Irm Compliance and Assurance Advisor

**The Role**:
**Where you fit in**

Shell began operations in India more than 80 years ago. At Shell India, we invest in our people through our industry-leading development programmes, which sees our employees thrive and gain access to experts on a local and global level. To date, we have invested more than US$ 1 billion already in India’s energy sector alone, in socially and environmentally responsible ways. Shell is the only global major to have a fuel retail license in India. Shell aims to establish a new IT hub in Bangalore, and scale it up over a five year period.

**What’s the role**
- This role will provide an opportunity to work as a part of the Information Risk Management - Compliance & assurance team within IDT Services and Operations (IDSO).
- It covers areas such as Subsurface Imaging & Interpretation, Wells Delivery, Wells Reservoir & Facilities Management, Process Modeling & Optimization, Smart Solutions, Process Control Domain IT, Project & Engineering, Contracts & Procurement, PT Sites, Safety and Environment, Connected Business, Digital IT (including e.g. High Performance Computing, Advanced Analytics) and Technical Infrastructure.
- The Information Risk Management Compliance and Assurance Advisor is a horizontal within this team taking care of the Information Risk, Compliance and Assurance activities.

**What we need from you**
- Shape and drive a comprehensive embedded approach towards control self-assessment Business As usual activities across the unit. The key focus areas would be:

- IT General Controls Monitoring
- SOX, FCM, BC
- Externally Facing Application controls, Production and Non-Production Environment controls
- Finding Management (Closure)
- Act as “LOD-1” and demonstrate “Management in Control” has ownership, responsibility, and accountabilities for mitigating risks.
- Face off with LOD-2 and LOD-3 “Audits (both external and internal)”.
- Ensure the IRM activities like Controls execution, management testing for BAU, Risk Management, Audit Management and Vulnerability Management are executed as per agreed plan and timelines
- Drive Continuous Improvement through various levers like automation, standardization, & rationalization of IRM LOD1 activities thereby reducing compliance burden
- Support Internal and external audits, perform pre-audit heath checks and monitor effective Internal Actions close out.
- Evaluate SOC II reports for sufficiency and drive risk mitigation for open risks
- Ensure appropriate and sufficient IT general controls are in place and operated effectively
- Understand Technology Landscape (Application and Infrastructure) and proactively review in-scope landscape for risks wrt threats and vulnerabilities, legal and regulatory compliance
- Perform Security Assessment on vendor offerings - New/Leveraging existing (SAAS / PAAS/IAAS) services
- Strong interpersonal, communication, teamwork and negotiating skills.
- Be the primary interface with many different groups within and outside of Information Risk Management, and to network globally across Group businesses and with external groups.
- Influence and deliver across organizational boundaries.

**What we need from you**
- Bachelor's degree or equivalent work experience, with 4-7 years of experience in Information Risk Management.
- Demonstrated understanding and experiences with IT security audits (both internal and external), Risk management, and Information Risk Management control selection, implementation, and testing.
- Advanced understanding of the internal and external IT security standards, and relevant legal compliance aspects.
- The ability to assess and balance Information Risk Management needs and standards considering risk and cost.
- Ability to translate risk control objectives into meaningful business risk language for service controls owners
- Technical awareness across most supported infrastructure platforms (Windows, Linux, clusters, virtual workspace, PCD, Cloud).
- Excellent verbal and written presentation skills.
- Ability to work in a global, complex environment with multiple stakeholders.
- You must be highly motivated with good communication skills with proven ability to work within a team environment and ability to work unsupervised.

Preferred
- Understanding of IT Service Delivery in a multinational company to deliver IT services via multiple Working Companies to multiple Operating Business Companies receiving the services.
- Strong relationship skills to work with multiple stakeholders across organizational and business boundaries at all levels
- Relevant experience preferably in Application Development & Support / Project Management.
- Good understanding of Project Delivery Framework.
- Ability to promote, participate in and/or lead high performance teams working with inclusiveness, and cultural diversity and crossing organizational boundaries.
- Business Continuity Management.

**COMPANY DESCRIPTION**

Shell is a global energy company where we work towards power