BP

Digital Security GRC Platform Owner

BP$140K — $180K *
Energy & Utilities
8 - 10 years of experience
Job Overview by Ladders

Qualifications

  • 10 years of combined experience in GRC within IT and OT environments
  • Expertise in analytics, metrics, and process development
  • Proficient in technology management
  • Bachelor’s degree in an engineering or technical field
  • Hands-on experience with major GRC platforms (e.g., Archer, ServiceNow, OneTrust)
  • Demonstrated capability in leading cross-functional initiatives
  • Strong analytical and communication skills

Responsibilities

  • Own and enhance the GRC platform ecosystem requirements
  • Design and maintain standardized GRC processes
  • Drive automation and simplification initiatives
  • Serve as the primary decision authority for governance
  • Define levels of control and enforce governance policies
  • Identify conformance reporting requirements
  • Guide cross-functional teams through compliance requirements

Benefits

  • Health, vision, and dental insurance
  • Flexible working schedule
  • Paid time off policy
  • Discretionary annual bonus program
  • Long-term incentive program
  • Generous 401K matching program
Full Job Description

Entity:

Production & Operations


Job Family Group:

IT&S Group


Job Description:

Organization:bpx Energy –Technology/Enterprise Architecture/Digital Security
 

Role Summary

The GRC Platform Owneris responsible forend-to-end ownership and continuous improvement of bpx’sDigital Security Governance, Risk, and Compliance (GRC) processes and platforms. This role ensures governance activities are efficient, scalable, and aligned with enterprise policies, while enabling delivery teams to operate within defined guardrails.

Key Responsibilities

Platform & Process Ownership


- Own and evolve GRC platform ecosystemrequirements(ServiceNow /ADOand supporting tools)
- Design and maintain standardized GRC processes 
- Drive automation and simplification 
 
Governance & Decision Authority 


- Serve as primary decision authority
- Define required level of control 
- Enforce governance policies 

Conformance Reporting


-Identify conformance reporting requirements and recipients
- Deliver conformance reporting, as required 
 
Cross-Functional Leadership 


- Coordinate across Digital Security, EA, delivery teams, procurement
- Guide teams through requirements 
 
Risk Management & Advisory 


-Coordinate the evaluation ofsolutions and vendors for risk
- Provide risk-informed recommendations 
- Provide risk-informed approvals for new systems, integrations, and changes 
 
Product & Backlog Ownership 


- Own GRC backlog and roadmap
- Prioritize enhancements 


Process Definition & Documentation 


- Developand maintainGRC procedures and frameworks
- Ensure clarity and accessibility 
 
Performance & Continuous Improvement 


- Track cycle time and quality metrics
- Drive improvements 

Qualifications & Experience

-Combined10 years' experience(minimum 2 each) in

  • GRC in combinedIT and OTenvironments
  •  Analytics,metricsand processdevelopment
  • Technology management

-Bachelor’s degreein an engineering or technical field

-Hands-on experiencewithat least one major GRC platform (Archer, ServiceNow,OneTrust)
- Demonstrated ability to lead cross-functional initiatives 
- Strong analytical and communication skills 

Key Competencies 

- Process Ownership & Optimization 
- Governance & Risk Management 

- Purdue model technology risk analysis 
- Cross-Functional Leadership 
- Product / Platform Thinking 
- Decision-Making & Accountability 

- AI Governance and Risk Assessment 

- Oil and Gas Industry GRC Experience 

 

Role Positioning 

This role transitions GRC from execution-focused analysis to ownership of the Digital Security GRC capability, including defining processes, owning platforms, and driving scalability and consistency. The role is also critical in the higher-level Technology GRC program as a key support and leadership role for Enterprise Architecture governance 

It will lead 1 to 2 dedicated offshore support resources to grow the platform from its current state (heavily focused on risk assessments) to a mature state with full policy and compliance program documentation review and publishing. 

It will coordinate with Digital Security Engineering for technical cyber security system review and risk assessment, and with Digital Security Data Governance for information protection assurance. 

Salary and Benefits

We offer a reward and wellbeing package to enable your work to fit with your life. These can include, but not limited to, access to health, vision and dental insurance, flexible working schedule, paid time off policy, discretionary annual bonus program, long-term incentive program, and a generous 401K matching program. How much do we pay (Base)? $140,000- $180,000

*Note that the pay range listed for this position is a good faith and reasonable estimate of the range of possible base compensation at the time of posting.


Travel Requirement

Up to 10% travel should be expected with this role


Relocation Assistance:

This role is not eligible for relocation


Remote Type:

This position is a hybrid of office/remote working


Skills:

About BP

BP p.l.c. is a British multinational oil and gas company headquartered in London, England. It is one of the oil and gas "supermajors" and one of the world's largest companies measured by revenues and profits. It is a vertically integrated company operating in all areas of the oil and gas industry, including exploration and extraction, refining, distribution and marketing, power generation, and trading. BP's origins date back to the founding of the Anglo-Persian Oil Company in 1908, established as a subsidiary of Burmah Oil Company to exploit oil discoveries in Iran. In 1935, it became the Anglo-Iranian Oil Company and in 1954, adopted the name British Petroleum. In 1959, the company expanded beyond the Middle East to Alaska. British Petroleum acquired majority control of Standard Oil of Ohio in 1978. Formerly majority state-owned, the British government privatised the company in stages between 1979 and 1987. British Petroleum merged with Amoco in 1998, becoming BP Amoco plc, and acquired ARCO and Burmah Castrol in 2000 and Aral AG in 2002. The company's name was shortened to BP p.l.c. in 2001. From 2003 to 2013, BP was a partner in the TNK-BP joint venture in Russia, and from 2013 until Russia's 2022 invasion of Ukraine, held a nearly 20% stake in Rosneft.
Learn more about BP
Size
65,900 employees
Market Cap
$104.4 billion
Industry
Net Income
-$20.3 billion
Founded
1909
5 Year Trend
-2.9%
Revenue
$180.3 billion
NASDAQ

Similar Jobs

More Jobs at BP

More Energy & Utilities Jobs

Find similar Digital Security GRC Platform Owner jobs: