The Job logo

What

Where

Senior Risk and Control Advisor

ApplyJoin for More Updates

You must Sign In before continuing to the company website to apply.

Where you fit in

The Information Risk Management function is accountable for Information Risks and Information Security in the RDS Group as an independent function within the IDT function. With more than 45,000 sites in around 80 countries, Shell is the world’s largest mobility retailer and one of the largest single-branded retailers of any kind on the planet. Retail is the face of Shell, touching the lives of 30 million customers every single day. Serving all our customers is only possible if they trust Shell. Most customers use their credit card to pay for Shell products. It is our job to continue to earn the trust of our customers by ensuring credit card transactions are safe and secure. The IRM PCI team provides assurance that all required controls are in place to meet the payment card industry (PCI) requirements.

What’s your role

  • Act as the functional specialist for IT Information Risk Management (IRM) within the Retail Class of Business (COB)
  • Proactively review Shell’s information security and related risks, threats and vulnerabilities, legal and regulatory and Payment Card Industry (PCI) compliance
  • Support in development of tooling to support IRM and PCI processes and ensuring this is fit for purpose
  • Active participation in the Assurance and Architecture level discussions in the engagements
  • Ensure and support that PCI Attestations of Compliance (AoC’s) and Reports on Compliance (RoC’s) are created and reviewed where relevant. This includes supporting Market Self-Assessment Questionnaires and external assessments where relevant
  • Actively participate in IRM team and community meetings, representing IRM and Business interests in applying setting standards and policies for the Group and the businesses, leading to a fit for purpose, evergreen IRM framework
  • Support maintenance and development of the PCI Control Framework and related processes and procedures

What we need from you

  • Minimum 10 years in IRM or security functions, preferably aligned with the IT control framework best practices and risk management related to PCI
  • Knowledge in PCI DSS 3.2.1 or 4.0
  • Certification in ISO27001, PCI professional (PCIP) or PCI ISA/QSA
  • Bachelor's Degree related to IT or equivalent
  • Good understanding of, and experience with Information Risk Management, Audit (internal and external), and Business (IT) Controls
  • Advanced understanding of internal and external IT security standards, PCI standards and relevant legal compliance aspects
  • Robust understanding of, and solid experiences with the impact of IRM on application development and operations as well as the IT Infrastructure
  • Solid understanding of Downstream and Retail business processes
  • Ability to balance IRM/PCI needs and standards in light of risk and affordability to the Business as well as business impact
  • Ability to promote high performance teams, working with inclusiveness and cultural diversity, across organizational boundaries
  • Ability to interface with different groups (Third parties, Business and IT) internal and external to IT (security) and to network globally across Group businesses, as well as with external groups
  • Technical knowledge & relevant experience in security domains /technologies related to Infrastructure/Network security, Identity and Access Management, Business Impact Assessment, Application security, Data Leakage Prevention, End Point Protection, Web filtering technologies, Proxies and firewalls, Vulnerability Assessment / Penetration Testing, or Cloud security.
Set alert for similar jobsSenior Risk and Control Advisor role in Bengaluru, India
Shell Logo

Company

Shell

Job Posted

a year ago

Job Type

Full-time

WorkMode

On-site

Experience Level

8-12 Years

Category

IT Services and IT Consulting

Locations

Bengaluru, Karnataka, India

Qualification

Bachelor

Applicants

Be an early applicant

Related Jobs

Shell Logo

IRM Compliance and Assurance Advisor

Shell

Bengaluru, Karnataka, India

Posted: a year ago

Coordinate and oversee IT and digital solution Assurance for the enterprise. Single contributor with a broad range of stakeholders. Coordinate cross-functional teams and execution of assurance queries. Maintain assurance knowledge base and Supplier Assurance Process. Demonstrate alignment with business objectives.

GE (General Electric) Logo

Sr Staff Risk Advisor

GE (General Electric)

Bengaluru, Karnataka, India

Posted: a year ago

Job Description Essential Responsibilities: Area of Responsibility (AoR) - Asia Act as Operational Technology (OT) Liaison for the BISO team Partner with GE Aerospace Enterprise Cybersecurity, manage the strategic roadmap for cybersecurity initiatives and measure program effectiveness for the business, with a focus on managing cybersecurity and compliance risk as it relates to the product portfolio and business Be responsible for identifying and communicating regional cyber risk along with regional requirements for cyber security and compliance to the appropriate Business Unit BISOs, business leaders and Enterprise Cybersecurity teams and collaborate on creating and implementing risk response plans. Drive consistency across all business units in the design and implementation of cybersecurity and compliance risk management Collaborate with other BISOs to create standard work and share best practices roadmap for cybersecurity initiatives and measure program effectiveness for the business, with a focus on managing cybersecurity and compliance risk as it relates to the product portfolio and business Develop business domain expertise to inform the cybersecurity and compliance risk management strategy Provide regular program updates and risk briefings to DT leadership, BISOs, CISO, program teams, CIO and other business focals Serve as a cybersecurity and technology risk subject matter expert for the business (DT and functional stakeholders) Provide guidance and advocacy regarding the prioritization of investments that impact information security Advise on risk issues related to cybersecurity, compliance & technology and recommend actions in support of the businesses’ wider risk management and compliance programs Aid in the vetting, implementation, and enforcement of GE Aerospace policies & standards Maintain documentation of the Cybersecurity program and requirements for regulatory compliance Partner with the business and DT leadership teams to define the business risk management and risk treatment strategies Coordinate cybersecurity and technology risk remediation activities, inclusive of responding to code reds and developing standard work to address cybersecurity and compliance risks Increase the cybersecurity and compliance awareness of the DT organization via security awareness and training campaigns Work under the direction of the primary BISO for each Business Unit as needed Other duties as assigned ​ ​​Qualifications / Requirements: Bachelor's Degree in Computer Science or STEM” Majors (Science, Technology, Engineering and Math) with minimum years of experience 8 years.  

Deutsche Bank Logo

IT Governance and Control Officer

Deutsche Bank

New York City, New York, United States

Posted: a year ago

JOB DESCRIPTION Today, markets face a whole new set of pressures – but also a whole lot of opportunity too. Opportunity to innovate differently. Opportunity to invest responsibly. And opportunity to make change.   Join us at DWS, and you can be part of an industry-leading firm with a global presence. You can lead ambitious opportunities and shape the future of investing. You can support our clients, local communities, and the environment.   We’re looking for creative thinkers and innovators to join us as the world continues to transform. As whole markets change, one thing remains clear; our people always work together to capture the opportunities of tomorrow. That’s why we are ‘Investors for a new now’.   As investors on behalf of our clients, it is our role to find investment solutions. Ensuring the best possible foundation for our clients’ financial future. And in return, we’ll give you the support and platform to develop new skills, make an impact and work alongside some of the industry’s greatest thought leaders. This is your chance to achieve your goals and lead an extraordinary career.   This is your chance to invest in your future.   Read more about DWS and who we are here. Team / division overview The IT Governance team within Technology & Operations ("T&O") controls and monitors IT operations and the further development of IT systems, including the associated IT processes, based on the IT strategy. IT governance within DWS Technology ensures that regulatory requirements are known, understood and followed. DWS management is informed by the IT governance function of compliance with controls over KPIs and associated risks. The role of IT governance is global and requires interaction with many areas of DWS and DB. IT Governance currently consists of a five-strong team based in Frankfurt, Luxembourg and India.   Role Details As a/an IT Governance and Control Officer you will (be): Ensuring that the organization's IT systems are secure, reliable, and compliant with regulatory requirements and adhering to IT policies, procedures and standards Developing and implementing IT risk management strategies. Monitoring and tracking of IT KPIs to assess DWS' IT risks Preparation of the IT KPIs in reports for the management of DWS Monitoring remediation of IT relevant audit findings Assist in closing / extending / risk acceptance / reassessment of audit findings Support in creating and updating the DWS IT strategy Ad hoc assessment of issues as they arise or other requests from management, including implementation of potential corrective actions Support in the implementation of change initiatives, especially initiatives with a regulatory background Contribution in large project work streams at DWS     We are looking for  Master's degree (or equivalent) a plus Several years of professional experience in the technology / asset management sector (ideally at DWS/DB) , experienced in Audit, Information Security, Compliance, Risk Management preferred Very good IT knowledge (databases, interfaces, scripts, information security controls, etc.) Knowledge of the regulatory requirements for IT in the asset management area Excellent analytical skills and structured approach; Ability to grasp new topics quickly and create the right framework for further evaluation and implementation Personal initiative, results orientation and leadership qualities with regard to the independent implementation of medium-sized initiatives Ideally, a broad network in the business areas of DWS Advanced knowledge of using MS Excel/Powerpoint/Word to analyze and present complex issues; other project management and visualization tools are beneficial Basic application knowledge of programming languages ​​(e.g. for the analysis and processing of data or the creation of models and templates) is an advantage Real team player in constantly changing work groups Excellent communication skills both within working groups and in presenting results in a clear and concise manner Very good knowledge of the English language (spoken and written) What we’ll offer you: At DWS we’re serious about diversity, equity and creating an inclusive culture where colleagues can be themselves sand it’s important to us that you enjoy coming to work - feeling healthy, happy and rewarded. At DWS, you’ll have access to a range of benefits which you can choose from to create a personalized plan unique to your lifestyle. Whether you’re interested in healthcare, company perks, or are thinking about your retirement plan, there’s something for everyone.   The salary range for this position in New York City is $99,000 to $148,000.  Actual salaries may be based on a number of factors including, but not limited to, a candidate’s skill set, experience, education and other qualifications.  Posted salary ranges do not include incentive compensation or any other type of renumeration.   Some of our core benefits: Competitive Salary and Matched 401K Savings Plan Generous Paid Time Away plus Bank Holidays Physical and Mental Health Well-Being benefits including (but not limited to) Health & Life Insurance Plans and the support of trained Mental Health First Aiders Family friendly benefits including generous parental leave packages (supporting all variations of family set-ups), to healthcare plans and travel insurance The opportunity to support our CSR strategy which is focused on combatting climate change & achieving greater social justice. You can make donations to our partnered organizations or take part in corporate volunteering opportunities in your local communities by providing on hand support.   DWS’ Hybrid Working model is designed to find the right balance between in-person collaboration and engagement in the office, which is core to our working culture, and working from home. Each business group varies on the split between time spent in the office and at home, but this will be discussed and made clear as part of your application and interview process. We will continue to review and evolve our working environments and methods to ensure that we are working in the best way possible for our people.   If you require any adjustments or changes to be made to the interview process for any reason including, or related to a disability or long-term health condition, then please contact your recruiter and let them know what assistance you may need. Examples of adjustments include providing a change to the format of the interview, or providing assistance when at the DWS office. This will not affect your application and your recruitment team will discuss options with you.    Privacy Statement The California Consumer Privacy Act outlines how companies can use personal information. Click  here  to view DWS’ Privacy Notice.   Our values define the working environment we strive to create – diverse, supportive and welcoming of different views. We embrace a culture reflecting a variety of perspectives, insights and backgrounds to drive innovation. We build talented and diverse teams to drive business results and encourage our people to develop to their full potential. Talk to us about flexible work arrangements and other initiatives we offer. We promote good working relationships and encourage high standards of conduct and work performance. We welcome applications from talented people from all cultures, countries, races, genders, sexual orientations, disabilities, beliefs and generations and are committed to providing a working environment free from harassment, discrimination and retaliation. Visit Inside Deutsche Bank to discover more about the culture of Deutsche Bank including Diversity, Equity & Inclusion, Leadership, Learning, Future of Work and more besides. We are an Equal Opportunity Employer - Veterans/Disabled and other protected categories. Click these links to view the following notices: "EEO is the Law poster" and supplement ; Employee Rights and Responsibilities under the Family and Medical Leave Act ; Employee Polygraph Protection Act and Pay Transparency Nondiscrimination Provision .

Snowflake Logo

Senior Security Compliance Risk Analyst

Snowflake

Pune, Maharashtra, India

Posted: a year ago

JOB DESCRIPTION Build the future of data. Join the Snowflake team. AS THE Senior Security Compliance Specialist (SOX - ITGC), YOU WILL Support Snowflake business teams to achieve and maintain their security and compliance posture in accordance with regulatory requirements including for example Service Organization Control (SOC), FedRAMP, PCI-DSS, Sarbanes Oxley (SOX) etc. Validate on-going compliance of policies and process / procedures in support of requirements and ensure that controls are operating effectively. Responsible for quality and on-time execution of periodic audit activities such as user access reviews, cloud security group review, etc. Collaborate closely with internal stakeholders to ensure compliance across various systems as well as interact with auditors to provide audit assurance Assist with development of technical security risk and compliance documentation to create repeatable audit artifacts. Support and monitor remediation efforts of audit findings and validate the closure by reviewing relevant evidence. Assist with other GRC activities as required. Review, develop, execute, and maintain security policies and procedures for compliance Document and Communicate status and compliance effectiveness to management on a regular basis. OUR IDEAL Sr Security Compliance Specialist WILL HAVE: 8+ years of Compliance, Security or Audit experience in a cloud environment Must have proven experience supporting and driving assessments or audits for cloud platforms (AWS, Azure, and GCP) and major front and middle-office SaaS platforms Prior experience with managing other security compliance audits of cloud environments against security frameworks like SOC1 & 2,SOX, ISO 27001, PCI DSS, FedRAMP, NIST 800-53 etc. is a plus. Ability to organize, conduct and drive meetings and outcomes with little to no manager involvement. Must be aware of and deliver quality stakeholder engagement experience. Ability to work efficiently and independently in a fast-paced, innovative environment. Excellent written and verbal communication skills. Effective analytical and problem solving skills. Proactive and detail oriented team player. Experience working with Internal and External Audit teams Ability to learn, understand, and work with new emerging technologies, methodologies, and solutions in the Cloud/IT technology space. BONUS POINTS FOR EXPERIENCE WITH THE FOLLOWING Certification preferred in one or more of the following: CISA, CISSP, CISM, Cloud platforms such as AWS, Azure or GCP Proficiency in use of JIRA, Confluence.