Information security principal
Bp
IT
Pune, Maharashtra, India
Posted on Dec 31, 2025
Entity:
Technology
Job Family Group:
Job Description:
You will work with
This role is a pivotal part of bp’s Group ERP Transformation Programme – Quantum, responsible for embedding digital security from inception to delivery. This role will serve as the single point of contact and authority for all security, Identity and Access Management (IAM), risk and compliance aspects across the future ERP landscape.
As the bridge between digital security and ERP teams, this role collaborates with architects, security specialists, compliance teams, Quantum delivery leads, SAP and non-SAP platform owners, risk managers, and external cybersecurity partners. The goal is to ensure that the ERP transformation is designed and implemented with a secure, compliant, and future-proofed security architecture.
Let me tell you about the role
As an Information Security Principal, ERP, you will be entrusted with the responsibility of designing, leading, and implementing security strategies that ensure our future ERP estate remains secure, compliant, and resilient against evolving cyber threats.
In this role, you will serve as the subject matter expert, ensuring that digital security and related solution designs are seamlessly coordinated throughout the ERP landscape, including the transition from our current estate to the SAP RISE S/4HANA environment.
This role requires a solid technical background in ERP security combined with strategic leadership and influencing skills to embed security standard methodologies across SAP and non-SAP platforms. The ideal candidate will have a consistent track record in crafting ERP security frameworks, leading IAM and risk compliance initiatives, and driving security-first transformation in large-scale ERP environments.
What you will deliver
Security design leadership: Lead the security design for the Group ERP transformation, ensuring that security is embedded from inception to delivery, serving as the single point of contact for all security, compliance, data privacy, and risk governance aspects.
Strategic Leadership: Provide strategic leadership in ERP cyber resilience, incident response planning, and business continuity strategies.
Solution design and strategy implementation: define and implement digital security and Identity solution design activities, covering Role-Based Access Control (RBAC), Privileged Access Management (PAM), Zero Trust models, and integration with SAP Identity Authentication & Access Governance. Ensure security standard methodologies are implemented during the transition from the legacy ERP estate to the SAP RISE cloud environment.
Compliance-by-design: develop and implement compliance-by-design principles across the ERP landscape, spanning SAP S/4HANA, Ariba, Concur, Fieldglass, and integrated non-SAP systems. Provide technical assurance that security is built into new ERP process designs, working closely with Quantum delivery leads and technical teams.
Risk management: lead the implementation of security risk assessments, vulnerability management, and continuous threat monitoring across SAP and third-party integrations and define segregation of duties (SoD), GRC (Governance, Risk & Compliance), and audit readiness frameworks for ERP security. Work closely with bp’s wider Digital Security and Compliance teams to ensure ERP security aligns with corporate risk management, regulatory requirements, and industry best practices.
Security Automation: drive security automation initiatives, using AI/ML-based threat detection, anomaly detection, and predictive risk analytics.
Vendor Management: manage external security partners, SAP security consultants, and vendors to optimize ERP security posture and threat intelligence capabilities.
Training and Awareness: Own and deliver security training and awareness programs, ensuring that all ERP stakeholders understand security risks and standard methodologies.
What you will need to be successful (experience and qualifications)
Essential
Significant experience in internal or external information security and risk roles
Significant experience working in a large enterprise security environment, with a focus on ERP security, IAM, and risk management.
Deep expertise of SAP Security, SAP GRC, SAP Identity & Access Management (IAM), and security architecture for SAP S/4HANA and RISE deployments. Hands-on experience implementing SAP Security, SAP Cloud Security, and ERP integration security models.
Demonstrable experience designing Zero Trust security models, Role Based Access Controls, and Identity & Access Governance (IAG) frameworks for ERP environments.
Solid understanding of SOX, GDPR, ISO 27001, and other regulatory compliance frameworks applicable to ERP security.
Deep technical expertise in IAM tools and Security Information and Event Management (SIEM) solutions.
Experience leading security-first ERP transformations, ensuring compliance across SAP and non-SAP business-critical systems.
Strong negotiation, leadership, and stakeholder influencing skills to drive security-first culture across the Quantum program.
Desired
Industry-recognised cybersecurity certifications such as CISSP, CISM, CRISC, or SABSA.
Bachelor’s or master’s degree in Cybersecurity, Information Technology, Computer Science, or a related field.
SAP security certifications, including SAP Certified Technology Professional – System Security Architect, SAP Certified GRC Consultant.
Experience implementing AI/ML-driven security analytics, threat intelligence, and cloud-native security tools.
Background in energy, manufacturing, or regulated industries, leading security for large-scale ERP transformations.
Prior experience in multi-cloud security architectures, securing hybrid ERP deployments (SAP & non-SAP).
Leadership and EQ:
Experience working in globally distributed teams with ability to work asynchronously
Cultivate positive team morale and empower team members
Demonstrate strong leadership, uphold BP's code of conduct and values
Promote a culture of change, agility, and open communication
Stay up-to-date with the latest cyber security trends, threats, and technologies
About bp
bp is a global energy business with a purpose to reimagine energy for people and our planet. We aim to be a very different kind of energy company by 2030, helping the world reach net zero and improving people’s lives. We are committed to creating a diverse and inclusive environment where everyone can thrive. Join bp and become part of the team building our future!
We will ensure that individuals with disabilities are provided reasonable accommodation to participate in the job application or interview process, to perform crucial job functions, and to receive other benefits and privileges of employment. Please contact us to request accommodation.
Travel Requirement
Relocation Assistance:
Remote Type:
Skills:
Legal Disclaimer:
We are an equal opportunity employer and value diversity at our company. We do not discriminate on the basis of race, religion, color, national origin, sex, gender, gender expression, sexual orientation, age, marital status, socioeconomic status, neurodiversity/neurocognitive functioning, veteran status or disability status. Individuals with an accessibility need may request an adjustment/accommodation related to bp’s recruiting process (e.g., accessing the job application, completing required assessments, participating in telephone screenings or interviews, etc.). If you would like to request an adjustment/accommodation related to the recruitment process, please contact us.
If you are selected for a position and depending upon your role, your employment may be contingent upon adherence to local policy. This may include pre-placement drug screening, medical review of physical fitness for the role, and background checks.
