Senior Security & Compliance Engineer (SoD & AVM)

You will work as a Senior Security & Compliance Engineer (SoD & AVM) at bp, bringing deep specialist expertise to the organization. You will be familiar with lifecycle methods, Agile delivery, and DevOps practices, and you will apply Site Reliability Engineering to delivery and operations as part of multi-disciplinary squads. You will lead efforts to implement Segregation of Duties (SoD) and Access Violation Management (AVM) controls across bp’s identity and access management ecosystem, collaborating with Compliance Assurance, Application Security Reviewers, auditors, and governance stakeholders to ensure robust GRC alignment. You will help define and implement automated controls, monitor violations, and support audit readiness to strengthen bp’s compliance posture while enabling secure operations.

Let me tell you about the role

As a Senior SoD and AVM Engineer within the Identity and Access Management (IAM) team, you will deliver and govern access security and compliance capabilities for bp’s core SAP ERP landscape — including ECC, S/4HANA, HANA, SAP Ariba, SAP Fieldglass, SAP Analytics Cloud and SAP Fiori. You will collaborate with stakeholders to define the vision, roadmap, and product strategy for access control across these platforms and work with a team of Enterprise Technology Engineers and Software Engineers to resolve complex challenges and develop scalable, secure access models across bp applications.

A key part of your responsibilities includes supporting and delivering solutions within bp Identity Governance and Administration (IGA) — covering access control, enterprise role design, access recertification, and implementation of SoD policies and AVM controls to ensure compliance and mitigate risk. This is a hands-on technical role that offers the opportunity to deepen expertise in identity, access management, automation, and multi-cloud platforms. You will gain exposure to new technologies, automation frameworks, and modern engineering practices while solving problems that accelerate bp’s digital transformation journey. Your work will strengthen operational security, improve efficiency, and ensure robust GRC compliance through proactive SoD and AVM monitoring.

What you will deliver

Design, Develop, Implement and lead solutions for SOD monitoring that measure simulated SoD’s as well as actual SoD’s. Enhance the integration of SOD solutions with bp’s Identity & Governance solutions. Review and design SOD violation rulesets across SAP and non-SAP environments. Ensure security baseline controls design aligns with global standards within project constraints for SoD. Define and ensure business and technical teams understand end-to-end processes around segregation of duties and the compliance requirements and controls that form around this area. Design and management of technical mitigations and remediation where necessary. Coordinate with internal and external audit teams to ensure relevant information is provided and any audit deficiencies are managed in line with bp policies. Work with control teams to define and design relevant risks that need to be managed. Ensure guidance is provided to operational teams around operating bp’s compliance solutions in the most optimum way. Ensure relevant communications and knowledge transfer across compliance and SoD activities is conducted in a timely manner across bp communities.

What you will need to be successful (experience and qualifications)

Experience in leading SoD’s and violation risks across multiple applications. Good working knowledge of Agile and Waterfall delivery methodologies. Competent in working across complex Identity & Access Management processes and designs. Deep identity and compliance knowledge across a multitude of business applications. Knowledge of Identity Governance and Assurance solutions such as SAP GRC, SAP AVM, SNOW, IRM, Saviynt, etc. Experience in working with compliance and audit controls including SOX. Experience in medium/large-scale project implementation cycles. Strong team player who embraces bp’s core values and behaviours, with excellent verbal and written communication skills and strong interpersonal skills. Proficiency in documentation, process analysis, design, requirement gathering, and impact analysis. Demonstrable knowledge of modern Service Delivery methods—from Site Reliability Engineering to ITIL and product-based delivery. Ability to operate across complex business environments and stakeholders up to senior executive level.

Essential skills

Deep understanding of Cloud Technologies and the broader IAM landscape, with strong expertise in Governance, Risk, and Compliance frameworks, including SoD and AVM. Proven experience in operational application support, ensuring stability and efficiency. Strong capabilities in performance management and supplier/vendor management, plus outstanding interpersonal skills. Exceptional interpersonal and communication skills, with the ability to collaborate across teams and stakeholders.

Skills that set you apart

CISSP certification—demonstrates advanced knowledge of security principles, risk management, and compliance frameworks essential for implementing SoD and AVM controls. AWS / Azure certifications—validates cloud security and identity governance expertise for enforcing SoD policies and AVM monitoring in cloud environments.

About bp

Our purpose is to deliver energy to the world, today and tomorrow. For over 100 years, bp has focused on discovering, developing, and producing oil and gas. We aim to be a net zero company by 2050 or sooner and are committed to diversity, inclusion, and a flexible work environment. We provide accommodations for applicants with disabilities upon request.

What we offer

We offer a generous salary package including an annual bonus program and individual performance-based incentives, additional EPF contributions totaling 15%, excellent work-life balance and flexible working arrangements, a collaborative environment, ongoing career development opportunities, and 16 weeks of paid parental leave (4 weeks partner leave). Travel is not required for this role. This position is hybrid (office/remote).

Relocation and remote

This role is not eligible for relocation. Remote type: hybrid of office/remote working.

Legal disclaimer

We are an equal opportunity employer and value diversity. We do not discriminate on the basis of race, religion, color, national origin, sexual orientation, gender, gender identity, age, marital status, socioeconomic status, neurodiversity, veteran status or disability. Individuals with accessibility needs may request adjustments related to bp’s recruiting process. If selected for a position, employment may be contingent upon local policy, including pre-placement checks.