This role is a member of the Trading and Supply Risk and Compliance team (also referred to as Controls team) covering all Trading & Supply SOM portfolios with focus on SOX and is responsible for advisory and assurance of T&S controls framework, coordination of internal and external/SOX audit responses, ensuring supplier operations meet the evidence requirements of the IT general controls (includes Legal & Regulatory), and onboarding of new controls as requirements for new applications/projects per IRM guidance.
You will be an integral part of IT Operations and accountable for proactively managing IT security, IT compliance, and related risks across Shell Trading and Supply IDT to ensure businesses receive operational services and products in a secure manner in line with our IT Control Framework as well as IRM strategies, policies, and processes.
The role is both visible and influential. As Security & Controls Advisor you will improve the IT controls landscape, drive/monitor remediation activities to mitigate significant risks to the Trading and Supply business, and champion standardization and automation of controls as the future state of our assurance cycles.
You will provide subject matter expert support, guidance and leadership on information risk management, IT Controls, application security, and assurance matters. With those activities, you will work closely together with Landscape Managers who are end-to-end accountable for IT operations for a specific domain and you will be coaching their teams to understand their accountabilities in keeping Shell Trading and Supply secure.
Your remit also includes providing insight and visibility of IT General Controls status (ITGCs) and related risks – you’ll be a key interface for ITGCs between your IT colleagues and IRM. Technical security aspects, e.g. follow up on threats and vulnerabilities as detected by our global Cyber Defense Team, are also part of your role.
Accountabilities
Ensure regulatory and compliance controls are embedded in landscape operations and assist with timely evidence collection and readiness for audit purposes.
Performs quality assurance reviews of control execution by the managed services.
Works closely with IRM to understand requirements of the controls and ensure new controls are designed and implemented appropriately across the organization.
Coordinate responses for internal and external/SOX audits.
Ensures all findings actioned on a timely basis and, where possible, remediated according to plan.
Establish, build, and enhance the skill set of Control Owners and Operators within the IT portfolio.
Manage/support leadership dashboards for controls and findings status.
Dimensions and Special Challenges
No direct reports, but motivates, instructs, and drives indirect reports in Managed Service teams operating our controls.
Role works across all T&S portfolios with 100+ registered controls.
Virtual working in a global environment with culturally diverse teams. Managing multiple delivery priorities and multiple demand requests. Working with multiple stakeholders in various organizations.
Risks – License to Operate, Global reputation, $100’s of millions at risk.
Qualifications and Skills
Mandatory
Typical Years of Experience: 5 to 8 years in IT
Minimum Education or Certification: 4-year Degree related to IT, Information Security, Information Risk Management).
Experience in IT Risk Management.
Proven knowledge of SOX and IT controls and frameworks (e.g. ISO 27001, Cobit, COSO, ISO).
Exposure to IT Audit (both internal and external).
Exposure to IT Operations and ITIL processes.
You know your way around external IT security standards, such as COSO, ISO 27001 plus related legal compliance aspects, such as privacy.
Must have very strong verbal and written communication skills.
Strong stakeholder, interpersonal relationship, and negotiation skills.
Proven ability to deliver results in a matrix organization driving delivery excellence through influence and team working.
Ability to handle concurrent tasks with appropriate priority.
Ability to operate in a virtual cross-cultural organization.
Ability to deal with conflict and ambiguity effectively.
Understanding of the IT business technical environment (includes databases, application servers) will be considered as advantageous
Preferred
Industry recognized certification and/or security or audit related qualification (i.e. ISO 27001 Lead Implementer, ISO 27001 Lead Auditor, CISA, CISSP, CISM, CIA)
Proven experience in performing internal audits on IT systems, infrastructure and IT Security at the system or application level.
Experience in IT Services Management
Technical knowledge and experience with database platforms; Oracle, Sybase, Microsoft SQL
Technical knowledge and experience with cloud platforms; Microsoft Azure, Amazon Web Services
Strong relationship skills to work with multiple stakeholders across organizational and business boundaries at all levels
Disclaimer
Please note: We occasionally amend or withdraw Shell jobs and reserve the right to do so at any time, including prior to the advertised closing date. Before applying, you are advised to read our data protection policy. This policy describes the processing that may be associated with your personal data and informs you that your personal data may be transferred to Royal Dutch/Shell Group companies around the world. The Shell Group and its approved recruitment consultants will never ask you for a fee to process or consider your application for a career with Shell. Anyone who demands such a fee is not an authorised Shell representative and you are strongly advised to refuse any such demand. Shell is an Equal Opportunity Employer.
Job Description At NTT we believe that by using innovative technology we can solve global challenges and create a world...
Apply For This JobBiitcode is urgently hiring Linux System Administration. We are looking for a Linux System Administration to build software using languages...
Apply For This JobPosition Title: Sr. Developer, IT Manufacturing (SAP MII/MES) Position Summary:Provides support and works on new implementations of SAP MII technology...
Apply For This Job1. Liasoning with govt department and coordinating with all stakeholder including MSI 2.Project execution, planning, monitoring and timely delivery. 3.coordinating...
Apply For This JobThe Company Hitachi Vantara, a wholly owned subsidiary of Hitachi, Ltd., helps data-driven leaders use the value in their data...
Apply For This JobLine of Service Advisory Industry/Sector Not Applicable Specialism SAP Management Level Manager Job Description & Summary A career within SAP...
Apply For This Job