Grc Specialist

**Job Title**: GRC Specialist - Business Partner Security

**Location**: Sunbury-on-Thames (hybrid)

**Industry**: Oil and Energy

**Contract**: End of Dec 2023

Engagement via Umbrella company (Inside IR35)

Must have the right to work and reside in the UK

**Role Summary**:
The Governance, Risk and Compliance Specialist will be responsible for the delivery and support of third-party supplier risk assurance activities and supplier information security assessment products. You will maintain supplier assurance services, reporting, governance, stakeholder engagements and have oversight for supplier assessment processes.

**What you will do**:

- You will manage and oversee the end-to-end supplier security assessment process
- You will take part in supplier contract negotiations, embedding information security requirements in our agreements
- You will deliver action plans to suppliers to drive remediation of existing vulnerabilities as part of monitoring and response capability
- You will track remediation actions from assurance reviews to identify and remediate risks and confirm gaps are closed to prevent exposure to cyber threats
- Contribute and put forward recommendations to the continuous improvement of supplier assurance procedures, guidelines, framework to help perform supplier security assurance in a consistent and quality manner.

We expect the individual to be a team player and have strong experience in managing supplier assessment processes, working with procurement and legal through contract negotiations, using various GRC tools, and working and communicating with stakeholders.

**Relationships**: You will remain aware of evolving security risks and trends by building relationships with team members both inside and outside of BP. You will contribute to the continuous development and awareness of supplier assurance processes by leading stakeholder training or awareness campaigns and proactively improving the quality standards and efficiency of delivery processes. The ability to influence and inspire change in a positive, impactful way within challenging environments will be a key skill required for this role.

**Governance and Compliance**: You will provide technical expertise in support of supplier assurance assessments and track the delivery of a series of assessment activities. Facilitating the delivery of a programme of activities as agreed with the service provider will be one of your main tasks. You will provide oversight in the context of supplier security assessment activities, identifying areas of risk and making appropriate recommendations.

**What you will have**:
Proficiency in all areas related to supplier information security (assessments, contractual clauses, vulnerability monitoring and governance)
Experience of supplier risk assessment across multiple supplier types and services.
Experience with business partner vulnerability monitoring tools.
You will bring hands on experience and knowledge of supplier risk and assurance.
You will be involved in supplier contract reviews and redlining activity, engaging with legal and procurement where there input is required.
You are an effective team player, looking beyond your own area/organizational boundaries to consider the bigger picture and/or perspective of others, while understanding cultural differences.
Excellent communication and presentation skills.
Ability to influence across a variety of stakeholders and negotiate through conflict.
Well organized, you balance proactive and reactive approaches and multiple priorities to complete tasks on time.
Ideally, you will have information security or risk industry accreditation (e.g., CISSP, CISM, CRIC) or membership of a professional body (e.g., IISP).