Shell has established a new IT hub in Bangalore, and plans to scale it up over a five year period. The purpose of the IT Hub is to enable the Business by focusing on business outcomes, delivering fit for business technology solutions which enable business agility and profitable growth.
Job Description General Accountabilities:
- Ongoing control assessment and compliance monitoring to ensure proactive identification and notification of control weaknesses and security incidents.
- Performing deficiency analysis and supporting development and tracking of remediation action plans.
- Supporting management’s assessment of the IT control environment.
- Collaborate with offshore testing team and IT Security Managers, on outcome of assessments of the design and operating effectiveness of IT controls.
- Engaging with user community to raise information protection awareness.
- Support the development of the professional skills of staff and coach them to conduct consistent high quality compliance monitoring.
- Support IRM program initiatives where required. Carry out compliance monitoring activities to ensure compliance with information risk management policies and standards:
- Support establishing the effectiveness of design and operation of IT controls
- Support delivery of Compliance Monitoring services to the business.
- Collaborate with testing team to execute annual assessment of the design and operating effectiveness of IT controls.
- Where required, support auditors and auditees during internal and external audits of information systems and IT processes.
- Assist IT operations with development and monitoring of action plans related to findings, including analysis, reporting and recording.
- Champion the standardization, automation and other improvement of controls and processes, providing control analysis and design support.
- Champion the expansion and maturity of compliance monitoring capabilities.
- Develop effective working relationships with stakeholders and partners.
- Strong interpersonal, diplomatic and negotiating skills for all levels of staff.
- Proven experience with stakeholder management, especially in a multi-sourcing and multi-national environment.
- History of results and delivery focus, with proven experience to support.
- Process-oriented thinker who can build relationships with process owners/architects, project managers, IT & IM Managers, and operations management as required.
- Good understanding of, and experience with, compliance and its impact on application development and operations.
- Understanding and experience with Internal and External Audit, Information Risk Management and Business Controls.
- General knowledge of IT controls and control frameworks (e.g., Cobit, ISO 27001).
- Display a systematic, disciplined and analytical approach to problem solving with demonstrable verbal and written communication skills.
- Ability to interface with many different groups within and outside of IT.
- Candidate must also:
- Be pro-active and self-motivated
- Have a good understanding of different cultures
- Be able to work in virtual teams.
Industry recognized certifications are an advantage, i.e. CISSP, CISM, GCIH, CISA, CRISC.
Job Experience Requirements:
- Relevant experience (> 2 years) in IRM-related compliance roles or Information Security roles
- This position could be filled by someone from outside the IT function, who has a strong control background (e.g. in Controllers area or internal audit).