Risk & Control Advisor
Shell · Bangalore RMZ-ECO WORLD
Shell · Bangalore RMZ-ECO WORLD
, IndiaJob Family Group: Information Technology (IT)Worker Type: RegularPosting Start Date: July 7, 2026Business Unit: Projects and TechnologyExperience Level: Experienced ProfessionalsJob Description: Where you fit? The CISO organization is accountable for Information Security in Shell. Each day we aim to deliver world-class cyber and information risk services to keep the company safe. Enterprise Risk Services is responsible for identifying, analyzing and influencing risk management across the organization. What’s the role? This position is a role within the Governance Risk and Compliance team with risk advisory capability delivering for IGU PT and NOV business. What you’ll be doing? • Serve as the primary Information Risk Management (IRM) advisor for the HR function, developing strong business partnerships while providing expert guidance on technology, cybersecurity, and risk management matters. • Collaborate closely with Business Information Security Officers (BISOs), CISOs, internal teams, project teams, and external stakeholders to ensure security and risk considerations are embedded into business and technology initiatives. • Build and maintain strong relationships with senior business and IT stakeholders, providing strategic risk advisory support and influencing key decision-making processes. • Act as a trusted advisor to the business by identifying risks, evaluating potential impacts, and recommending appropriate mitigation strategies. • Support BISOs in enabling current and future business activities while ensuring information and technology risks are effectively managed and controlled. • Drive the adoption and consistent application of Information Risk Management (IRM) and Cybersecurity strategies, standards, policies, processes, and guidelines across the HR portfolio. • Facilitate and lead risk assessments, ensuring risks are identified, evaluated, documented, and addressed through appropriate controls and mitigation plans. • Design and implement controls aligned with organizational control objectives, regulatory requirements, security policies, and governance standards. • Partner with project managers, business analysts, architects, support teams, and other stakeholders to ensure compliance with established Information Risk Management standards and best practices. • Assess and review information security risks associated with existing and new technology solutions, including cloud-based services and their integration within the enterprise environment. • Provide risk and security oversight throughout the project lifecycle, ensuring secure delivery of technology and business initiatives. • Evaluate third-party and vendor solutions from a security and risk perspective, recommending appropriate safeguards and control measures. • Promote a strong risk-aware culture by combining technical IT expertise, risk advisory capabilities, and business knowledge to deliver effective risk management outcomes. • Ensure compliance with internal security standards, external regulations, and relevant legal and compliance requirements. • Support initiatives delivered through various project methodologies, including Agile, DevSecOps, and Waterfall, ensuring risk and security requirements are incorporated throughout delivery. What we need from you? • Bachelor's degree in Information Technology, Computer Science, Information Systems, Cybersecurity, Engineering, Business Information Systems, or a related discipline. • At least 3-5 years proven experience of in Information Risk Management, IT Risk, Cybersecurity Risk, IT Controls, Governance, Risk & Compliance (GRC), or related discipline. • Prior experience supporting or managing risk within the HR technology portfolio is mandatory. • Experience serving as a trusted advisor to business stakeholders on technology and information security risks. • Strong background in conducting risk assessments, developing mitigation plans, and designing effective controls. • Experience working with cross-functional teams, including business stakeholders, project managers, architects, and technology support teams. • Solid understanding of Information Risk Management frameworks, processes, and control environments. • Knowledge of cybersecurity principles, IT security standards, and governance frameworks. • Experience with IT Controls Frameworks and technology risk management practices. • Understanding of cloud security risks and controls, particularly in cloud-based services and integrations. • Familiarity with risk and compliance requirements in enterprise technology environments. • Strong stakeholder management and relationship-building skills. • Excellent communication and influencing abilities across technical and non-technical audiences. • Strong analytical and problem-solving skills with the ability to assess complex risk scenarios. • Ability to balance business objectives with risk and security requirements. • Experience working in Agile, DevSecOps, and traditional project delivery environments. • Ability to operate effectively in a global, matrixed organization with multiple stakeholders. What we offer You bring your skills and experience to Shell and in return you work with talented, committed people on one of the most important challenges facing our planet. You’ll have the opportunity to develop the skills you need to grow in an environment where we value honesty, integrity, and respect for one another. You’ll be able to balance your priorities as you become the best version of yourself. <