Information Security Specialist null

Privacy Engineering Duties

• Develop and implement solutions to ensure privacy policies are accurately implemented. The implementations should advance compliance with legal forms of data use as well as support business use of data.
• Work to align advanced technologies and Privacy by Design principles from the first stages of development and ensure that the customer data used meet established regulatory compliance needs.
• Collaborate with the platform engineering & DevOps team, to ensure that their design, data collection and usage practices are transparent and employ privacy features.
• Collaborate with usability team to ensure user-facing privacy controls are usable.
• Interacting with internal stakeholders including product development teams, legal, compliance, governance, digital security and data protection teams.
• Identify areas for improvement in managing data privacy include – technical solutions & systems to mitigate privacy vulnerabilities and prevent potential future privacy risks; and security & process controls to strengthen the digital trust of customers towards bp’s brands.
• Enable the business to be data-driven while protecting the data assets & customer identities.
• Use data anonymization, pseudonymization and encryption to develop systems that preserve and improve privacy protections.
• Guide the development of new privacy products and features.
• Performs regular privacy assessments of operational processes, identifying, and mitigating risks across the portfolio through effective tools, training, and guidance.

Security Engineering Duties

• Provides technical expertise in support of information security & risk activities for the Digital Customer Identity & Protection portfolio.
• Craft and deliver secure solutions to projects and products across the bp environment. You will manage the implementation and application of relevant security operating processes and procedures.
• Collaborate with other extended teams to operate investigations and incident response processes and provide a consistent response to cyber-based malicious activity/incidents for the digital customer identity portfolio.
• Own the security events incident management process including continuously identifying threat vectors, generating alert criteria, implementing into the security monitoring tool & operationalizing processes for reacting to alerts.
• Monitor system logs, security dashboards, and other security tools for unusual or suspicious activity, with an aim to automate newly detected scenarios.
• Customer Identity Analytics
• Function as product owner for the Customer Identity Analytics solution, working with stakeholders to define new business & security requirements, for implementation by the Identity Analytics team.

Education & Experience

• BS or MS degree in computer science, computer engineering, information systems, privacy engineering or equivalent work experience. CIPT certification or equivalent, security or privacy certifications would be beneficial
• Experience in Privacy Engineering, Security Engineering and Digital Trust concepts in relation to Identity
• Understanding of Identity & Access Management, ideally Customer IAM
• Superb communication skills (verbal and written), ability to influence without authority.
• Demonstrated teamwork and collaboration skills, in particular in leading or contributing to global and multi-functional teams. You will manage third-party service providers that are helping to deliver related projects as the need arises.
• Develops positive relationships with other team members to drive privacy, security and innovation initiatives, and advise on information security and risks.
• Demonstrates adaptability & flexibility to respond to changing priorities, ideas & challenges.