IDT Assurance Advisor

What s the role

What you ll be doing

• Accountable for driving PCI Level 2/3 assessments.

• Responsible for performing PCI self-assessments for Level 2 and 3 markets.

• Responsible for providing ad-hoc PCI assurance as required .

• Process owner and collaborator for the coordination and timely execution of PCI assurance for your scope areas.

• Execute, administer and report regularly on the progress and any issues identified from assurance performed in your scope areas.

• Work hand in hand with BISOs, IDT community and business orchestrating execution of PCI assurance queries.

• Work effectively with the PCI assurance team to drive and support continuous improvement, with a focus on value.

• Proactively review Shell s information security and related risks, threats and vulnerabilities, legal and regulatory and Payment Card Industry (PCI) compliance.

• Support in development of tooling to support Supply Chain Assurance (SCA) and PCI processes and ensure these are fit for purpose.

• Active participation in the Assurance and Architecture level discussions in the engagements

• Ensure and support that PCI Attestations of Compliance ( AoC s ) and Reports on Compliance ( RoC s ) are created and reviewed where relevant. This includes supporting Market Self-Assessment Questionnaires and external assessments where relevant.

• Actively participate across the CISO PCI natural team and PCI community meetings, representing SCA and Business interests in fit for purpose applying PCI relevant standards and policies for the Group and the businesses.

• Support maintenance and development of the PCI Control Framework and related processes and procedures.

• Stay updated with industry s best practices and integrate them into the organizations assurance strategies.

What you bring

Experience:

• Minimum 5 years experience in Information Risk Management, Payment Security and Risk Advisory roles.

• Excellent understanding of Information security processes and frameworks covering risk management, project risk engagement, project assurance and audit & compliance management.

• Possess a basic understanding of digital and card payment security, relevant threat landscape and risk mitigation measures.

• Exposure to understand technical vulnerabilities and ability to recommend remediation solutions.

• Proven ability to communicate effectively with stakeholders in- and outside IT.

• Continuous improvement mindset and project management experience.

Education:

• Knowledge in PCI DSS 3. 2. 1, 4. 0 & 4. 0. 1.

• Certification in ISO 27 001, PCI professional (PCIP) or PCI ISA/QSA.

• Bachelors Degree related to IT or equivalent.

Technical Skills:

• Expert understanding of PCI DSS and payment card brand security standards, along with familiarity to other industry standards such as P2PE, PIN, PCI SSF, EMV, PSD.

• Fair understanding of project management and IT delivery.

• Knowledge of networking & firewall concepts, and access management best practices.

Soft Skills:

• Ability to deliver through others, work effectively with stakeholders in- and outside IT.

• Ability to influence senior leadership and team members to drive a security first mindset in a cost constrained environment.

• Self-driven and energetic with a willingness to learn new skills.

• Ability to document and describe cyber risk in the context of payment security. Communication skills are essential for this role, in particular being able to cut through complex issues and to explain those in easy Business language.

• Significant experience in conducting and communicating security evaluations and communicating cyber risk risk and impact (consequences) to all levels of stakeholders.

• A special challenge will be to stay on top of the many engagements while at the same time maintaining a deep understanding of payment security.