Digital Security GRC Platform Owner
About The Position
The GRC Platform Owner is responsible for end-to-end ownership and continuous improvement of bpx’s Digital Security Governance, Risk, and Compliance (GRC) processes and platforms. This role ensures governance activities are efficient, scalable, and aligned with enterprise policies, while enabling delivery teams to operate within defined guardrails. This role transitions GRC from execution-focused analysis to ownership of the Digital Security GRC capability, including defining processes, owning platforms, and driving scalability and consistency. The role is also critical in the higher-level Technology GRC program as a key support and leadership role for Enterprise Architecture governance. It will lead 1 to 2 dedicated offshore support resources to grow the platform from its current state (heavily focused on risk assessments) to a mature state with full policy and compliance program documentation review and publishing. It will coordinate with Digital Security Engineering for technical cyber security system review and risk assessment, and with Digital Security Data Governance for information protection assurance.
Requirements
- Combined 10 years' experience (minimum 2 each) in GRC in combined IT and OT environments
- Analytics, metrics and process development
- Technology management
- Bachelor’s degree in an engineering or technical field
- Hands-on experience with at least one major GRC platform (Archer, ServiceNow, OneTrust)
- Demonstrated ability to lead cross-functional initiatives
- Strong analytical and communication skills
Nice To Haves
- Purdue model technology risk analysis
- AI Governance and Risk Assessment
- Oil and Gas Industry GRC Experience
Responsibilities
- Own and evolve GRC platform ecosystem requirements (ServiceNow / ADO and supporting tools)
- Design and maintain standardized GRC processes
- Drive automation and simplification
- Serve as primary decision authority
- Define required level of control
- Enforce governance policies
- Identify conformance reporting requirements and recipients
- Deliver conformance reporting, as required
- Coordinate across Digital Security, EA, delivery teams, procurement
- Guide teams through requirements
- Coordinate the evaluation of solutions and vendors for risk
- Provide risk-informed recommendations
- Provide risk-informed approvals for new systems, integrations, and changes
- Own GRC backlog and roadmap
- Prioritize enhancements
- Develop and maintain GRC procedures and frameworks
- Ensure clarity and accessibility
- Track cycle time and quality metrics
- Drive improvements
Benefits
- access to health, vision and dental insurance
- flexible working schedule
- paid time off policy
- discretionary annual bonus program
- long-term incentive program
- a generous 401K matching program
Stand Out From the Crowd
Upload your resume and get instant feedback on how well it matches this job.
What This Job Offers
Job Type
Full-time
Career Level
Senior
