Skip to main content

Design Engineering-Senior Risk & Control Advisor


Search again

Design Engineering-Senior Risk & Control Advisor

< Back to search results

Reference ID 140681BR_EN Updated 28/06/2020 Experience level Experienced Professionals
Country India City/State Bangalore RMZ-ECO WORLD Work Location Bangalore RMZ-ECO WORLD

The Role

The Security & Compliance (S&C) Competency Centre (CC) Senior Analyst supports in the identification, prioritization and management of all Confidentiality, Integrity, Availability and Regulatory risks to the services delivered by Shell IT and suppliers. This is to ensure the risk to Shell is reduced to an acceptable level and managed effectively and is achieved by ensuring an appropriate risk and control framework is in place, identifying, assessing and developing remediation plans for all risks and by ensuring all new developments are appropriately assessed. This job requires extensive interaction with IRM staff and other business risk related roles in Shell like portfolio managers, project managers, (security) architects and component service managers/Operations Landscape managers.

The Security & Compliance (S&C) Competency Centre (CC) Senior Analyst is responsible for the following:

Project Review and Technical Advice

Review all new high risk projects; new technical designs; for Information risks and advise on suitable controls and mitigations at early stages of the program.
  • Lead the S&C Analyst for specific technology and advice on the Information security for their projects.
  • Offer advice to Shell and suppliers to assist in resolving questions and issues around how to manage risk
  • Provide Subject Matter Expertise for projects and business stakeholders, in combination with the Improvement Program.
  • Work with the architecture community to review new technology and architecture innovations.
  • The Security & Compliance (S&C) Competency Centre (CC) Senior Analyst is responsible for supporting the following:

    Risk Management and Mitigation

  • Assess and classify all potential business and infrastructure information risks.
    Execute, with suppliers, risk analyses on IT application/services.
    Develop and socialize our overall risk profile and action plans to mitigate risks
    Review and recommend approval project charters
  • Facilitate smooth conduct of Risk Assessment (including Legal & Regulatory) on Applications, Network& Systems
  • Perform end to end Security Assessment on vendor offerings – New/Leveraging existing (SAAS / PAAS/IAAS) services including integration with Shell environment.
  • Translate Technical, legal and Regulatory Compliance obligations into a cohesive collection of Security Controls and provides the respective stakeholders with the IRM requirements and its implementation methodologies.
  • Support in development of tooling to support IRM processes and ensuring this is fit for purpose.
  • Actively participate in S&C team and community meetings, representing S&C and Business interests in other CC forums.
  • Support during Internal /External Audit
  • Ensure that S&C continues to focus on risks significant to the Business, with emphasis on innovation.

  • Relevant (6 years) experience with Information security and risk management
  • Good understanding of, and experience with Information Risk Management, IT Security and Compliance and Security Controls and Audit
  • Advanced understanding of internal and external IT security standards, SOX, PCI, SOC2/1, ISO27001 standards and relevant legal compliance aspects.
  • Robust understanding of, and solid experiences with the impact of Security on application development and operations as well as the IT Infrastructure.
  • Ability to promote high performance teams, working with inclusiveness and cultural diversity, across organizational boundaries.
  • Good understanding of cloud security requirements and third-party control assurance.
  • Ability to interface with different groups (Third parties, Business and IT) internal and external to IT (security) and to network globally across Group businesses, as well as with external groups.
  • Technical knowledge & relevant experience in security domains /technologies related to:\\
  • Infrastructure/Network security
  • Identity and Access Management
  • Business Impact Assessment
  • Application security
  • Data Leakage Prevention
  • End-Point Protection
  • Web filtering technologies, Proxies and firewalls.
  • Vulnerability Assessment / Penetration Testing
  • Cloud security
  • Knowledge of Data Security Standards: PCI DSS, Privacy Principles
  • Driving Platform / Application security and compliance
  • Ability to foresee and identify mitigation strategies for RisksCandidate must also:
    • Display excellent communicating and influencing skills
    • Display analytical and problem solving skills
    • Be pro-active and self-motivated
    • Display strong interpersonal and negotiating skills with all levels of staff.
Display Ability and eagerness to quickly learn new technologies

Shell began operations in India more than 80 years ago. At Shell India, we invest in our people through our industry-leading development programmes, which see our employees, thrive and gain access to experts on a local and global level. To date, we have invested more than US$ 1 billion already in India’s energy sector alone, in socially and environmentally responsible ways. Shell is the only global major to have a fuel retail license in India.
Shell has established a new IT hub in Bangalore, and plans to scale it up over a five year period. The purpose of the IT Hub is to enable the Business by focusing on business outcomes, delivering fit for business technology solutions which enable business agility and profitable growth.

Please note: We occasionally amend or withdraw Shell jobs and reserve the right to do so at any time, including prior to the advertised closing date.

Before applying, you are advised to read our data protection policy. This policy describes the processing that may be associated with your personal data and informs you that your personal data may be transferred to Royal Dutch/Shell Group companies around the world.

The Shell Group and its approved recruitment consultants will never ask you for a fee to process or consider your application for a career with Shell. Anyone who demands such a fee is not an authorised Shell representative and you are strongly advised to refuse any such demand.

Shell is an Equal Opportunity Employer.

Working in Bengaluru

Take a look at the map to see what's nearby.

Explore location

Sign up for job alerts

Do you want to find out about future opportunities at Shell? Simply sign up by providing your email address and search criteria in the boxes below and we will deliver job alerts straight to your inbox.

Interested InSelect a job category from the list of options. Select a location from the list of options. Finally, click “Add” to create your job alert.

  • Information Technology, Bengaluru, Karnataka, IndiaRemove