Information Security - Governance Risk and Compliance Specialist

Job Description: We are hiring for an information security professional, specializing in governance risk and compliance. The candidate must have in-depth GRC experience and successfully operated information security and compliance processes in complex and regulated global organizations. In this role you will deliver a set of GRC activities including managing compliance programs and leading remediation to meet regulatory (SOX) and contractual requirements (PCI-DSS, including: Design and lead the delivery of compliance programs for specific areas of business. Supporting the implementation of information security policies and control framework Managing PCI-DSS compliance, the business audit program, and the relationship with PCI QSA Enable compliance with regulatory requirements and required remediation (e.g. SOX, PCI-DSS, CCPA) Support the delivery of business information security certifications (e.g. NIST CSF) Monitor and report on effectiveness of information security policies. Respond to observations identified by auditors, assess and report on their impact to key collaborators. Required Skills and Capabilities Technical skills In-depth knowledge of information security management frameworks (NIST-CSF, CCPA, PCI-DSS, CIS-CSC). Solid understanding of the legal and regulatory landscape, audit and IT controls. Good understanding of enterprise and operational risk management, risk governance and regulatory compliance. Understanding and experience using GRC platforms. Leadership skills Ability to manage and influence senior collaborators. Ability to manage multiple projects simultaneously and meet demanding deadlines. Superb communication and interpersonal skills, with the ability to collaborate with collaborators at all levels and influence outside of management line. Thinking and problem-solving skills - navigates thru complex information, identify root cause(s) and builds a plan. Excellent Initiative and follow through skills – capacity to navigate thru different non-ideal risk scenarios and propose sound plans to improve them; overcomes obstacles and drives problems to a closure. Ability to use technology, data, and insights to enable decision making. Desirable qualifications CISM, CRISC, CISA, PCI - ISA or CISSP Why join us At bp, we support our people to learn and grow in a diverse and exciting environment. We believe that our team is strengthened by diversity. We are committed to fostering an inclusive environment in which everyone is respected and treated fairly. There are many aspects of our employees’ lives that are important, so we offer benefits to enable your work to fit with your life. These benefits can include flexible working options, a generous paid parental leave policy, and excellent retirement benefits, among others! We will ensure that individuals with disabilities are provided reasonable accommodation to participate in the job application or interview process, to perform essential job functions, and to receive other benefits and privileges of employment. Please contact us to request accommodation. Travel Requirement: Up to 10% travel should be expected with this role Relocation Assistance: This role is not eligible for relocation Remote Type: This position is a hybrid of office/remote working Skills: Compliance SOX, Conformance review, Governance Risk and Compliance (GRC) Platforms, Information Assurance, Information Security, IT Governance Risk and Compliance (GRC), Legal and regulatory environment and compliance, PCI DSS Compliance, Risk Management, Stakeholder Management

Salary : $101,000 - $149,000