Website Royal Dutch Shell

Skillpool group: Information Technology
Updated: 09-Nov-2018
Reference ID: 75822BR

The IT Project Security Lead is responsible for the following:

Project Review and Technical Advice
– Review all new high risk projects; new technical designs; for Information risks and advise on suitable controls and mitigations at early stages of the program.
– Lead the project security advisors for specific business and advice on the Information security for their projects.
– Offer advice to Shell and suppliers to assist in resolving questions and issues around how to manage risk
– Provide Subject Matter Expertise for projects and business stakeholders, in combination with the Improvement Program.
– Work with the architecture community to review new technology and architecture innovations.

The IT Project Security Lead is responsible for supporting the following:

Risk Management and Mitigation
– Assess and classify all potential business and infrastructure information risks.
– Execute, with suppliers, risk analyses on IT application/services.
– Develop and socialize our overall risk profile and action plans to mitigate risks
– Review and recommend approval project charters.
– Facilitate smooth conduct of Risk Assessment (including Legal & Regulatory) on Applications, Network& Systems
– Perform end to end Security Assessment on vendor offerings – New/Leveraging existing (SAAS / PAAS/IAAS) services including integration with Shell environment.
– Translate Technical, legal and Regulatory Compliance obligations into a cohesive collection of Security Controls and provides the respective stakeholders with the IRM requirements and its implementation methodologies.
– Support in development of tooling to support IRM processes and ensuring this is fit for purpose.
– Actively participate in IRM team and community meetings, representing IRM and Business interests in applying setting standards and policies for the Group and the businesses, leading to a fit for purpose, evergreen IRM framework.
– Support during Internal /External Audit
– Ensure that IRM continues to focus on risks significant to the
Business, with emphasis on innovation.

Controls Management and Optimization
– Ensure controls are both risk-driven and based on industry standards
– Review and approve the Design Effectiveness of supplier and Shell technical specifications against Shells control requirements, as agreed contractually, during PDF project.
– Support the development of new IRM policies where required.