Risk and Control Advisory 3-8 Yrs Bangalore

**Roles and Responsibilities**

**Greetings from TechStar**

This is with regards to an excellent opportunity with us and if you have that unique and unlimited passion for building world-class enterprise software products that turn into actionable intelligence, then we have the right opportunity for you and your career.
- This is an opportunity for Permanent Employment with TechStar IT Services.**What are we looking for**:Risk and Control Advisory**Location**:Bangalore

**Type**:Permanent -**Work from Office**

**Notice Period: 15 Days/ Less**

**General Position Definition**

**IRM** (**Information Risk Management**) Function role is to ensure that Client’s Projects addresses Information Risks in an effective and efficient manner, commensurate with Shell risk appetite. Information Risk posture of Shell includes a wide variety of potential business impacts, financial, operational, health, safety and reputational loss with a potential impact of $1bln+. The IRM organization consists of a central team with the Strategy, Learning, Risk and Transformation teams and the IT Operations Organisation (ITSO) consisting of Detect and Respond Teams.

It also includes business specific teams aligning with different lines of businesses. IRM function aligns with Clients Group CIO.
- Within IRM, Risk and control (R&C) is an advisory and assurance function. As second line of defence (LOD2), R&C role requires to support, advise and assure on the risk assessment process and risk exposure for businesses.

**Position description - Purpose**

The purpose of this position is to:

- Support LoD1 and business with the translation of policies and guidelines defined by IRM teams (ERM, Security strategy teams etc..) and advise on implementation requirements.
- Review and provide assurance on risk identification and mitigations.
- Improve and contribute risk and control requirements and associated policies and guidance
- Provide guidance and training in risk management processes to various stakeholders (Business, operations / LoD1, PM’s etc.)

**Position description - Accountabilities**
- Act as an Information Risk and Control trusted advisor
- Understand Technology Landscape (Application and Infrastructure) and proactively review Shell’s information security and related threats and vulnerabilities, legal and regulatory requirements.
- Review and advise on informationsecurity risksofvendor offerings - New/leveraging existing (SAAS / PAAS/IAAS) services including integration with Shell environment.
- Translate Technical, legal and Regulatory Compliance obligations into a cohesive collection of Security Controls. Provide respective stakeholders with the IRM requirements and its implementation methodologies.
- Work with Project Managers, Business Analysts, Architecture and Support Team to ensure Shell IRM standards are being followed.
- Review VA-PT results and recommend the risks to be remediated.
- Ensure all the risks are documented, classified and addressed with appropriate action as per the IRM standards.
- Driveeducation and awareness of Information security related issues and risks to Business/Business IT Teams,
- Support in development of tooling to support IRM processes and ensuring it’s fitfor purpose.
- Actively participate in reviewing and improving the Information Security Controls implemented in the organization.
- Active participate in the Assurance and Architecture level discussions in the engagements.

**Position description - Dimensions**
- Individual Contributor, part of the Global IRM team supporting with Risk and control advisory and assurance.
- As sub lead, support team in risk advisory and drive performances.
- Works closely with LOD1 teams on risk assessment advisory and assurance
- SME supporting Project Delivery staff/Business / Business IT teams
- Support in risk assurance and audits as risk SME.

**Position description - Special Challenges**
- Communication and Stakeholder Management skills are essential for this role, being able to cut through complex IT issues and explaining those in easy Business language.

**Experience and Qualifications required**
- Good understanding of, and experience with Information Risk Management, IT Security and Compliance and Security Controls and Audit
- Advanced understanding of internal and external IT security standards, SOX, PCI, SOC2/1, ISO27001 standards and relevant legal compliance aspects.
- Ability to promote high performance teams, working with inclusiveness and cultural diversity, across organizationalboundaries.
- Good understanding of cloud security requirements and third-party control assurance.
- Ability to interface with different groups (Third parties, Business and IT) internal and external to IT (security) and to network globally across Group businesses, as well as with external groups.
- Technical knowledge & relevant experience in security domains /technologies related to:

- Infrastructure/Network security
- Identity and Access Management
- Business