Sign In
 [New User? Sign Up]
Mobile Version

CIO IT-Controls Automation & Standardization Analyst

Mumbai, MH
Job Code:
  • Oil & Gas
Applying for this job will take you to an external site
  • Shortlist
  • Email Friend
  • Print

Job Details

The purpose of the IRM Function is to ensure (as a second line of assurance, with Internal Audit providing the Third Line of Assurance) that Shell is addressing Information Risks in an effective and efficient manner, commensurate with Shell risk appetite, and being seen as an industry leader among peers and key suppliers of security services.The Information Risk posture of Shell includes a wide variety of potential business impacts, such as HSSE impacts, production loss, financial and maintenance operations loss, loss of Most Confidential bidding data. Each of these Information Risks has a potential impact of $1bln+.The IRM Function defines requirements for the assessment of Information Risks, defines the selection of mandated IT Controls, and defines and executes assessments of the design and operational effectiveness of these controls. The function organises communication campaigns to impact the behaviour of business and IT staff where it relates to Information Risks.In addition to these preventative measures, the IRM Function includes a Cyber Resilience function to understand the cyber threat landscape and the vulnerabilities to cyberattacks in IT systems and services, to detect malicious behaviour and to respond to incidents. Organisationally, the IRM Function reports to the Group CIO. The IRM Function consists of a central team with the Strategy, Learning, Risk and Transformation teams. The IRM Function in the IT Operations Organisation (ITSO) consists of the Detect and Respond Teams and there are business specific teams in each Business and in Global Functions IT. Given the Cyber threat landscape and its development, it is critical that the IRM Function collaborates closely with suppliers and industry peers and collaborates effectively with government agencies in key countries that Shell operates in.Purpose Provide business value by delivering and sustaining Control Automation & Standardisation (CAS) solutions designed to lower cost and improve effectiveness and efficiency of control operation and assurance.Accountabilities Effectively deliver the Control Automation and Standardization (CAS) service by identifying and documenting control automation and standardization opportunities; analysing control automation and standardization opportunities according to defined processes; developing improvement recommendations and presenting to business partners for decision-making; and working with business partners to design, develop, implement and embed solutions. Serve as the Functional Excellence or SME in how to standardize IT General Controls. Deep understanding of multiple IT Control Frameworks and how to simplify the implementation. Support development and continuous improvement of the CAS service (Functional Excellence). Serve as an advocate, encouraging CAS service use and solution adoption. Working closely with Business IT to ensure the proper training and embedding of standardised or automated solutions. Support development of annual scope and plan. Provide superior stakeholder management for business partners, including guidance and training related to controls and compliance monitoring. Plan and organise work effectively to produce high quality deliverables according to established timelines. Maintain knowledge of current practices and developments (internal and external) within area of expertise. Dimensions No direct reports Staff to influence IRM LT, SOM and Delivery Vertical Leads; IT Process Owners, Control Owners Scope of work includes delivery of CAS projects as assigned, planned and ad hoc.Special Challenges Managing multiple assignments simultaneously in a fast-paced, dynamic environment to meet high quality standards and fixed deadlines. * Strong risk management understanding required to understand how to effectively implement controls while mitigating risk. * Knowledge of new audit principles and technologies, especially the usage of data analytics.* This role requires working with senior stakeholders globally to understand current implementation of ITGCs and the ability to identify cross-business synergies, savings, and automation opportunities. * Ability to quickly understand the business environments and challenges involved in IT Operations Working across multiple geographies and time zones. Challenging stakeholder management. Organizational resistance to change. Cost pressures. RequirementsExperience and Qualifications required Significant experience in IRM-related roles, Information Security roles or having worked with IRM through an IT Delivery role or Business IT role. Significant breadth and depth of working knowledge of IRM concepts and practices. Sound understanding of the principles and practices involved in application development and maintenance and IT service delivery. Strong knowledge of IT controls and control frameworks (e.g., Shell Control Framework, COBIT, ISO). Critical knowledge of how to document controls and the associated test scripts. Practical, hands on knowledge of data analytics and new audit techniques. Ability to develop pragmatic solutions to address risks with sensitivity to risk-appetite. Strong inter-personal, conflict management and negotiating skills with all levels, including senior management. Ability to drive activities across organizational boundaries and manage virtual teams with sensitivity to cultural differences. Systematic, disciplined and analytical approach to problem-solving. Ability to independently plan and prioritize multiple assignments to meet expectations of time and quality in a complex and fast-paced environment. Strong analytical ability and attention to detail. Strong written and verbal communication skills. Industry recognized certification (i.e., CISSP, CISM, CISA, CRISC, PMP) is strongly recommended. SAP experience preferred. Business Analysis Techniques Skill Business Risk Management Skill Business Partnering & Value Skill Incident, Threat, Vulnerability Management Knowledge I & D Design Integrity Knowledge IT Audit and Compliance Mastery IT Architecture Knowledge Software Engineering Knowledge
Degree: M.Com. (Commerce) | M.Pharm. (Pharmacy) | M.Sc. (Science) | MA (Arts) | MBA/ PGDM | MCA/ PGDCA

Additional Degree: BE/ B.Tech (Engineering)

Experience: 2-6


Business/Systems Analysis | ERP/CRM | Quality Assurance/Testing | Software Engineer
Applying for this job will take you to an external site


© Copyright 2015 Al Nisr Publishing LLC - powered by Gulf News