The Security & Compliance (S&C) Competency Centre (CC) Senior Analyst supports in the identification, prioritization and management of all Confidentiality, Integrity, Availability and Regulatory risks to the services delivered by Shell IT and suppliers. This is to ensure the risk to Shell is reduced to an acceptable level and managed effectively and is achieved by ensuring an appropriate risk and control framework is in place, identifying, assessing and developing remediation plans for all risks and by ensuring all new developments are appropriately assessed. This job requires extensive interaction with IRM staff and other business risk related roles in Shell like portfolio managers, project managers, (security) architects and component service managers/Operations Landscape managers.
The Security & Compliance (S&C) Competency Centre (CC) Senior Analyst is responsible for the following:
Project Review and Technical Advice
Review all new high risk projects; new technical designs; for Information risks and advise on suitable controls and mitigations at early stages of the program.
- Lead the S&C Analyst for specific technology and advice on the Information security for their projects.
- Offer advice to Shell and suppliers to assist in resolving questions and issues around how to manage risk
- Provide Subject Matter Expertise for projects and business stakeholders, in combination with the Improvement Program.
- Work with the architecture community to review new technology and architecture innovations.
- The Security & Compliance (S&C) Competency Centre (CC) Senior Analyst is responsible for supporting the following:
Risk Management and Mitigation
Assess and classify all potential business and infrastructure information risks.
Execute, with suppliers, risk analyses on IT application/services.
Develop and socialize our overall risk profile and action plans to mitigate risks
Review and recommend approval project charters
- Facilitate smooth conduct of Risk Assessment (including Legal & Regulatory) on Applications, Network& Systems
- Perform end to end Security Assessment on vendor offerings – New/Leveraging existing (SAAS / PAAS/IAAS) services including integration with Shell environment.
- Translate Technical, legal and Regulatory Compliance obligations into a cohesive collection of Security Controls and provides the respective stakeholders with the IRM requirements and its implementation methodologies.
- Support in development of tooling to support IRM processes and ensuring this is fit for purpose.
- Actively participate in S&C team and community meetings, representing S&C and Business interests in other CC forums.
- Support during Internal /External Audit
- Ensure that S&C continues to focus on risks significant to the Business, with emphasis on innovation.