"General Position DefinitionThe purpose of the Information Risk Management (IRM) Function is to ensure (as a second line of assurance, with Internal Audit providing the Third Line of Assurance) that Shell is addressing Information Risks in an effective and efficient manner, commensurate with Shell risk appetite, and being seen as an industry leader among peers and key suppliers of security services.The realization of information risk can lead to a wide variety of potential business impacts, such as HSSE impacts, production loss, financial and maintenance operations loss, loss of Most Confidential bidding data. Each of these impacts has a potential loss of $1bln+.The IRM Function defines requirements for the assessment of Information Risks, defines the selection of mandated IT Controls, and defines and executes assessments of the design and operational effectiveness of these controls. The function organizes communication campaigns to impact the behavior of business and IT staff where it relates to Information Risks.In addition to these preventative measures, the IRM Function includes a Cyber Resilience function to understand the cyber threat landscape and the vulnerabilities to cyber attacks in IT systems and services, to detect malicious behavior and to respond to incidents.Organizationally, the IRM Function reports to the Group CIO. The IRM Function consists of a central team with the Strategy, Learning, Risk and Transformation teams. The IRM Function in the IT Operations Organization (ITSO) consists of the Detect and Respond Teams and there are business specific teams in each Business and in Global Functions IT.Given the Cyber threat landscape and its development, it is critical that the IRM Function collaborates closely with suppliers and industry peers and collaborates effectively with government agencies in key countries that Shell operates in.PurposeThe mission for the Information Risk Management (IRM) function is to effectively and efficiently protect Shellâ€™s information assets by proactive risk management and is characterized by the preservation of Confidentiality, Integrity, and Availability of electronically stored, processed and transmitted information and of the associated systems and networks.The primary role of the Central Risk Analyst is to analyse information risks related to IT solutions exist and where Shellâ€™s business objectives will be damaged due to internal and external information security threats using a risk based approach, and to meet internal and external compliance requirements. Their analysis will be include the maintenance of the security IT capability model, facilitation of the ITE Functional Assurance Committee (FAC) and assistance of the IRM presentations to Audit Committee (AC) and Executive Committee (EC) stakeholders. This person will work closely together with the Group Governance, Risk and Assurance (GRA) team.The Risk Analyst contributes to the development and maintenance of the IRM strategy to mitigate risks and ensure that IRM risk processes (including legal and regulatory requirements) are documented and embedded. This will include creating and delivery of training materials on IRM risk processes. AccountabilitiesEnsure that information risks at Group level are well understood.Responsible for IRM risk management processes and the additions to the knowledge management system to ensure sufficient material is available for project managers, other IRM staff and staff supporting IT solutions.Responsible for up to date requirements for training and an accountability for embedding risk processes in the IRM and Project community.Responsible for documenting the risk policy and methodology, implementing the policy, setting and aligning risk appetite and all other relevant topics relating to the identification and assessment of information risks.Ensure the quality of risk based IRM reviews for enterprise wide complex projects.Help address group wide information vulnerabilities in the Business and Line of Business IT - be part of the escalation process for incident management for high profile IRM incidents when specific Line of Business involvement is required.Contribute to the quarterly Risk Management updates for ITE Functional Assurance Committee, Audit Committee and EC when applicable.DimensionsThe Risk Analyst will report to the IRM Risk, Policy and assurance manager.This will be no direct reports to this function.This person will work together with senior stakeholders at VP and EVP level.Special Challenges Stakeholder management in key in this role to ensure to align all businesses in utilising a common risk process. Requirements Experience and Qualifications required A solid understanding of the internal and external IT security standards, such as the OCF, ISO 27001 and relevant legal compliance aspects such as there are for Export, Import and Domestic Use of information and information technology and Privacy. The ability to balance IRM needs/standards in light of risk and affordability to the Shell Group. Robust understanding of, and solid experiences with IRM and its impact on application development and operations as well as the IT Infrastructure. A solid understanding of specific governance and overall processes of the Shell Group Good understanding and experiences with Audit (both internal and external), Risk management, and Business Controls Very strong interpersonal and negotiating skills for all levels of staff. Ability to lead through influence rather than hierarchical relationships The ability to network globally across Group businesses, as well as with external groups Ability to set direction, build, communicate and implement a shared vision with respect to IRM Ability to promote high performance teams working with inclusiveness and cultural diversity, crossing organisational boundaries Advocate a single One IRM community Pro-active and self-motivated Analytical and problem solving skills Key Competences required Demonstrated evidence of Enterprise first values and behaviours will be taken into account during the selection process.Risk Management -Mastery IT Security -Mastery IT Audit -Skill Infrastructure/Application knowledge-Skill Corporate and Industry Standards-Skill Deliver Contract Value-Awareness Builds Shared Vision-Skill Champions Customer and Stakeholder Focus-Mastery Maximizes Business Opportunities-SkillDemonstrates Self Mastery-Skill Displays Interpersonal Effectiveness-Mastery Demonstrates Courage-Skill Motivates, Coaches and Develops-Skill Values Difference-Skill Delivers Results Through Others-Skill"