Entity: Production & Operations
Job Family Group: IT&S Group
Job Description: Organization: bpx Energy - Technology/Enterprise Architecture/Digital Security
Role SummaryThe GRC Platform Owner is responsible for end-to-end ownership and continuous improvement of bpx's Digital Security Governance, Risk, and Compliance (GRC) processes and platforms. This role ensures governance activities are efficient, scalable, and aligned with enterprise policies, while enabling delivery teams to operate within defined guardrails.
Key Responsibilities Platform & Process Ownership - Own and evolve GRC platform ecosystem requirements (ServiceNow / ADO and supporting tools)
- Design and maintain standardized GRC processes
- Drive automation and simplification
Governance & Decision Authority - Serve as primary decision authority
- Define required level of control
- Enforce governance policies
Conformance Reporting - Identify conformance reporting requirements and recipients
- Deliver conformance reporting, as required
Cross-Functional Leadership - Coordinate across Digital Security, EA, delivery teams, procurement
- Guide teams through requirements
Risk Management & Advisory - Coordinate the evaluation of solutions and vendors for risk
- Provide risk-informed recommendations
- Provide risk-informed approvals for new systems, integrations, and changes
Product & Backlog Ownership - Own GRC backlog and roadmap
- Prioritize enhancements
Process Definition & Documentation - Develop and maintain GRC procedures and frameworks
- Ensure clarity and accessibility
Performance & Continuous Improvement - Track cycle time and quality metrics
- Drive improvements
Qualifications & Experience - Combined 10 years' experience (minimum 2 each) in
- GRC in combined IT and OT environments
- Analytics, metrics and process development
- Bachelor's degree in an engineering or technical field
- Hands-on experience with at least one major GRC platform (Archer, ServiceNow, OneTrust)
- Demonstrated ability to lead cross-functional initiatives
- Strong analytical and communication skills
Key Competencies - Process Ownership & Optimization
- Governance & Risk Management
- Purdue model technology risk analysis
- Cross-Functional Leadership
- Product / Platform Thinking
- Decision-Making & Accountability
- AI Governance and Risk Assessment
- Oil and Gas Industry GRC Experience
Role Positioning This role transitions GRC from execution-focused analysis to ownership of the Digital Security GRC capability, including defining processes, owning platforms, and driving scalability and consistency. The role is also critical in the higher-level Technology GRC program as a key support and leadership role for Enterprise Architecture governance
It will lead 1 to 2 dedicated offshore support resources to grow the platform from its current state (heavily focused on risk assessments) to a mature state with full policy and compliance program documentation review and publishing.
It will coordinate with Digital Security Engineering for technical cyber security system review and risk assessment, and with Digital Security Data Governance for information protection assurance.
Salary and BenefitsWe offer a reward and wellbeing package to enable your work to fit with your life. These can include, but not limited to, access to health, vision and dental insurance, flexible working schedule, paid time off policy, discretionary annual bonus program, long-term incentive program, and a generous 401K matching program. How much do we pay (Base)? $140,000- $180,000
*Note that the pay range listed for this position is a good faith and reasonable estimate of the range of possible base compensation at the time of posting.
Travel RequirementUp to 10% travel should be expected with this role
Relocation Assistance:This role is not eligible for relocation
Remote Type:This position is a hybrid of office/remote working
Skills: