Senior Risk and Control Advisor
Shell
Bengaluru, Karnataka, India
Where you fit in The Information Risk Management function is accountable for Information Risks and Information Security in the RDS Group as an independent function within the IDT function. With more than 45,000 sites in around 80 countries, Shell is the world’s largest mobility retailer and one of the largest single-branded retailers of any kind on the planet. Retail is the face of Shell, touching the lives of 30 million customers every single day. Serving all our customers is only possible if they trust Shell. Most customers use their credit card to pay for Shell products. It is our job to continue to earn the trust of our customers by ensuring credit card transactions are safe and secure. The IRM PCI team provides assurance that all required controls are in place to meet the payment card industry (PCI) requirements. What’s your role Act as the functional specialist for IT Information Risk Management (IRM) within the Retail Class of Business (COB) Proactively review Shell’s information security and related risks, threats and vulnerabilities, legal and regulatory and Payment Card Industry (PCI) compliance Support in development of tooling to support IRM and PCI processes and ensuring this is fit for purpose Active participation in the Assurance and Architecture level discussions in the engagements Ensure and support that PCI Attestations of Compliance (AoC’s) and Reports on Compliance (RoC’s) are created and reviewed where relevant. This includes supporting Market Self-Assessment Questionnaires and external assessments where relevant Actively participate in IRM team and community meetings, representing IRM and Business interests in applying setting standards and policies for the Group and the businesses, leading to a fit for purpose, evergreen IRM framework Support maintenance and development of the PCI Control Framework and related processes and procedures What we need from you Minimum 10 years in IRM or security functions, preferably aligned with the IT control framework best practices and risk management related to PCI Knowledge in PCI DSS 3.2.1 or 4.0 Certification in ISO27001, PCI professional (PCIP) or PCI ISA/QSA Bachelor's Degree related to IT or equivalent Good understanding of, and experience with Information Risk Management, Audit (internal and external), and Business (IT) Controls Advanced understanding of internal and external IT security standards, PCI standards and relevant legal compliance aspects Robust understanding of, and solid experiences with the impact of IRM on application development and operations as well as the IT Infrastructure Solid understanding of Downstream and Retail business processes Ability to balance IRM/PCI needs and standards in light of risk and affordability to the Business as well as business impact Ability to promote high performance teams, working with inclusiveness and cultural diversity, across organizational boundaries Ability to interface with different groups (Third parties, Business and IT) internal and external to IT (security) and to network globally across Group businesses, as well as with external groups Technical knowledge & relevant experience in security domains /technologies related to Infrastructure/Network security, Identity and Access Management, Business Impact Assessment, Application security, Data Leakage Prevention, End Point Protection, Web filtering technologies, Proxies and firewalls, Vulnerability Assessment / Penetration Testing, or Cloud security.
