Job Description

The Role

The Risk Advisory team RMF is a new team in IRM that will focus on the advisory and assurance related to operational applications, typically those in scope of a yearly agreed high priority and high-risk applications as agreed in scope of the Risk Management Framework (RMF). Risk evaluation and advise require deep understanding and appropriate identification, prioritization, and advise on management of Confidentiality, Integrity, Availability and Regulatory risks to the applications/services. The RMF advisory team is part of IRM Advisory services, which covers advisory and assurance for operational services and capabilities, in an ever-changing environment with technical as well as regulatory requirements, in a fast-changing business dynamic. The overall team’s aim is to balance risk vs costs, and provide expert advice supporting secure, reliable and compliant services. The Role requires a clear understanding of Shell’s strategic intent for Market Standard and develop new capabilities within the team and also be able to provide needed advisory to LOD1 (IT Engineering, ITSO, ITM and other stakeholders). The RMF advisory team is responsible to ensure the risk to Shell is reduced at an acceptable level balancing risk vs. cost and simplicity, supporting LOD1. The scope for the role covers services and applications managed by IT as well as IT managed outside of IT, like LMA and DIY. The purpose of this position is to:

• Be a “trusted advisor” providing risk advisory on IT risks, Findings, associated with high priority topics as defined and agreed by CIOs in RMF scope.
• Define security policies, processes, guidelines related to new technologies, solutions, standards and regulations and advise on implementation requirements.
• Review and provide assurance on risk identification and mitigations.
• Contribute to risk and control requirements and associated policies and guidance.
• Provide guidance and training in risk management processes to various stakeholders (Business, operations/LoD1, PM’s etc.

Accountabilities of the role includes the below:

• Accountable to provide assurance and advise pertaining to risk assessment and remediations performed by LOD1; ITSO, BAO, IT Engineering, etc.
• Accountable to provide assurance that recorded Findings/Exceptions are addressing all recorded underlying risks.
• Ensure all the risks are properly documented, classified and addressed with appropriate action as per the IRM standards.
• Active participation in driving awareness of Information security related issues and risks to Business/Business IT Teams.
• Understands IRM and IT Services/Platforms to advise in the execution of Risk Assessments.

The dimension of the role includes:

• Maintain primary interface between IRM and ITSO as well as IT Engineering (S&C).
• Interface with CyberDefence for vulnerability reviews.
• Interface with ITSO SOM for operational assessments.
• Support in risk assurance and audits as risk SME.

Mandatory Skills

• Over all 5 – 8 years of experience in IT
• Any Graduate
• At minimum 5+ years in IRM function, preferably aligned with control framework best practices and risk management.
• A qualification in CISSP, CISA, CRISC or CISM.
• Good understanding of, and experience with Information Risk Management, IT Security and Compliance and Security Controls and Audit.
• Good understanding of internal and external IT security standards, SOX, PCI, SOC2/1, ISO27001 standards and relevant legal compliance aspects.
• Robust understanding of, and solid experiences with the impact of Security on application development and operations as well as the IT Infrastructure.
• Good understanding of cloud security requirements and third-party control assurance.
• Ability to interface with different groups (Third parties, Business and IT) internal and external to IT (security) and to network globally across Group businesses, as well as with external groups.
• Technical knowledge & relevant experience in security domains /technologies.
• Knowledge of Data Security Standards, Privacy Principles.
• Ability to foresee and identify mitigation strategies for Risks.

Key Soft Skills Required:

• Display excellent communicating and influencing skills.
• Display analytical and problem-solving skills.
• Be pro-active and self-motivated.
• Display Ability and eagerness to quickly learn new technologies.

Disclaimer

Please note: We occasionally amend or withdraw Shell jobs and reserve the right to do so at any time, including prior to the advertised closing date. Before applying, you are advised to read our data protection policy. This policy describes the processing that may be associated with your personal data and informs you that your personal data may be transferred to Royal Dutch/Shell Group companies around the world. The Shell Group and its approved recruitment consultants will never ask you for a fee to process or consider your application for a career with Shell. Anyone who demands such a fee is not an authorised Shell representative and you are strongly advised to refuse any such demand. Shell is an Equal Opportunity Employer.