Digital Security Lead

Responsible for project compliance assurance against bp’s information, application and automation security practices. DS Lead will provide assurance that the project will meet the Digital security requirements in BP’s Group Defined Practice (GDP) 3.5-0001 Automation Systems Cyber Security and Engineering Technical Practice (ETP) Group Practice (GP) 30-60 Automation Systems Digital Security and Integrity.
It will include assessment of:

• ICSS System & Packages

• OCT Packages

• Telecoms Packages

• Electrical – CDAS/PMS packages

• Engineering packages with control systems supplied by non-ICSS suppliers

• Drilling packages with control systems and Drilling Control System

• Any other systems installed on Automation Networks (PIN, PCN, SSN, aPCN, uLAN, Third party networks) which are segregated from BP1.

Deliverables:

• Review of I&C, Telecom, Electrical and Drilling philosophy documents

• Cyber Security Strategy

• Cyber Security Implementation Plan

• ASDS Philosophy document

• ASDS Roles, Responsibilities and ASDS SPA Delegation

• Technical Bid Review

• FEED Document Review

• FDS Document Review

• Drilling Packages Design Review

• GP30-60 Assessment

• GP30-60 Stakeholder Review Workshop

• S&OR reviews, Multi Discipline Engagements (MDEs) and PHSSERs.

• FEED Addendum Review

• Detail Design Review and Input

• I&E Low Level Design (LLD) Review and Input

• Package level GP30-60 assessments

• ICSS and Packages FAT Procedure Review and Test Validation

• Site Acceptance Test

• Fit-For-Service (GDP3.5-0001) Compliance assessment.

• S&OR Review

• Shall facilitate and record the formal agreement of ASDS roles and responsibilities among the key stakeholders.

• Technical Bid Review

• Shall participate contract requirement specifications and bid review to ensure appropriate security clauses have been specified and consideration for Digital security is included in supplier selection process.

• FEED Documents Review

• Shall review to ensure that BP’s Digital security and I&E architecture requirements have been specified in the relevant FEED documents.

• FDS Document Review

• Shall review to ensure that Supplier’s relevant FDS document has included appropriate

• Digital security and I&E architecture specifications.

• Perform GP30-60 Assessment

• Shall perform verification activities using the GP30-60 assessment tools to verify against

• GP30-60 security controls.

• Run GP30-60 Stakeholder Review Workshop

• Shall lead stage gate review.

• Digital Security Plan for Execute.

• Shall update overarching DS plan to include execute phase schedule. This will include categorisation of automation systems into ASDS Tiers 1 to 3

• Shall participate as required in S&ORA reviews, Multi Discipline Engagements (MDEs) and PHSSERs.

• Shall work with EPC to develop ASDS Compliance Checklist. See Annex 1.5 for an example of a compliance checklist

• ISRS Tiering Review – Shall ensure that appropriate engagement and assessments occur

• Essential Requirements

• Master’s Degree in Information Security

• 15 years of experience in design, deployment and auditing of Enterprise level Security Systems

• 10 years of experience in delivery of Major Capital Projects in bp

• Experience in Industrial Control Proprietary Systems & Security – Emerson, Yokogawa,

• Honeywell, ABB, Siemens, Schneider Electric.

• Experience in Infrastructure and application architecture development

• Experience in Cloud Security

• Strong proficiency in LAN, WAN, VoIP, Wireless, and Security solutions

• TOGAF 9 certified

• Certified Information Systems Security Professional (CISSP)

• Cisco Certified Security Professional (CCSP)

Salary: Negotiable.

Interested candidates can send their cv to the e-mail address in the Apply for job butotn. Please note that experience in Oil and Gas sector as well as experience in BP are highly preferable.