Gus Garza
Details
Under my resilient and inclusive security leadership, the Alaska divestment team delivered a successful transition of the Alaska operations and interests ﴾BPXA – BP Exploration Alaska﴿ to Hilcorp – a $5.6 billion divestment deal.
Addressed a gap in rig supply chain security by focusing on my customer and having empathy in order to design an approach to provide assurance that well service companies on rigs are aligning to industry best practice standards ﴾IEC 62443﴿ for securing their automation systems.
Supported the creation and adoption of a cyber risk register into the onshore gas business unit (bpx) and provided guidance to the bpx team for safely integrating BHP’s unconventional gas assets through a $10.5 billion acquisition deal that added 4.6 billion oil equivalent barrels of discovered resources to bp’s portfolio.
Developed joint assurance lines of enquiry for assessing workforce behaviors and the effectiveness of technical barriers and contingencies to be used in all planned assurance reviews with the physical security team on information security.
Leveraged skills gained during citizen developer training to create applications and dashboards for team members and business stakeholders for visualizing disparate data sources (data science (AI/ML); power apps/automate/bi).
Accountable for developing and maintaining relationships and driving the adoption of cyber security best practices across stakeholders in the bpx, Global Wells Organization (GWO), bp Russia, Alaska, Gulf Coast Restoration Organization (GCRO) and Joint Venture (JV) businesses, supporting senior business stakeholders in meeting bp's security requirements.
2016 : Present
BP
Information Security Officer, Upstream
Facilitated a cyber response exercise with the Treasury leadership team involving a targeted malware campaign whereby cyber‐criminals conducted a well‐coordinated cyber‐attack that successfully circumvents bp's segregation of duty controls around the payment processing application and initiated a large ad hoc payment.
Led a project that assessed the security posture of the systems, suppliers and team behaviors supporting the end‐to‐end UK and US Payroll business processes, that identified insecure working practices with our suppliers supporting the business processes that had not previously been recognized with other assurance activities.
Accountable for supporting senior business stakeholders in the assessment of information and IT system security risks and driving the right security behaviors and culture within S&OR, BP America, Group Economics, Group Technology, Group Audit, Mergers & Acquisitions, Remediation Management (including Wind), and Treasury.
2015 : 2015
BP
Information Security Officer, Corporate Functions
Accountable for carrying out security reviews of suppliers and critical assets that support Corporate & Functions business activities, driving the routine security scanning of our internet‐facing estate, driving the continuous improvement of our security assurance processes within IT, and responding to identified security incidents within Corporate & Functions.
2013 : 2015
BP
Operational Integrity Security Lead
Promoted to establish an enterprise-wide IT Compliance program across 29 countries on five continents, utilizing a risk-based approach to proactively identify control gaps and facilitate the development and implementation of remediation actions based on security best practices and sound risk management. Lead the management and execution of audits within the remit of IT against external (legal, HSSE, regulatory and legislative) and internal IT (architecture and security) requirements and provide assurance that risks identified are properly mitigated or accepted by senior management.
2008 : 2013
BG Group
Global Compliance Manager
Recruited to implement and direct a structured IT Compliance program focused on Information Security and Computer Operations in support of Sarbanes-Oxley (SOX) regulations and corporate policies throughout the Americas and Global LNG (AGLNG) region. Implement and facilitate a Change Management program throughout all parts of the AGLNG region.
2007 : 2008
BG Group
Manager, Change Management and Compliance Monitoring
About
Extensive knowledge and experience capturing business requirements, defining risk tolerance levels and integrating technical security controls in alignment with ISO 27001/27002, NIST SP800 Series and CSIS/SANS 20 Critical Security Controls into the COBIT and ITIL frameworks and to evidence compliance for regulations including Health Insurance Portability and Accountability Act (HIPAA), Sarbanes–Oxley Act (SOX) and NERC Critical Infrastructure Protection (CIP). Demonstrated ability to establish and implement Information Security programs of work including: Information Protection, Threat & Vulnerability Management, Identity & Access Management, Policy Compliance, Security Incident Response, Patch Management and Security Awareness & Training; and direct large, geographically dispersed cross functional teams of service provider and enterprise personnel focused on the identification, management and escalation of IT control risks and security threats.
Areas of Expertise:
Information Security Management • Information Assurance • IT Risk Management • Information Security Principles and Technology • IT Security Operations • Security Policy Management • Security Incident Response • Stakeholder and Vendor Management • Negotiation and Influencing • Executive Level Communications • Quality Management • IT Financial Management
Profile Photo
