BP

Digital Security GRC Platform Owner

BP$140K — $180K *
Information Technology
8 - 10 years of experience
Job Overview by Ladders

Qualifications

  • 10+ years of combined experience in GRC for IT and OT environments
  • Proficiency in analytics, metrics, and process development
  • Experience in technology management
  • Bachelor's degree in an engineering or technical field
  • Hands-on experience with GRC platforms like Archer or ServiceNow
  • Proven leadership in cross-functional initiatives
  • Strong analytical and communication skills

Responsibilities

  • Own and evolve GRC platform ecosystem requirements
  • Design and maintain standardized GRC processes
  • Drive automation and simplification initiatives
  • Serve as the primary decision authority for governance
  • Identify conformance reporting requirements and deliver reports
  • Coordinate across Digital Security and delivery teams
  • Manage GRC backlog and prioritize enhancements

Benefits

  • Access to health, vision, and dental insurance
  • Flexible working schedule
  • Paid time off policy
  • Discretionary annual bonus program
  • Long-term incentive program
  • Generous 401K matching program
Full Job Description
Entity:
Production & Operations

Job Family Group:
IT&S Group

Job Description:

Organization: bpx Energy - Technology/Enterprise Architecture/Digital Security

Role Summary

The GRC Platform Owner is responsible for end-to-end ownership and continuous improvement of bpx's Digital Security Governance, Risk, and Compliance (GRC) processes and platforms. This role ensures governance activities are efficient, scalable, and aligned with enterprise policies, while enabling delivery teams to operate within defined guardrails.

Key Responsibilities

Platform & Process Ownership

- Own and evolve GRC platform ecosystem requirements (ServiceNow / ADO and supporting tools)
- Design and maintain standardized GRC processes
- Drive automation and simplification

Governance & Decision Authority

- Serve as primary decision authority
- Define required level of control
- Enforce governance policies

Conformance Reporting

- Identify conformance reporting requirements and recipients
- Deliver conformance reporting, as required

Cross-Functional Leadership

- Coordinate across Digital Security, EA, delivery teams, procurement
- Guide teams through requirements

Risk Management & Advisory

- Coordinate the evaluation of solutions and vendors for risk
- Provide risk-informed recommendations
- Provide risk-informed approvals for new systems, integrations, and changes

Product & Backlog Ownership

- Own GRC backlog and roadmap
- Prioritize enhancements

Process Definition & Documentation

- Develop and maintain GRC procedures and frameworks
- Ensure clarity and accessibility

Performance & Continuous Improvement

- Track cycle time and quality metrics
- Drive improvements

Qualifications & Experience

- Combined 10 years' experience (minimum 2 each) in

  • GRC in combined IT and OT environments


  • Analytics, metrics and process development


  • Technology management


- Bachelor's degree in an engineering or technical field

- Hands-on experience with at least one major GRC platform (Archer, ServiceNow, OneTrust)
- Demonstrated ability to lead cross-functional initiatives
- Strong analytical and communication skills

Key Competencies

- Process Ownership & Optimization
- Governance & Risk Management

- Purdue model technology risk analysis
- Cross-Functional Leadership
- Product / Platform Thinking
- Decision-Making & Accountability

- AI Governance and Risk Assessment

- Oil and Gas Industry GRC Experience

Role Positioning

This role transitions GRC from execution-focused analysis to ownership of the Digital Security GRC capability, including defining processes, owning platforms, and driving scalability and consistency. The role is also critical in the higher-level Technology GRC program as a key support and leadership role for Enterprise Architecture governance

It will lead 1 to 2 dedicated offshore support resources to grow the platform from its current state (heavily focused on risk assessments) to a mature state with full policy and compliance program documentation review and publishing.

It will coordinate with Digital Security Engineering for technical cyber security system review and risk assessment, and with Digital Security Data Governance for information protection assurance.

Salary and Benefits

We offer a reward and wellbeing package to enable your work to fit with your life. These can include, but not limited to, access to health, vision and dental insurance, flexible working schedule, paid time off policy, discretionary annual bonus program, long-term incentive program, and a generous 401K matching program. How much do we pay (Base)? $140,000- $180,000

*Note that the pay range listed for this position is a good faith and reasonable estimate of the range of possible base compensation at the time of posting.

Travel Requirement
Up to 10% travel should be expected with this role

Relocation Assistance:
This role is not eligible for relocation

Remote Type:
This position is a hybrid of office/remote working

Skills:

About BP

BP p.l.c. is a British multinational oil and gas company headquartered in London, England. It is one of the oil and gas "supermajors" and one of the world's largest companies measured by revenues and profits. It is a vertically integrated company operating in all areas of the oil and gas industry, including exploration and extraction, refining, distribution and marketing, power generation, and trading. BP's origins date back to the founding of the Anglo-Persian Oil Company in 1908, established as a subsidiary of Burmah Oil Company to exploit oil discoveries in Iran. In 1935, it became the Anglo-Iranian Oil Company and in 1954, adopted the name British Petroleum. In 1959, the company expanded beyond the Middle East to Alaska. British Petroleum acquired majority control of Standard Oil of Ohio in 1978. Formerly majority state-owned, the British government privatised the company in stages between 1979 and 1987. British Petroleum merged with Amoco in 1998, becoming BP Amoco plc, and acquired ARCO and Burmah Castrol in 2000 and Aral AG in 2002. The company's name was shortened to BP p.l.c. in 2001. From 2003 to 2013, BP was a partner in the TNK-BP joint venture in Russia, and from 2013 until Russia's 2022 invasion of Ukraine, held a nearly 20% stake in Rosneft.
Learn more about BP
Size
65,900 employees
Market Cap
$104.4 billion
Industry
Net Income
-$20.3 billion
Founded
1909
5 Year Trend
-2.9%
Revenue
$180.3 billion
NASDAQ

Similar Jobs

More Jobs at BP

More Information Technology Jobs

Find similar Digital Security GRC Platform Owner jobs: