Risk & Control Advisor
The IRM Solution Centre is principally a new team and its objective is to enhance the overall IRM user-experience, presenting IRM as a business enabler by providing relevant advisory and directions related to managing Information Risk. The IRM Solution Centre is an evolution from the current IRM Front Office, bringing diversity of interfaces and touch points together in a single IRM Solution Centre function, while considering automation of support functions with PowerBI (reporting), RPA and Chatbots to optimize speed, quality and operational costs.
The Risk and Control Advisor Solution Centre requires understanding of business and internal needs and drive best practices through market standards ensuring appropriate risks are identified and supported. The role would need to collaborate with various teams within IRM and outside to ensure we provide appropriate advise and support to our stakeholders.
The team is accountability for consolidated (PowerBI) reporting and being the one-stop shop for all IRM related request or queries.
The role will be part of a diverse team of Risk & Control Advisors and analysts to support addressing requests, questions and queries associated with Projects, Programs, Operational requests and periodic refresh of risk perspective for applications and services.
Being part of larger Risk Advisory team, the role also requires driving initiatives that improves the overall speed, quality and efficiency towards Risk management policies and processes and develop the team for the future with better LOD 2 capabilities in Risk Advisory with relevant LOD1 activities embedded mostly with IT Engineering and ITSO.
The accountabilities of the role include:
Understands IRM and IT Services/Platforms to drive Integrated Risk Assessments.
Be a “trusted advisor” providing risk advisory on IT risks, Findings, new technologies or other business requests.
Ensure risks are documented, classified and addressed with appropriate action as per the IRM standards.
Support in development of tooling to support IRM processes and ensuring this is fit for purpose.
Active participation in driving awareness of Information security related issues and risks with Business/Business IT Teams.
Own IRM’s risk reporting provided mostly via Power BI
Below is the dimension of the role:
Demonstrate understanding of risk management skills.
Influence on the deployment of majority of new technologies and key platforms, essential to develop the future of Shell’s IT landscape in a secure and reliable manner.
Interfaces with wide set of stakeholders in IT: Portfolio Managers, ITM, Business IRM, SOM, IT Engineering – S&C and internal IRM teams.
Key Hard Skills Required:
Overall 5 – 8 years of experience in IT
Experience in IRM or security functions, preferably aligned with control framework best practices and risk management.
Demonstrated understanding of, and experience with Information Risk Management, IRM processes, the IRM portfolio, the Business (IT) Controls Framework and project delivery.
Good understanding of internal and external IT security standards, and relevant legal compliance aspects.
Understanding of and experiences with the impact of IRM on IT Services/Platforms, application development and data lifecycle.
The ability to balance IRM needs and standards considering risk and affordability to the Business as well as business impact.
Skilled at working effectively with cross functional teams in a matrix organization.
PowerBI developer skills are preferred
Key Soft Skills Required:
Customer first mindset, Excellent communication and influencing skills.
Proven analytical and problem-solving skills.
Be pro-active and self-motivated.
Display Ability and eagerness to quickly learn new technologies.
‘Reskilling Opportunity - Candidates who do not yet have all prerequisite skills as described in this job description can apply for this role and may be considered on the basis that they have relevant adjacent skills and will complete a reskilling programme to acquire the prerequisite skills.’