Irm Compliance and Assurance Advisor

**The Role**:
**Job Purpose**

The IRM Compliance & Assurance Advisor is part of the new CyberDefence & Risk Operations team focus on improving the compliance operations across ITSO. The purpose of the role is to identify key IRM activities across ITSO and define methods to track and compile data to make the ITSO compliance position visible and clear to the senior leadership. This perspective will be used to propose and implement improvements that will reduce the compliance burden across ITSO. The compliance advisors will also identify learning requirements and assess the demand across ITSO in order to deliver necessary training and awareness.

The IRM Compliance & Assurance Advisor will partner with the Senior Compliance Advisor and act as the ITSO focal point for control and compliance operations across ITSO. By developing and maintaining an oversight for all operations compliance status, including but not limited to, vulnerabilities; findings; risk acceptance; control operations; this role will conduct assessments on the overall impact to ITSO from a control & compliance perspective. Most importantly to enable and support a consistent delivery approach for ITSO on required compliance activities based on risk, time, affordability and feasibility. The role will work with the team lead to recommend an ITSO prioritisation and will maintain high level plans for delivery.

The IRM Compliance & Assurance Advisor will maintain an oversight for the control and compliance initiatives across ITSO for management reporting. Use the data to drive progress and act as single contact point for the IRM to enable ITSO SOMs to focus on the control operation. The role will also be responsible to identify process improvements to simplify the compliance operations across ITSO.

Additionally, by gathering control status, findings, penetration test results and other data the role will contribute to the Cyber Defence theme-based reporting and will identify a consistent approach to mitigate the risk.

**Accountabilities**
- Work with the Senior Compliance Advisor to organise guidance and best practice for control compliance.
- Work with the Senior Compliance Advisor to communicate and maintain oversight of control compliance requirements for third party (ITSO managed enterprise suppliers) and the agreed processes and tools are in place.
- Maintain oversight of finding and vulnerability remediation.
- First point of contact for ITSO compliance operation and status.
- Identify process improvements and cross business learning (e.g. finding triage, cockpit, collective clean-up)
- Drive and conduct compliance awareness and training.
- Maintain oversight for control compliance, risk acceptance.
- Manage ITSO IRM project implementation reporting.
- Drive and embed standard reporting and dashboard for operation compliance.
- Conduct detail assessment for impact to ITSO from control & compliance updates.
- Support to define the scope, prioritisation and the plan with consistent an approach to deliver.
- Support Cyber Defence theme-based reporting and identify consistent approach to mitigate the risk.
- This role reports to the Compliance Ops and Reporting Lead and has no direct reports.

**Special Challenges**:
**Skills & Requirements**:

- Any Graduate
- Over-all 5 - 8 years of IT experience
- Experience with Information security and risk management.
- Must have previous experience in control monitoring and assurance.
- Good understanding of, and experience with Information Risk Management, IT Security and Compliance and Security Controls and Audit
- Practical understanding of, and experience with, Shells IT infrastructure, architecture and technology solutions.
- Knowledge of external Legal, Regulatory and industry best industry requirements, and Data Privacy regulations
- Ability to take loosely defined requirements and translate them into clearly defined reporting and dashboard design.
- Flexibility of approach, style and attitude.
- Experience in working with global team.
- Competent and familiar with the IT Controls Framework practices.
- Understanding of IT operation and SOM ways of working.
- Experience with Continuous Improvement ways of working.
- Pro-active and self-motivated.
- Superior analytical skills, with demonstrated ability to dive in and quickly understand root cause and identify scalable solutions
- Strong proficiency in analytical tools including Microsoft Excel, PowerBI.
- Strong team player, must be able to work with others and contribute to help solve complex issues
- Preference for any of the following certifications: CRISC, CISSP.
**Disclaimer