Jobs For IT - Information Risk Management (IRM) In SHELL
- Adherence to the IRM Risk & Controls processes including Risk Assessment, Risk Acceptance, Controls Selection and Threat and Vulnerability assessment and willing to help with continuous improvements.
- Ensure risk based information security reviews of projects are performed to ensure they meet good security architectural & design principles.
- Ensure that security reviews in projects will be leading to compliance with IRM requirements and an effective implementation of IRM controls in an operational service. (Please note projects can be implementation of new tools for business processes, new service delivery or changes to existing services to the various businesses)
- Ability to effectively consult with staff at all levels on appropriate ways to implement and use the IRM requirements.
- Ensure and provide assurance of compliance with the Group IT Security Framework.
- Able to use elements of the industry standard frameworks (ISO 27001/2, COBIT), SOx404 in their daily work
- Provide steer and influence of behaviours of staff as part of mitigating information risks
Strong interpersonal, communication, teamwork and negotiating skills.
- The ability to interface with many different groups within and outside of IRM, and to network globally across Group businesses and with external groups.
- Strong ability to influence and deliver across organizational boundaries.
- Strong analytical and problem solving skills.
- Ability to assist in setting direction, communicating and implementing a shared vision with respect to IRM.
- Ability to promote, participate in and/or lead high performance teams working with inclusiveness, and cultural diversity and crossing organizational boundaries.
- Pro-active and self-motivated.
Strong understanding of, and 5-15 (Across job levels) years of solid experiences with information risk management and its impact on application development, operations, as well as the underlying IT Infrastructure components.
- Strong understanding and experiences with control selection, implementation and testing
- Demonstrated understanding with IT security audits (both internal and external).
- A qualification in CISSP, CISA, CRISC or CISM
- Advanced understanding of the internal and external IT security standards, and relevant legal compliance aspects.
- Demonstrated work experience in supporting medium to large scale projects with information risk assessments and mitigation
- The ability to assess and balance IRM needs and standards in light of risk and cost.
- Strong IT technical knowledge and experience across infrastructure platforms such as Windows, Linux, clusters, Database tools like Oracle and SQL, virtual work space, PCD, Cloud infrastructure and hosting, telecoms) or major applications like SAP, SharePoint.
Other areas of desired specific knowledge include:
- Business Continuity Management (BCP / DRP)
- Legal & Regulatory Compliance (to include, but not limited to Trade Controls, SOx/FCM, Data Privacy, Records Management)
About the company
Shell The longer an oil’s life, the less fluid maintenance is required to run your equipment.