Job Description

The Security & Compliance (S&C) Competency Centre (CC) Analyst is responsible for supporting the following: Risk Management and Mitigation - Assess and classify all potential business and infrastructure information risks. - Execute, with suppliers, risk analyses on IT application/services. - Develop and socialize our overall risk profile and action plans to mitigate risks - Review and recommend approval project charters. - Facilitate smooth conduct of Risk Assessment (including Legal & Regulatory) on Applications, Network& Systems - Perform end to end Security Assessment on vendor offerings - New/Leveraging existing (SAAS / PAAS/IAAS) services including integration with Shell environment. - Translate Technical, legal and Regulatory Compliance obligations into a cohesive collection of Security Controls and provides the respective stakeholders with the IRM requirements and its implementation methodologies. Support in development of tooling to support IRM processes and ensuring this is fit for purpose. - Actively participate in S&C team and community meetings, representing S&C and Business interests in other CC forums. - Support during Internal /External Audit - Ensure that S&C continues to focus on risks significant to the Business, with emphasis on innovation. Controls Management and Optimization - Ensure controls are both risk-driven and based on industry standards - Review and approve the control design of supplier and Shell technical specifications against Shells control requirements, as agreed contractually, during PDF project. - Support the development of new IRM policies, tooling, procedures where required Primary Skills Experience and security certification required 5+ years of experience in Information security and Compliance, risk management and control design Advanced understanding of internal and external IT security standards, ITGC, PCI, GDPR, SOC2/1, ISO27001 standards and relevant legal compliance aspects. Robust understanding of, and solid experiences with the impact of Security on application development and operations as well as the IT Infrastructure. Good understanding of cloud security requirements and third-party control assurance. Ability to interface with different groups (Third parties, Business and IT) internal and external to IT (security) and to network globally across Group businesses, as well as with external groups. Technical knowledge & relevant experience in security domains /technologies. Translate Technical, legal and Regulatory Compliance obligations into a cohesive collection of Security Controls and provides the respective stakeholders with the IRM requirements and its implementation methodologies. Conduct Risk Assessment on Applications, Network & Systems including vendor managed environment A certification in CISSP, CISA, CRISC , CISM, ISO 27001 LA/LI is must. Advanced understanding of security standards, ITGC, PCI, GDPR, SOC2/1, ISO27001 and Technical knowledge & relevant experience in security domains /technologies. Conduct Risk Assessment on Applications, Network & Systems including vendor managed environment, SAAS, PAAS, IAAS etc. Any one of the following certification is must: CISSP, CISA, CRISC , CISM, ISO 27001 LA/LI Secondary Skills Ability to foresee and identify mitigation strategies for RisksCandidate must also: Display excellent communicating and influencing skills Display analytical and problem solving skills Be pro-active and self-motivated Display strong interpersonal and negotiating skills with all levels of staff. Display Ability and eagerness to quickly learn new technologies.

Monster