Job Description

The Role

Typically:

• Carries out assignments and projects alone or as part of a team.
• Role does not include responsibilities to manage staff and/or direct budget.
• Uses discretion in identifying and resolving complex problems and assignments. Applies a methodical approach to problem definition.
• Interaction limited mostly to within own team/org. Limited exposure to / interaction with business leadership.
• Works under supervision, of a more experienced Risk and Controls or Compliance Analyst.

This role will provide an opportunity to work as a part of the Information Risk Management - Compliance & assurance team within IDT Services and Operations (IDSO). This team operates infrastructure, applications and data management practices in an integrated fashion to effectively support Business workflows in e.g. Upstream, Process Control Domain, Integrated Gas, Renewables & Energy Solutions, Exploration, Field Development, Production, Engineering or Manufacturing. It covers areas such as Subsurface Imaging & Interpretation, Wells Delivery, Wells Reservoir & Facilities Management, Process Modeling & Optimisation, Smart Solutions, Process Control Domain IT, Project & Engineering, Contracts & Procurement, PT Sites, Safety and Environment, Connected Business, Digital IT (including e.g. High Performance Computing, Advanced Analytics) and Technical Infrastructure.

The Information Risk Management Compliance and Assurance Advisor is a horizontal within this team taking care of the Information Risk, Compliance and Assurance activities.This position will be primarily responsible to effectively and efficiently protect Shell's information assets by proactive risk management and is characterized by the preservation of Confidentiality, Integrity, Availability and Compliance of electronically stored, processed and transmitted information and of the associated applications and infrastructure services in scope.

Translated Company Description

Accountabilities

• Shape and drive a comprehensive embedded approach towards control self assessment Business As usual activities across the unit. The key focus areas would be
  • IT General Controls Monitoring
  • SOX, FCM, BC
  • Externally Facing Application controls, Production and Non Production Environment controls
  • Finding Management (Closure)

• Act as "LOD-1" and demonstrate "Management in Control" has ownership, responsibility, and accountabilities for mitigating risks.
• Face off with LOD-2 and LOD-3 "Audits (both external and internal)".
• Ensure the IRM activities like Controls execution, management testing for BAU, Risk Management, Audit Management and Vulnerability Management are executed as per agreed plan and timelines
• Drive Continuous Improvement through various levers like automation, standardization,& rationalization of IRM LOD1 activities thereby reducing compliance burden
• Support Internal and external audits, perform pre-audit heath checks and monitor effective Internal Actions close out.
• Actively guide, advise, and intervene (where non-compliance threat identified) in implementation of new (infrastructure and application) solutions
• Actively guide, advise, and intervene (where non-compliance threat identified) in implementation of new (infrastructure and application) solutions
• Evaluate SOC II reports for sufficiency and drive risk mitigation for open risks
• Ensure appropriate and sufficient IT general controls are in place and operated effectively
• Ensure IT applications/ projects are appropriately risk assessed and onboarded with relevant controls to mitigate risk
• Understand Technology Landscape (Application and Infrastructure) and proactively review in-scope landscape for risks wrt threats and vulnerabilities, legal and regulatory compliance
• Perform Security Assessment on vendor offerings - New/Leveraging existing (SAAS / PAAS/IAAS) services
• Strong interpersonal, communication, teamwork and negotiating skills.
• Be the primary interface with many different groups within and outside of Information Risk Management, and to network globally across Group businesses and with external groups.
• Influence and deliver across organizational boundaries.

Disclaimer

Please note: We occasionally amend or withdraw Shell jobs and reserve the right to do so at any time, including prior to the advertised closing date. Before applying, you are advised to read our data protection policy. This policy describes the processing that may be associated with your personal data and informs you that your personal data may be transferred to Shell/Shell Group companies around the world. The Shell Group and its approved recruitment consultants will never ask you for a fee to process or consider your application for a career with Shell. Anyone who demands such a fee is not an authorised Shell representative and you are strongly advised to refuse any such demand. Shell is an Equal Opportunity Employer.