Act as the functional specialist for IT Information Risk Management (IRM) Proactively review Shells information security and related risks wrt threats and vulnerabilities, legal and regulatory compliance Translate Technical, legal and Regulatory Compliance obligations into a cohesive collection of Security Controls and provides the respective stakeholders with the IRM requirements and its implementation methodologies. Facilitate smooth conduct of Risk Assessment on Applications, Network& Systems, and Legal & Regulatory. Coordinate in conducting VAPT (Vulnerability Assessment and Penetration Test), Review VAPT results and recommend the risks to be remediated. Work with Project Managers, Business Analysts, Architecture and Support Team to ensure Shell IRM standards are being followed. Incorporate Security in the Software Development Life cycle.Support the Prevent and Validate staff and IRM COB in education and awareness of Information security related issues and risks, and influence of behaviours of IT and Business staff as part of mitigating these risks. Support in development of tooling to support IRM processes and ensuring this is fit for purpose. Actively participate in reviewing and improving the Information Security Controls implemented in the organization. Active participation in the Assurance and Architecture level discussions in the engagements. Actively participate in IRM team and community meetings, representing IRM and Business interests in applying setting standards and policies for the Group and the businesses, leading to a fit for purpose, evergreen IRM framework. Support maintenance and development of the IRM related Control Framework and related processes and procedures Ensure that IRM continues to focus on risks significant to the Business, with emphasis on innovation. Contribute to the quarterly Risk Management updates for IT and information management (IM) risks in IRM. Ensure a successful response to the Information Management, Health & Safety and Shell Guided Business Principles dossiers. Serves as IRM functional expert for Shells Business.
Good understanding of, and experience with Information Risk Management, Audit (internal and external), and Business (IT) Controls. Advanced understanding of internal and external IT security standards, PCI standards and relevant legal compliance aspects. Robust understanding of, and solid experiences with the impact of IRM on application development and operations as well as the IT Infrastructure. Solid understanding of Downstream and Retail business processes. Ability to balance IRM/PCI needs and standards in light of risk and affordability to the Business as well as business impact. Ability to promote high performance teams, working with inclusiveness and cultural diversity, across organizational boundaries. Ability to interface with different groups (Third parties, Business and IT) internal and external to IT (security) and to network globally across Group businesses, as well as with external groups. Technical knowledge & relevant experience in security domains /technologies related to: :
Infrastructure/Network security Identity and Access Management Business Impact Assessment Application security Data Leakage Prevention End Point Protection Web filtering technologies, Proxies and firewalls. Vulnerability Assessment / Penetration Testing Cloud security
Knowledge of Data Security Standards: PCI DSS , Privacy Principles Driving Platform / Application security and compliance as part of Project Engagement Ability to foresee and identify mitigation strategies for RisksCandidate must also: Display excellent communicating and influencing skills Display analytical and problem solving skills Be pro-active and self-motivated Display strong interpersonal and negotiating skills with all levels of staff. Display Ability and eagerness to quickly learn new technologies.
A qualification in CISSP, CISA, CRISC or CISM
Must have previous experience in an (Information) Risk Management role and/or PCI implementation or assessment role.