Job Description

As an information security specialist you will be responsible for driving the external supplier information & Cyber Security Assurance Framework with third party suppliers.
Identifying & assessing the organization’s third party vendors security threats, risks, testing security controls & enhancing security policies for cloud platforms and applications.
Assist in the delivery of the Risk Register evaluation as well as PCI DSS security assurance, Sarbanes Oxley regulatory commitments and Cyber security awareness of supplier management requirements.
Undertaking supplier assessments (remote & onsite) & the writing of corresponding supplier assurance reports
Review existing supplier security classification logic and re-design as necessary in line with policy
Lead the Information security risk engagement with Procurement, reviewing the current Third Party Assurance Framework and Obligations.
Working with Procurement to develop, build and continually improve the Third Party Assurance Framework.
Help maintain the Company's Internal and External Control Policies, Standards, and Procedures to ensure consistent approach to documentation, testing and reporting
Help Coordinate the development and monitoring of remediation plans. Supporting the development and monitoring of action / remediation plans with each business area regarding Information Security
Provide insights and support around compliance and regulatory scope and coverage, including supporting the design effectiveness document of controls
Undertaking information security, risk and compliance audits / assurance to provide pragmatic recommendations and improvement opportunities as identified
Supporting the incident response delivery processes for Shell Energy as required
Providing general information protection and controls guidance and advice to the wider business

Required Knowledge, Skills, and Abilities

An information security, technology and/or risk background. Previous experience working as a an Information Security Analyst or IT Controls Auditor. Demonstrable knowledge of third party supply chain assurance methodology. Experience in devising & improving Supplier Cyber Security Risk Assessments & Assurance Frameworks. Extensive experience in developing appropriate Security Awareness Training within an organisation, rolling out materials to internal supplier managers on the process requirements of Supply Chain Assurance. Good knowledge of control requirements to protect Third Party hosting eg cloud platforms & Internet facing web apps. Analysis & writing of Supplier Assurance Reports, Frameworks, Policies and Standards. Understanding management of Third Party Cyber Security Threats & Risks & the necessary Safeguards. Effective experience with stakeholder management and influencing skills. Knowledge and experience of documenting controls and managing updates. Excellent communication, relationship management and influencing skills. Practical demonstrable knowledge of information security and compliance methodologies and processes (such as Sarbanes Oxley, PCI DSS, NIS Directive or ISO27001 IT. General Controls Framework and/or regulatory IT (assurance and/or run and maintain activities). A background in the utilities sector. Knowledge and understanding of cyber threats, attack vectors, techniques, mitigation and detection. Understanding of risk management framework(s) specifically ISO27005. Experience and qualifications in various security and control methodologies (such as ITIL v3, CISA, ISO27001 Lead Auditor, C-RISC).