ITRA - Security & Compliance Advisor
Location
Bangalore | India
Job description
Act as an Information Risk and Control trusted advisor
- Understand Technology Landscape (Application and Infrastructure) and proactively review Shell s information security and related threats and vulnerabilities, legal and regulatory requirements.
- Review and advise on information security risks of vendor offerings New/leveraging existing (SAAS / PAAS/IAAS) services including integration with Shell environment.
- Translate Technical, legal and Regulatory Compliance obligations into a cohesive collection of Security Controls. Provide respective stakeholders with the IRM requirements and its implementation methodologies.
- Work with Project Managers, Business Analysts, Architecture and Support Team to ensure Shell IRM standards are being followed.
- Ensure all the controls outlined for an application/Infrastructure are designed effectively.
- Review VA-PT results and recommend the risks to be remediated.
- Ensure all the risks are documented, classified and addressed with appropriate action as per the IRM standards.
- Drive education and awareness of Information security related issues and risks to Business/Business IT Teams,
- Support in development of tooling to support IRM processes and ensuring it s fit for purpose.
- Actively participate in reviewing and improving the Information Security Controls implemented in the organization.
- Active participate in the Assurance and Architecture level discussions in the engagements.
- Actively participate in IRM team and community meetings, representing IRM and Business interests in applying setting standards and policies for the Group and the businesses, leading to a fit for purpose, evergreen IRM framework.
What we need from you
As a Security Compliance Advisor, you would need to have the following skills/qualifications:
- Good understanding of, and experience with Information Risk Management, IT Security and Compliance and Security Controls and Audit.
- Advanced understanding of internal and external IT security standards, SOX, PCI, SOC2/1, ISO27001 standards and relevant legal compliance aspects.
- Robust understanding of, and solid experiences with the impact of Security on application development and operations as well as the IT Infrastructure.
- Ability to promote high performance teams, working with inclusiveness and cultural diversity, across organizational boundaries.
- Good understanding of cloud security requirements and third-party control assurance.
- Ability to interface with different groups (Third parties, Business, and IT) internal and external to IT (security) and to network globally across Group businesses, as well as with external groups.
- Technical knowledge relevant experience in security domains /technologies related to:
- Infrastructure/Network security
- Identity and Access Management
- Business Impact Assessment
- Application security
- Data Leakage Prevention
- End-Point Protection
- Web filtering technologies, Proxies, and firewalls.
- Vulnerability Assessment / Penetration Testing
- Cloud security
- Knowledge of Data Security Standards, Privacy Principles.
- Driving Platform / Application security and compliance.
Ability to foresee and identify mitigation strategies for Risks Candidate must also:
- Display excellent communicating and influencing skills
- Display analytical and problem-solving skills
- Be pro-active and self-motivated
- Display strong interpersonal and negotiating skills with all levels of staff.
- Display Ability and eagerness to quickly learn new technologies.
Qualifications
- A qualification preferred in CISSP, CISA, CRISC or CISM
Experience
- Must have previous experience in an (Information) Risk and Control Advisory role
Required Skills Security Compliance Advisor, SOX, SOC, CISSP, CISA, CISM
Job tags
Salary