Security & Compliance Advisor



The Hague, Netherlands
Posted on Tuesday, August 22, 2023
, Netherlands

Job Family Group:

Information Technology (IT)

Worker Type:


Posting Start Date:

August 1, 2023

Business unit:

Projects and Technology

Experience Level:

Experienced Professionals

Job Description:

Where you fit in

IRM (Information Risk Management) Function role is to ensure that Shell addresses Information Risks in an effective and efficient manner, commensurate with Shell risk appetite. Information Risk posture of Shell includes a wide variety of potential business impacts, financial, operational, health, safety, and reputational loss with a potential impact.

The IRM organization consists of a central team with the Strategy, Learning, Risk and Transformation teams and the IT Operations Organisation (ITSO) consisting of Detect and Respond Teams. It also includes business specific teams aligning with different lines of businesses. IRM function aligns with Shell’s Group CIO.

Within IRM, Risk and control (R&C) is an advisory and assurance function. As second line of defence (LOD2), R&C role requires to support, advise, and assure on the risk assessment process and risk exposure for businesses.

The purpose of this position is to:

  • Support LoD1 and business with the translation of policies and guidelines defined by IRM teams (ERM, Security strategy teams etc.) and advise on implementation requirements.

  • Review and provide assurance on risk identification and mitigations.

  • Improve and contribute risk and control requirements and associated policies and guidance.

  • Provide guidance and training in risk management processes to various stakeholders (Business, operations/LoD1, PM’s etc.)

What’s the role?

Your accountabilities as a Security & Compliance Advisor include the following:

  • Act as an Information Risk and Control trusted advisor

  • Understand Technology Landscape (Application and Infrastructure) and proactively review Shell’s information security and related threats and vulnerabilities, legal and regulatory requirements.

  • Review and advise on information security risks of vendor offerings – New/leveraging existing (SAAS / PAAS/IAAS) services including integration with Shell environment.

  • Translate Technical, legal and Regulatory Compliance obligations into a cohesive collection of Security Controls. Provide respective stakeholders with the IRM requirements and its implementation methodologies.

  • Work with Project Managers, Business Analysts, Architecture and Support Team to ensure Shell IRM standards are being followed.

  • Ensure all the controls outlined for an application/Infrastructure are designed effectively.

  • Review VA-PT results and recommend the risks to be remediated.

  • Ensure all the risks are documented, classified and addressed with appropriate action as per the IRM standards.

  • Drive education and awareness of Information security related issues and risks to Business/Business IT Teams,

  • Support in development of tooling to support IRM processes and ensuring it’s fit for purpose.

  • Actively participate in reviewing and improving the Information Security Controls implemented in the organization.

  • Active participate in the Assurance and Architecture level discussions in the engagements.

  • Actively participate in IRM team and community meetings, representing IRM and Business interests in applying setting standards and policies for the Group and the businesses, leading to a fit for purpose, evergreen IRM framework.

What we need from you

As a Security & Compliance Advisor, you would need to have the following skills/qualifications:

  • Good understanding of, and experience with Information Risk Management, IT Security and Compliance and Security Controls and Audit.

  • Advanced understanding of internal and external IT security standards, SOX, PCI, SOC2/1, ISO27001 standards and relevant legal compliance aspects.

  • Robust understanding of, and solid experiences with the impact of Security on application development and operations as well as the IT Infrastructure.

  • Ability to promote high performance teams, working with inclusiveness and cultural diversity, across organizational boundaries.

  • Good understanding of cloud security requirements and third-party control assurance.

  • Ability to interface with different groups (Third parties, Business, and IT) internal and external to IT (security) and to network globally across Group businesses, as well as with external groups.

  • Technical knowledge & relevant experience in security domains /technologies related to:

    • Infrastructure/Network security

    • Identity and Access Management

    • Business Impact Assessment

    • Application security

    • Data Leakage Prevention

    • End-Point Protection

    • Web filtering technologies, Proxies, and firewalls.

    • Vulnerability Assessment / Penetration Testing

    • Cloud security

  • Knowledge of Data Security Standards, Privacy Principles.

  • Driving Platform / Application security and compliance.

  • Ability to foresee and identify mitigation strategies for Risks Candidate must also:

    • Display excellent communicating and influencing skills

    • Display analytical and problem-solving skills

    • Be pro-active and self-motivated

    • Display strong interpersonal and negotiating skills with all levels of staff.

    • Display Ability and eagerness to quickly learn new technologies.


  • A qualification in CISSP, CISA, CRISC or CISM


  • Must have previous experience in an (Information) Risk and Control Advisory role

Company Description

Shell Nederland BV is a platform for international collaboration, with Shell offering direct employment to around ten thousand people in the Netherlands alone, including roughly 2,800 non-Dutch employees from around 80 countries. Diversity is key at Shell Nederland, and our employees reflect the innovation that stems from a diverse workforce. By joining Shell Nederland, you will benefit from an unrivalled industry-leading development programme that will see you tap into a pool of expert knowledge that will help propel your career. Shell Nederland is the holding company of most Shell companies operating in the Netherlands. Shell Nederland also has an advisory and coordinating role in numerous areas.

An innovative place to work

There’s never been a more exciting time to work at Shell.

Join us and you’ll be adding your talent and imagination to a business with the ambition to shape the future – whether by investing in oil, gas and renewable energy to meet demand, exploring new ways to store energy, or developing technology that helps the world to use energy more efficiently, everyone at Shell does their part.

An inclusive place to work

To power progress, we need to attract and develop the brightest minds and make sure every voice is heard. Here are just some of the ways we are nurturing an inclusive environment – one where you can express your ideas, extend your skills, and reach your potential.

  • We’re creating a space where people with disabilities can excel through transparent recruitment process, workplace adjustments and ongoing support in their roles. Feel free to let us know about your circumstances when you apply, and we’ll take it from there.

  • We’re closing the gender gap – whether that’s through action on equal pay or by enabling more women to reach senior roles in engineering and technology.

  • We’re striving to be a pioneer of an inclusive and diverse workplace, promoting equality for employees regardless of sexual orientation or gender identity.

  • We consider ourselves a flexible employer and want to support you finding the right balance. We encourage you to discuss this with us in your application.

A rewarding place to work

Combine our creative, collaborative environment and global operations with an impressive range of benefits and joining Shell becomes an inspired career choice.

We’re huge advocates for career development. We’ll encourage you to try new roles and experience new settings. By pushing people to reach their potential, we frequently help them find skills they never knew they had, or make career moves they never thought possible.



Please note: We occasionally amend or withdraw Shell jobs and reserve the right to do so at any time, including prior to the advertised closing date. Before applying, you are advised to read our data protection policy. This policy describes the processing that may be associated with your personal data and informs you that your personal data may be transferred to Shell/Shell Group companies around the world. The Shell Group and its approved recruitment consultants will never ask you for a fee to process or consider your application for a career with Shell. Anyone who demands such a fee is not an authorised Shell representative and you are strongly advised to refuse any such demand. Shell is an Equal Opportunity Employer.