Job Description

The Role

If you are interested in Information Risk Management (IRM) and desire to sit into the driver\xe2\x80\x99s seat where we provide assurance to the organization on the risks we carry in IT world, Compliance and Assurance management is the team you would want to be in. We are looking for individuals adept with Information Risk Management, passion to continuously look for risk exposure in areas beyond ITGCs, contribute to the organization by defining requirements for the assessment of Information Risks, would like to use technology and continuously improve on how do we smartly select the right subset of controls to test and provide reliable assurance to the organization and LOD3, have passion to work in a dynamic environment and enjoy resolving roadblocks, this could be your chance to make your mark in the world of Information Risk Management and more specifically in Compliance and Assurance space. This role would give exposure to multiple teams across LOD1, LOD2 and lOD3 which would help in broadening your knowledge in IRM process. This is a good opportunity for people who would like to develop IT Risk review/audit skills. Where you fit in As we transition to cleaner forms of energy, the challenge facing the energy industry in the coming decades is considerable. Shell has embarked on a journey to leverage technology in every aspect of business and is striving to stay ahead in adopting the up and coming cutting edge technologies. This exposes us to risk in Information security and regulatory requirements that come along with it. Compliance specialists are vital to ensure compliance with IRM policies and standards, effectively and efficiently to support enterprise assurance activities. This role will manage the operational responsibilities including establishing the effectiveness of design and operation of IT controls, support delivery of Compliance Monitoring services to business needs, champion the expansion and maturity of compliance monitoring capabilities, develop effective working relationships with stakeholders and partners. Key challenges include:

• Working with stakeholders and teams across geographies in virtual environment.
• Collaborate with risk & testing team, external auditors to obtain annual assessment of the design and operating effectiveness of IT controls.
• Keep abreast of internal company policies, emerging risk in the external world, current developments in technology /audit professions.

What\'s the role
As an IRM Compliance and Assurance Advisor, you will be responsible for supporting management\'s assessment of the IT control environment. This role will ensure proactive identification and notification of control weaknesses and security incidents, performing deficiency/gap analysis, development and tracking of remediation action plans, and performing in-depth reviews of risk management. More specifically, your role will include:

• Control assessment and compliance monitoring /assurance to ensure proactive identification and notification of control weaknesses and security incidents.
• Collaborate with offshore testing team, on outcome of assessments of the design and operating effectiveness of IT controls.
• As Risk advisors, help IT operations to manage risk in support of business strategy and compliance needs. Provide inputs on the remediation plans for deficient controls. Post remediation, ensure it is picked up for testing and documented.
• Continuously work with BIRMs / Business Focal and ensure all risks are identified in time and picked up for reviews.
• Perform assurance reviews on projects/topics, supporting IT operations to optimize their management of risks.
• Contribute to ESSA initiatives for Compliance Monitoring/Management testing process.

What we need from you
We\'re keen to hear from individuals with 5-8 years of experience in IT audits, ITGC testing and Risk assessment / reviews and experience in change management, user access review, etc.

• Bachelor\xe2\x80\x99s Degree in Finance or Technology, MBA or advanced degree preferred
• Strong experience in IT audits along with knowledge of Industry Standard processes and frameworks like COSO, COBIT, ISO 27001.
• Excellent understanding and experience with Information Risk Management, IRM processes, IRM portfolio, the Business (IT) Controls Framework and IRM project knowledge to deliver responsibilities.
• Good communication and leadership skills
• Continuous improvement mindset.

Behavioral Competences:

• Individual should be proactive around identifying upcoming challenges and propose solution
• Professional curiosity and an eagerness to learn.
• Show be a strong team player and display the same by volunteering where one can extend support.
• Ability to prioritize and deliver priorities with capacity to handle multiple priorities simultaneously.
• Strong interpersonal skills and ability to communicate with clarity and build strong working relationships across wide spectrum of stakeholders.
• Proven experience of working in a virtual team effectively.