Job title: Design Engineering- Risk and Control Advisor
Job description: The Role
The purpose of the IRM (Information Risk Management) Function is to ensure (as a second line of assurance, with Internal Audit providing the Third Line of Assurance) that Shell is addressing Information Risks in an effective and efficient manner, commensurate with Shell risk appetite, and being an industry leader among peers and key suppliers of security services.
The Information Risk posture of Shell includes a wide variety of potential business impacts, such as HSSE impacts, production loss, financial and maintenance operations loss, loss of Most Confidential bidding data. Each of these Information Risks has a potential impact of $1bln+.
The IRM Function defines requirements for the assessment of Information Risks, defines the selection of mandated IT Controls, and defines and executes assessments of the design and operational effectiveness of these controls. The function organises communication campaigns to impact the behaviour of business and IT staff where it relates to Information Risks.
In addition to these preventative measures, the IRM Function includes a Cyber Resilience function to understand the cyber threat landscape and the vulnerabilities to cyberattacks in IT systems and services, to detect malicious behaviour and to respond to incidents.
Given the Cyber threat landscape and its development, it is critical that the IRM Function collaborates closely with suppliers and industry peers and collaborates effectively with government agencies in key countries that Shell operates in.
The purpose of this position is to:
– Ensure Business Teams are aware of the risks in terms of Confidentiality, Integrity, Availability, Legal & Regulatory and help them make risk aware decisions.
– Ensure appropriate and sufficient security controls are in place and tested to maintain a secure posture in the organization.
– Ensure projects originating from any global location is risk assessed and reviewed for information security
Act as an Information Risk and Control Advisor
- Understand Technology Landscape (Application and Infrastructure) and proactively review Shell’s information security and related risks wrt threats and vulnerabilities, legal and regulatory compliance
- Facilitate smooth conduct of Risk Assessment (including Legal & Regulatory) on Applications, Network& Systems
- Perform end to end Security Assessment on vendor offerings – New/Leveraging existing (SAAS / PAAS/IAAS) services including integration with Shell environment.
- Work closely with the senior Risk and control advisor to Translate Technical, legal and Regulatory Compliance obligations into a cohesive collection of Security Controls and provides the respective stakeholders with the IRM requirements and its implementation methodologies. Collaborate with Controls Testing Team and ensure all the controls outlined for an application/Infrastructure are designed effectively.
- Coordinate in conducting VAPT (Vulnerability Assessment and Penetration Test), Review VA-PT results and recommend the risks to be remediated.
- Work with Project Managers, Business Analysts, Architecture and Support Team to ensure Shell IRM standards are being followed
- Ensure all the risks are documented, classified and addressed with appropriate action as per the IRM standards.
- Active participation in driving education and awareness of Information security related issues and risks to Business/Business IT Teams,
- Actively participate in reviewing and improving the Information Security Controls implemented in the organization.
- Active participation in the Assurance and Architecture level discussions in the engagements.
- Actively participate in IRM team and community meetings, representing IRM and Business interests in applying setting standards and policies for the Group and the businesses, leading to a fit for purpose, evergreen IRM framework.
- Support during Internal /External Audit
- Ensure that IRM continues to focus on risks significant to the Business, with emphasis on innovation.
Minimum 5+years of experience in Information Risk Management
- Good understanding of, and experience with Information Risk Management, IT Security and Compliance and Security Controls and Audit
- Advanced understanding of internal and external IT security standards, SOX, PCI, SOC2/1, ISO27001 standards and relevant legal compliance aspects.
- Understanding and experiences with the impact of Security on application development and operations as well as the IT Infrastructure.
- Ability to promote high performance teams, working with inclusiveness and cultural diversity, across organizational boundaries.
- Good understanding of cloud security requirements and third-party control assurance.
- Ability to interface with different groups (Third parties, Business and IT) internal and external to IT (security) and to network globally across Group businesses, as well as with external groups.
This is needed in line with the requirements above
- Knowledge of Data Security Standards: PCI DSS, Privacy Principles
- Ability to foresee and identify mitigation strategies for Risks
- Candidate must also:
o Display excellent communicating and influencing skills
o Display analytical and problem solving skills
o Be pro-active and self-motivated
o Display strong interpersonal and negotiating skills with all levels of staff.
o Display Ability and eagerness to quickly learn new technologies.
- Preferred certifications like CISSP, CISA, CRISC or CISM
- Must have previous experience in an (Information) Risk and Control Advisory role
Shell began operations in India more than 80 years ago. At Shell India, we invest in our people through our industry-leading development programmes, which see our employees, thrive and gain access to experts on a local and global level. To date, we have invested more than US$ 1 billion already in India’s energy sector alone, in socially and environmentally responsible ways. Shell is the only global major to have a fuel retail license in India.
Shell has established a new IT hub in Bangalore, and plans to scale it up over a five year period. The purpose of the IT Hub is to enable the Business by focusing on business outcomes, delivering fit for business technology solutions which enable business agility and profitable growth.
Please note: We occasionally amend or withdraw Shell jobs and reserve the right to do so at any time, including prior to the advertised closing date.
Before applying, you are advised to read our data protection policy. This policy describes the processing that may be associated with your personal data and informs you that your personal data may be transferred to Royal Dutch/Shell Group companies around the world.
The Shell Group and its approved recruitment consultants will never ask you for a fee to process or consider your application for a career with Shell. Anyone who demands such a fee is not an authorised Shell representative and you are strongly advised to refuse any such demand.
Shell is an Equal Opportunity Employer.
Location: Bangalore, Karnataka
Job date: Sun, 30 Aug 2020 22:20:21 GMT
Apply for the job now!