy for people and our planet. We aim to be a very different kind of energy company by 2030, helping the world reach net zero and improving people's lives. We are committed to creating a diverse and inclusive environment where everyone can thrive. Join bp and become part of the team building our future!

No travel is expected with this role

This role is not eligible for relocation

This position is a hybrid of office/remote working

Automation system digital security, Client Counseling, Conformance review, Digital Forensics, Incident management, incident investigation and response, Information Assurance, Information Security, Information security behaviour change, Intrusion detection and analysis, Legal and regulatory environment and compliance, Risk Management, Secure development, Security administration, Security architecture, Security evaluation and functionality testing, Solution Architecture, Stakeholder Management, Supplier security management, Technical specialism

We are an equal opportunity employer and value diversity at our company. We do not discriminate on the basis of race, religion, color, national origin, sex, gender, gender expression, sexual orientation, age, marital status, socioeconomic status, neurodiversity/neurocognitive functioning, veteran status or disability status. Individuals with an accessibility need may request an adjustment/accommodation related to bp's recruiting process (e.g., accessing the job application, completing required assessments, participating in telephone screenings or interviews, etc.). If you would like to request an adjustment/accommodation related to the recruitment process, please contact us.

If you are selected for a position and depending upon your role, your employment may be contingent upon adherence to local policy. This may include pre-placement drug screening, medical review of physical fitness for the role, and background checks.