Sr. Risk and Control Advisor - PCI DSS
Where you fit in
The Information Risk Management function is accountable for Information Risks and Information Security in the RDS Group as an independent function within the IDT function. With more than 45,000 sites in around 80 countries, Shell is the world’s largest mobility retailer and one of the largest single-branded retailers of any kind on the planet. Retail is the face of Shell, touching the lives of 30 million customers every single day. Serving all our customers is only possible if they trust Shell. Most customers use their credit card to pay for Shell products. It is our job to continue to earn the trust of our customers by ensuring credit card transactions are safe and secure. The IRM PCI team provides assurance that all required controls are in place to meet the payment card industry (PCI) requirements.
What’s your role
- Act as the functional specialist for IT Information Risk Management (IRM) within the Retail Class of Business (COB)
- Proactively review Shell’s information security and related risks, threats and vulnerabilities, legal and regulatory and Payment Card Industry (PCI) compliance
- Support in development of tooling to support IRM and PCI processes and ensuring this is fit for purpose
- Active participation in the Assurance and Architecture level discussions in the engagements
- Ensure and support that PCI Attestations of Compliance (AoC’s) and Reports on Compliance (RoC’s) are created and reviewed where relevant. This includes supporting Market Self-Assessment Questionnaires and external assessments where relevant
- Actively participate in IRM team and community meetings, representing IRM and Business interests in applying setting standards and policies for the Group and the businesses, leading to a fit for purpose, evergreen IRM framework
- Support maintenance and development of the PCI Control Framework and related processes and procedures
What we need from you
- Minimum 10 years in IRM or security functions, preferably aligned with the IT control framework best practices and risk management related to PCI
- Knowledge in PCI DSS 3.2.1 or 4.0
- Certification in ISO27001, PCI professional (PCIP) or PCI ISA/QSA
- Bachelor's Degree related to IT or equivalent
- Good understanding of, and experience with Information Risk Management, Audit (internal and external), and Business (IT) Controls
- Advanced understanding of internal and external IT security standards, PCI standards and relevant legal compliance aspects
- Robust understanding of, and solid experiences with the impact of IRM on application development and operations as well as the IT Infrastructure
- Solid understanding of Downstream and Retail business processes
- Ability to balance IRM/PCI needs and standards in light of risk and affordability to the Business as well as business impact
- Ability to promote high performance teams, working with inclusiveness and cultural diversity, across organizational boundaries
- Ability to interface with different groups (Third parties, Business and IT) internal and external to IT (security) and to network globally across Group businesses, as well as with external groups
- Technical knowledge & relevant experience in security domains /technologies related to Infrastructure/Network security, Identity and Access Management, Business Impact Assessment, Application security, Data Leakage Prevention, End Point Protection, Web filtering technologies, Proxies and firewalls, Vulnerability Assessment / Penetration Testing, or Cloud security.
Shell is a global energy company where we work towards powering progress through more and cleaner energy solutions. We use advanced technologies and take an innovative approach to help build a sustainable energy future. In India Shell has its businesses footprint in Information Technology, Projects & Technology, Finance Operations, Integrated Gas, Downstream & Upstream spread across more than 7 main locations.
An innovative place to work
There’s never been a more exciting time to work at Shell. Everyone here is helping solve one of the biggest challenges facing the world today: bringing the benefits of energy to everyone on the planet, whilst managing the risks of climate change.
Join us and you’ll add your talent and imagination to a business with the power to shape the future – whether by investing in renewables, exploring new ways to store energy or developing technology that helps the world to use energy more efficiently.
An inclusive place to work
To power progress together, we need to attract and develop the brightest minds and make sure every voice is heard. Here are just some of the ways we’re nurturing an inclusive environment – one where you can express your ideas, extend your skills and reach your potential.
We’re creating a space, where people with disabilities can excel through transparent recruitment process, workplace adjustments and ongoing support in their roles. Feel free to let us know about your circumstances when you apply, and we’ll take it from there.
We’re closing the gender gap – whether that’s through action on equal pay or by enabling more women to reach senior roles in engineering and technology.
We’re striving to be a pioneer of an inclusive and diverse workplace, promoting equality for employees regardless of sexual orientation or gender identity.
We consider ourselves a flexible employer and want to support you finding the right balance. We encourage you to discuss this with us in your application.
A rewarding place to work
Combine our creative, collaborative environment and global operations with an impressive range of benefits and joining Shell becomes an inspired career choice.
We’re huge advocates for career development. We’ll encourage you to try new roles and experience new settings. By pushing people to reach their potential, we frequently help them find skills they never knew they had, or make career moves they never thought possible.