Cio Monitoring Lead - - Shell
Shell as the company that open the jobs vacancy, have some qualification and spesification especially for the Cio Monitoring Lead jobs vacancy. To find out more information and about qualification and spesification details, walkin interview schedule, the address of the company, the company contact info (email/phone number) of Shell company, please start to apply for the job vacancy with fill the jobs application with click the 'Apply This Job' button below.
General Position Definition
The purpose of the IRM Function is to ensure (as a second line of assurance, with Internal Audit providing the Third Line of Assurance) that Shell is addressing Information Risks in an effective and efficient manner, commensurate with Shell risk appetite, and being seen as an industry leader among peers and key suppliers of security services.
The Information Risk posture of Shell includes a wide variety of potential business impacts, such as HSSE impacts, production loss, financial and maintenance operations loss, loss of Most Confidential bidding data. Each of these Information Risks has a potential impact of $1bln+.
The IRM Function defines requirements for the assessment of Information Risks, defines the selection of mandated IT Controls, and defines and executes assessments of the design and operational effectiveness of these controls. The function organises communication campaigns to impact the behaviour of business and IT staff where it relates to Information Risks.
In addition to these preventative measures, the IRM Function includes a Cyber Resilience function to understand the cyber threat landscape and the vulnerabilities to cyberattacks in IT systems and services, to detect malicious behaviour and to respond to incidents.
Organisationally, the IRM Function reports to the Group CIO. The IRM Function consists of a central team with the Strategy, Learning, Risk and Transformation teams. The IRM Function in the IT Operations Organisation (ITSO) consists of the Detect and Respond Teams and there are business specific teams in each Business and in Global Functions IT.
Given the Cyber threat landscape and its development, it is critical that the IRM Function collaborates closely with suppliers and industry peers and collaborates effectively with government agencies in key countries that Shell operates in.
As businesses leverage digitalization opportunities, their cyber-attack surface structurally increases, which can lead to business disruptions, data breaches and brand damage. High profile industry incidents show that these risks are real, and this has turned cyber resilience into a topic for Boards.
Cyber attacks can cause damage to reputations, destruction of assets and loss of information. Shell is taking action to detect and respond to the continuous flow of these types of attacks.
As part of the Information Risk Management function, the CyberDefence capability has specific focus on identifying cyber threats, discovery of IT vulnerabilities, monitoring for cyber intrusions and response to security incidents.
As part of the CyberDefence capability the global Monitoring team has the following main area of focus:
• To monitor real-time for cyber intrusions based on indicators of compromise or anomalies from normal behaviour and raise security incidents where necessary.
As the lead of this global Monitoring team you are responsible:
• To lead a global team of CyberDefence Monitoring analysts.
• To develop and maintain the necessary CyberDefence skills, to continuously improve Shell's Monitoring processes and to plan and develop the necessary technology.
• To ensure that incidents are raised in a near 24/7 mode where necessary based on ""telemetry"" data available from IT landscapes or other sources such as the helpdesk.
• Ensure continuous monitoring of the Shell IT landscape for cyber breaches, performing triage and analysis of events.
• Ensure a proper balance between raising suspicious behaviours and raising too many false positives.
• Together with the Incident Lead and Threat and Analytics Lead create a feedback loop to enhance the monitoring technology.
• Ensure proper handover takes place between Bangalore and Houston to create a near 24/7 coverage of monitoring.
• Together with the Incident Lead ensure end to end management of cyber security related incident functions, which include security monitoring, identification, analysis, mitigation and post-incident activity.
• Lead the team of Monitoring analysts, develop and maintain the skills of analysts, provide training, and bring in new talent.
• Ensure integration into the near 24/7 CyberDefence centers in Rijswijk, Bangalore and Houston
• Together with Analytics Engineering develop and optimize the technology that is supporting monitoring for information security incidents.
• Build and manage the relationship with other monitoring teams within our main IT suppliers
• Continuously improve the security monitoring process.
• Steer projects in the CyberDefence space that are related to monitoring
• This is an ITE-3 position reporting to the Security Incident Response manager
• The team lead will directly manage a team of 10 monitoring analysts located in Bangalore and Houston.
• The team lead will be responsible for all security monitoring in Shell with a potential Business loss exceeding $100 Million.
• The team lead is part of an on-call procedure to enable 24/7 response capabilities.
• The team lead needs to work closely together with the Incident Lead and the Threat and Analytics Lead to make monitoring using the IRM Investigation Platform successful.
• The team lead needs to build a new team from scratch in Bangalore.
Due to the necessary handling of and access to highly sensitive and privileged information, the successful applicant of this position will need to agree to additional screening being conducted, before appointment. This would include the confirmation of CV, identity, right to work and qualifications, as well as checking additional items such as company directorships, credit/bankruptcy check and criminal record, as allowed under local legislation.
Experience and Qualifications required
• Is a knowledgeable, creative and responsible IT security professional.
• Has excellent analytical skills and appreciates a technical challenge.
• Has a good technical understanding of and experience with IT networks, infrastructure and applications.
• Has a passion for IT technology and is able to share that with other members of the team.
• Has good written and verbal communication skills and provides well-informed advice.
• Produces high quality deliverables in terms of both content and presentation. Examples of deliverables include: reports, presentations and reasoned arguments.
• Carries out assignments and projects, alone or as part of a team, applying knowledge, skills, and experience.
• Demonstrates an understanding of the issues of interest to Shell and proposes viable solutions within the scope of own expertise, taking into account the needs of those affected.
• Maintains knowledge and experience of current practice within own area of expertise and is aware of current developments within own area of expertise.
• Develops and maintains knowledge of Cyber security and maintains an awareness of current developments.
• Promotes transfer of knowledge and awareness of information security to those in related areas.
• Is comfortable working virtually
• Significant experience in technical IT, architecture, networking, and application hosting environments.
• Knowledge of, or experience in Incident Management, Forensics, or equivalent preferred.
• Strong knowledge of IT controls developments and practices, both inside and outside own organisation.
• Is respected for the pragmatic application of IT Controls principles to practical problems.
• Strong working knowledge of today's threat landscape.
• Proven experience in team leadership and development.
• Recognised and respected leader and able to influence without direct line management controls.
• Excellent communication, facilitation and negotiation skills.
• Good grasp of financial management and controls.
• Track record of leading, coaching and developing others.
• Sense of realism and pragmatism, openness and approachability.
• Comfortable working with, and leading through uncertainty, complexity, ambiguity and incomplete information.
• Deep understanding of global developments in Information Risk Management and Cyber Security.
• Courage to stand up for IRM requirements in the face of considerable senior stakeholder challenge.
• Strong personal network of international CISOs and leading academics to organise effective external collaborations on IRM.
• Extensive experience with and knowledge of the Shell IT organisations and environments
• Credibility with Shell IT Executive members that the right balance between usability, cost and security can be found.
• Excellent communication skills to engage at all levels in the Shell organisation.
• Experience with IT Audit processes.
• Certification in Information Security (SANS), Incident Response/Investigations, IT forensics, Attack and Penetration Testing, Ethical Hacking or IT Audit preferred. .
Key Competences required
Demonstrated evidence of Enterprise first values and behaviours will be taken into account during the selection process.