Shell Senior Risk and Control Advisor in London, United Kingdom


Job Title:

Senior Risk and Control Advisor

No. of Positions:


Job Description:

This is a responsible and rewarding role – as well as helping assess Information Risk across Shell, you’ll help to educate the wider business on how they can work safely and securely from an IT perspective.

Where you fit in

You’ll be part of our Global IRM team who works together to address Information Risks, effectively and efficiently, upholding our reputation as an industry leader amongst our peers and key security service suppliers.

Broadly, our role is to define how risk is assessed and controls applied. That includes communicating preventative measures to the business and identifying threats and vulnerabilities via our Cyber Resilience function. We deal with potential business impacts worth billions of dollars: HSSE impacts, production loss, financial and maintenance operations loss, loss of most confidential bidding data.

What’s the role?

You’ll be the face of IRM, working with Project Managers, Business Analysts, Architecture and the Support Team to educate teams on risk and help them to make risk-aware decisions regarding confidentiality, integrity, availability, and legal & regulatory. You’ll need to understand the technology landscape and proactively review Shell’s information security and related risks, threats and vulnerabilities.

It’s about making sure the right security controls are in place and tested. You’ll be trusted to ensure that projects that originate from different global locations are risk assessed and reviewed for information security. You’ll also take care of end-to-end security assessments on vendor offerings and carry out VAPT tests and make recommendations based on the results. All in all, it’s a broad-ranging, responsible role.

Auto req ID:



Information Technology

Country of Work Location:

United Kingdom

Company Description:

Shell started operations in the United Kingdom more than 110 years ago. Since then we have grown into a leading innovative oil and gas company that rewards its employees by investing heavily in their careers and learning. Our people are our greatest asset, and our commitment to your career will see you thrive in a work environment that offers an industry-leading development programme. When your ideas travel, Shell will benefit and innovation will thrive. Shell has a key role to play in helping meet the UK’s growing energy demand, whilst using innovative technologies to develop cleaner energy. We are the largest FTSE 100 company in the UK by market capitalisation, and make a significant contribution to the UK economy. As well as processing 35% of the gas coming into the UK, we serve more than four million customers at our filling stations each week. Shell employs some 6,400 skilled staff as well as many contractors.


Please note: We occasionally amend or withdraw Shell jobs and reserve the right to do so at any time, including prior to the advertised closing date.

Before applying, you are advised to read our data protection policy. This policy describes the processing that may be associated with your personal data and informs you that your personal data may be transferred to Royal Dutch/Shell Group companies around the world.

The Shell Group and its approved recruitment consultants will never ask you for a fee to process or consider your application for a career with Shell. Anyone who demands such a fee is not an authorised Shell representative and you are strongly advised to refuse any such demand.

Shell is an Equal Opportunity Employer.

Work Location:



What we need from you

You’ll call on experience in an (Information) Risk and Control Advisory role coupled with a qualification in CISSP, CISA, CRISC or CISM and substantial experience with internal and external IT security standards, SOX, PCI, SOC2/1, ISO27001 standards and relevant legal compliance aspects.

We’re looking for an understanding of as many of the following as possible:

  • Act as a Senior Risk & Control Advisor;

  • Understand Technology Landscape (Application and Infrastructure) and proactively review Shell’s information security and related risks with regards to threats and vulnerabilities, legal and regulatory compliance;

  • Facilitate smooth conduct of Risk Assessment (including Legal & Regulatory) on Applications, Network& Systems;

  • Perform end to end Security Assessment on vendor offerings – New/Leveraging existing (SAAS / PAAS/IAAS) services including integration with Shell environment;

  • Translate Technical, legal and Regulatory Compliance obligations into a cohesive collection of Security Controls and provides the respective stakeholders with the IRM requirements and its implementation methodologies;

  • Collaborate with Controls Testing Team and ensure all the controls outlined for an application/Infrastructure are designed effectively;

  • Coordinate in conducting VAPT (Vulnerability Assessment and Penetration Test), Review VA-PT results and recommend the risks to be remediated;

  • Work with Project Managers, Business Analysts, Architecture and Support Team to ensure Shell IRM standards are being;

  • Ensure all the risks are documented, classified and addressed with appropriate action as per the IRM standards;

  • Active participation in driving education and awareness of Information security related issues and risks to Business/Business IT Teams;

  • Support in development of tooling to support IRM processes and ensuring this is fit for purpose;

  • Actively participate in reviewing and improving the Information Security Controls implemented in the organization;

  • Active participation in the Assurance and Architecture level discussions in the engagements;

  • Actively participate in IRM team and community meetings, representing IRM and Business interests in applying setting standards and policies for the Group and the businesses, leading to a fit for purpose, evergreen IRM framework;

  • Support during Internal /External Audit;

  • Ensure that IRM continues to focus on risks significant to the Business, with emphasis on innovation.

Technical knowledge & relevant experience in security domains /technologies related to:

  • Infrastructure/Network security;

  • Identity and Access Management;

  • Business Impact Assessment;

  • Application security;

  • Data Leakage Prevention;

  • End-Point Protection;

  • Web filtering technologies, Proxies and firewalls;

  • Vulnerability Assessment / Penetration Testing;

  • Cloud security;

  • Knowledge of Data Security Standards: PCI DSS, Privacy Principles;

  • Driving Platform / Application security and compliance.

As for personal skills: we’re keen to hear from proactive men and women who have natural communication and influencing skills – you’re someone who enjoys cultivating partnerships with stakeholders and cutting through complex IT issues with clear business language. Add to that problem-solving flair and enthusiasm for learning new technologies, and we’d love to hear from you.

City, State (if applicable):