Job Description

The Role

: Access Management (AM) is part of the ET SOM (Enterprise Technology Service and Operations Management) organization in IT Services and Operations. Access Management team manages the access provisioning to Shell’s business critical applications compliant with internal and external control requirements. The activities in consist of Access Request Management, Control Operations, Profile Maintenance and Development and Access Security Design and Architecture.
Purpose Controls Advisor is responsible to Operate, Manage and improve the ITGC controls landscape, drive & monitor remediation activities in such a way that both IT Support and the business is not exposed to any significant controls, compliance, and audit risks. Responsibilities & Accountabilities

• Control Advisor is accountable for managing ITGC Controls for Access Management tool (Saviynt), a SaaS based IAM platform through which access to on-boarded application is requested, validated, provisioned (provide access), managed (change and revoke access) and periodically reviewed.
• Overall responsible for all the Identity & Access management related controls, Maintaining and ever greening the controls
• Proven experience in Internal & external Audits with a global organization
• Very good understanding of the Risks, Mitigation controls, SODs- Various detective, preventive controls for mitigated/unmitigated risks and the related controls
• Managing the expectations of various stakeholders and Liaising with the business, Suppliers and Auditors
• Working experience on Summarization and Reporting IT risks and controls in access management.
• Onboarding & offboarding of the ITGC/Sox controls, Hands on development and testing of security controls and documenting controls per auditor guidelines
• Having good knowledge and working experience on ITGC framework and Sox controls
• Assure Control Operation for applications onboarded in Shell Access Management tool
• Should have knowledge on security policies and procedures for SAP applications
• Experience on analysis for audit and collection of data / evidence as part of analysis, Ability to collect and map compliance and control validation reports to control activities

Mandatory Skills:

• Bachelor’s degree required
• 6 yrs. - 8 yrs. of IT experience with 4 to 7 years in corporate IT with relevant experience supporting end-users
• Minimum Education or Certification: 4-year Degree related to IT
• Experience with IT Controls execution, Risk management.
• Experience with and/or exposure to IT Audit (both internal and external), coordination and quality reviews of audit evidence, gained exposure in IT Operations and ITIL processes.
• Strong Knowledge in Identity Access Management Solutions, User Access Management, Provisioning process, SOD Management, Access Controls, Certifications (Like: Saviynt, Sail Point & IDM Tools)
• Knowledge of SAP User Management end-to-end Process, including Segregation of Duties, Charter of Authority, SAP GRC
• Experience in IDM tools, Application onboarding to IDM knowledge (Saviyant, SAP, etc)
• a security or audit related qualification (e.g. CISSP, CISM, CISA, CRISC, CIA)
• knowledge of or exposure on external IT security standards, such as COSO, ISO 27001 plus related legal compliance aspects, such as privacy.
• IT / IAM platform experience and knowledge of digital technologies

Translated Company Description

• Experience with Saviynt Application - preferred
• Ability to work with teams from diverse cultures and in different time zones in a global, virtual environment.
• Effective communication and influencing skills. Able to communicate clearly in spoken and written English.
• Good customer liaison skills across all organization levels

Disclaimer

Please note: We occasionally amend or withdraw Shell jobs and reserve the right to do so at any time, including prior to the advertised closing date. Before applying, you are advised to read our data protection policy. This policy describes the processing that may be associated with your personal data and informs you that your personal data may be transferred to Royal Dutch/Shell Group companies around the world. The Shell Group and its approved recruitment consultants will never ask you for a fee to process or consider your application for a career with Shell. Anyone who demands such a fee is not an authorised Shell representative and you are strongly advised to refuse any such demand. Shell is an Equal Opportunity Employer.