Digital Security GRC Platform Owner

Organization: bpx Energy – Technology/Enterprise Architecture/Digital Security 
 

Role Summary 

The GRC Platform Owner is responsible for end-to-end ownership and continuous improvement of bpx’s Digital Security Governance, Risk, and Compliance (GRC) processes and platforms. This role ensures governance activities are efficient, scalable, and aligned with enterprise policies, while enabling delivery teams to operate within defined guardrails. 

Key Responsibilities 

Platform & Process Ownership 

- Own and evolve GRC platform ecosystem requirements (ServiceNow / ADO and supporting tools) 
- Design and maintain standardized GRC processes 
- Drive automation and simplification 
 
Governance & Decision Authority 

- Serve as primary decision authority 
- Define required level of control 
- Enforce governance policies 

Conformance Reporting 

- Identify conformance reporting requirements and recipients 
- Deliver conformance reporting, as required 
 
Cross-Functional Leadership 

- Coordinate across Digital Security, EA, delivery teams, procurement 
- Guide teams through requirements 
 
Risk Management & Advisory 

- Coordinate the evaluation of solutions and vendors for risk 
- Provide risk-informed recommendations 
- Provide risk-informed approvals for new systems, integrations, and changes 
 
Product & Backlog Ownership 

- Own GRC backlog and roadmap 
- Prioritize enhancements 

 
Process Definition & Documentation 

- Develop and maintain GRC procedures and frameworks 
- Ensure clarity and accessibility 
 
Performance & Continuous Improvement 

- Track cycle time and quality metrics 
- Drive improvements 

Qualifications & Experience 

- Combined 10 years' experience (minimum 2 each) in 

• GRC in combined IT and OT environments 

•  Analytics, metrics and process development 

• Technology management 

- Bachelor’s degree in an engineering or technical field 

- Hands-on experience with at least one major GRC platform (Archer, ServiceNow, OneTrust) 
- Demonstrated ability to lead cross-functional initiatives 
- Strong analytical and communication skills 

Key Competencies 

- Process Ownership & Optimization 
- Governance & Risk Management 

- Purdue model technology risk analysis 
- Cross-Functional Leadership 
- Product / Platform Thinking 
- Decision-Making & Accountability 

- AI Governance and Risk Assessment 

- Oil and Gas Industry GRC Experience 

Role Positioning 

This role transitions GRC from execution-focused analysis to ownership of the Digital Security GRC capability, including defining processes, owning platforms, and driving scalability and consistency. The role is also critical in the higher-level Technology GRC program as a key support and leadership role for Enterprise Architecture governance 

It will lead 1 to 2 dedicated offshore support resources to grow the platform from its current state (heavily focused on risk assessments) to a mature state with full policy and compliance program documentation review and publishing. 

It will coordinate with Digital Security Engineering for technical cyber security system review and risk assessment, and with Digital Security Data Governance for information protection assurance. 

Salary and Benefits

We offer a reward and wellbeing package to enable your work to fit with your life. These can include, but not limited to, access to health, vision and dental insurance, flexible working schedule, paid time off policy, discretionary annual bonus program, long-term incentive program, and a generous 401K matching program. How much do we pay (Base)? $140,000- $180,000

*Note that the pay range listed for this position is a good faith and reasonable estimate of the range of possible base compensation at the time of posting.