Irm It Project Security Advisor

6 - 8 Years    Bangalore, India

Job Description

  • Act as the functional specialist for IT Information Risk Management (IRM)
    Proactively review Shells information security and related risks wrt threats and vulnerabilities, legal and regulatory compliance
    Translate Technical, legal and Regulatory Compliance obligations into a cohesive collection of Security Controls and provides the respective stakeholders with the IRM requirements and its implementation methodologies.
    Facilitate smooth conduct of Risk Assessment on Applications, Network& Systems, and Legal & Regulatory.
    Coordinate in conducting VAPT (Vulnerability Assessment and Penetration Test), Review VAPT results and recommend the risks to be remediated.
    Work with Project Managers, Business Analysts, Architecture and Support Team to ensure Shell IRM standards are being followed.
    Incorporate Security in the Software Development Life cycle.Support the Prevent and Validate staff and IRM COB in education and awareness of Information security related issues and risks, and influence of behaviours of IT and Business staff as part of mitigating these risks.
    Support in development of tooling to support IRM processes and ensuring this is fit for purpose.
    Actively participate in reviewing and improving the Information Security Controls implemented in the organization.
    Active participation in the Assurance and Architecture level discussions in the engagements.
    Actively participate in IRM team and community meetings, representing IRM and Business interests in applying setting standards and policies for the Group and the businesses, leading to a fit for purpose, evergreen IRM framework.
    Support maintenance and development of the IRM related Control Framework and related processes and procedures
    Ensure that IRM continues to focus on risks significant to the Business, with emphasis on innovation.
    Contribute to the quarterly Risk Management updates for IT and information management (IM) risks in IRM.
    Ensure a successful response to the Information Management, Health & Safety and Shell Guided Business Principles dossiers.
    Serves as IRM functional expert for Shells Business.

Good understanding of, and experience with Information Risk Management, Audit (internal and external), and Business (IT) Controls.
Advanced understanding of internal and external IT security standards, PCI standards and relevant legal compliance aspects.
Robust understanding of, and solid experiences with the impact of IRM on application development and operations as well as the IT Infrastructure.
Solid understanding of Downstream and Retail business processes.
Ability to balance IRM/PCI needs and standards in light of risk and affordability to the Business as well as business impact.
Ability to promote high performance teams, working with inclusiveness and cultural diversity, across organizational boundaries.
Ability to interface with different groups (Third parties, Business and IT) internal and external to IT (security) and to network globally across Group businesses, as well as with external groups.
Technical knowledge & relevant experience in security domains /technologies related to: :

Infrastructure/Network security
Identity and Access Management
Business Impact Assessment
Application security
Data Leakage Prevention
End Point Protection
Web filtering technologies, Proxies and firewalls.
Vulnerability Assessment / Penetration Testing
Cloud security

Knowledge of Data Security Standards: PCI DSS , Privacy Principles
Driving Platform / Application security and compliance as part of Project Engagement
Ability to foresee and identify mitigation strategies for RisksCandidate must also:
Display excellent communicating and influencing skills
Display analytical and problem solving skills
Be pro-active and self-motivated
Display strong interpersonal and negotiating skills with all levels of staff.
Display Ability and eagerness to quickly learn new technologies.


A qualification in CISSP, CISA, CRISC or CISM


Must have previous experience in an (Information) Risk Management role and/or PCI implementation or assessment role.

Skills Required

Beware of fraud agents! do not pay money to get a job will not be responsible for any payment made to a third-party. All Terms of Use are applicable.

Related Jobs

Job Detail

  • Job Id
  • Industry
    Not mentioned
  • Total Positions
  • Job Type:
    Full Time
  • Salary:
    Not mentioned
  • Employment Status
  • Job Location
    Bangalore, India
  • Education
    Any Graduate - Any Specialization,Any Postgraduate - Any Spe
  • Experience
    6 - 8 Years Years
  • Apply By
    May 10, 2020
  • Job Posting Date
    Feb 10, 2020