Irm Compliance and Assurance Advisor

**The Role**:
**Where you fit in?**

**What's the Role?**

The role is critical in ensuring that IT risk to Shell is reduced to an acceptable level and managed effectively.This is achieved by delivering quality compliance assurance that controls have been executed correctly, in line with actual control descriptions, and are ready for testing by the various testing/auditing bodies, while maintaining that correct key controls are in place to address core risk areas.

You will be responsible for providing on a day-to-day basis operational assurance on IT controls management and risk management to:

- Control Execution within GF SOM portfolio
- Findings and Remediation of findings
- Liaising with FO-IRM Controls testers
- Liaising with Managed Service Provider/Third Party Provider (if any)
- Liaising with Shell External Auditors
- Focal point for Shell Internal Auditors

**Accountabilities**
- Liaise with Central Information Risk Management (cIRM) - Compliance Monitoring Office (CMO) team with regards to FO-IRM Testing schedules
- Compliance monitoring tracking and ensuring control execution is on schedule with timely completion, remediate if any deficiency and escalate to SOM Manager and Lead/Senior Compliance Specialist.
- Support Management Tester (FO-IRM Tester) and Auditors (External & Shell Internal) in coordinating evidence gathering, performing Quality Assurance (QA) check before submitting evidence for operational effectiveness.
- Perform risk impact analysis, propose and drive remediation plans for any control failures/deficiency.
- Present Compliance Dashboard with control statuses, portfolio milestone planning, manage resource (when necessary), in-charge of Management reporting for own portfolio.
- Act as Subject Matter Expert (SME) on Information Risk Management (IRM) compliance and control-related matters.
- Provides consultation to management on ways of improving the effectiveness and efficiency of controls.
- Highlight to Services and Operations Management (SOM) Manager, Operations Lead Managers (OLMs) and Lead Compliance Specialist any potential Audit or Management Testing findings.
- Co-ordinate the integration between the Information Risk Management (IRM) function, Risk Specialist and GF SOM Operations on controls e.g. IT Controls Framework alignment, Risk Assessments.
- Co-ordinate the integration between the SOM Process team and Operations team on process improvements.
- Assist with Transition to Support control activities such as controls design testing.
- Liaise with Managed Service Provider/Vendor on Information Risk Management (IRM) compliance and control-related matters.
- Coach and provide trainings to support team to strengthen security and compliance cultures, where necessary.

**What we need from you?**

**Qualifications and Skills Mandatory**
- Degree holder with relevant experience preferably in IT Application Development & Support / Project Management
- Minimal 5-8 years IT experience and 3 years IT audit or risk management experience control assurance, information systems / security audits and compliance audits
- Experience with Sarbanes-Oxley (SOx) Compliance, Financial Control Manual (FCM), Information Security Controls, policies and procedures (i.e. ISO27000/ISO27001, Data Privacy Act (HIPAA), etc.), SAS 70/SSAE 16)
- Self-starter with good analytical ability, attention to detail and problem-solving skills
- Ability to work independently with minimum supervision
- Ability and desire to drive efficiency and seek Continual Improvement across the role
- Highly conversant in English, spoken and written, with proven communication
- Strong stakeholder management, interpersonal relationship, communication and negotiation skills.
- Proven ability to deliver results in a virtual cross-cultural organization and driving delivery excellence through influence and team working
- Understanding of business support requirements

**Dimensions and Special Challenges**
- No direct report
- May have in-direct report e.g. Managed Services from vendor organization
- This position is direct report to Compliance, Security Manager
- Virtual working in a global environment with culturally diverse teams.
- Managing multiple delivery priorities and multiple demand requests. Working with multiple stakeholders in various organizations.
- Compliance assurance to sustain Shell License to Operate and Shell global reputation
- Failure within these systems could have effects on Shell's reputation and ability to participate in these markets and fines would be very substantial
**Translated Company Description

**Preferred**
- CISA/CISM/CRISC/CISSP certification or other related Compliance certifications.
- Strong awareness of the evolving threat landscape, main vulnerabilities and other weaknesses that our IT solutions need to avoid
- Actual understanding of the IT business environment will be considered as advantageous.

COMPANY DESCRIPTION

**An innovative place to work**

There’s never been a more exciting