The Team
Finance Operations – Information Risk Management (FO-IRM) testing team sits under the umbrella of the Central Testing Excellence (CTE) Team, along with Manual Financial Controls and Application Embedded Controls testing teams. FO-IRM performs compliance testing of IT general controls (ITGC) for Shell’s Sarbanes Oxley (SOX) attestation. It also performs process design evaluation and testing of IT components upon which ITGCs rely.
The role
The role is a 9-month project under the Stretch Assignment Program (SAP) of the SCIP_TMRB-1, you will perform a full testing of IT General Controls from preparation of test scripts up to the evaluation of the result of audit and communication of outcome to the control owner. This role will be working closely with controls owners and operators from IRM Team, CM Operations and with FO IRM CTE Team, to deliver successful output.
Max Capacity: 30% of Full FTE (2 controls per month)
Job Description and Requirements
As a Compliance Specialist your responsibilities include:
Delivering planned ITGC design effectiveness and operating effectiveness tests within agreed timelines by understanding the key risks and controls for the applications being reviewed
Developing and executing test scripts, documenting test procedures, and evaluating results to identify control gaps and/or to assess the effectiveness of the controls
Discussing and presenting observations and exceptions noted during testing with control operators and owners, including practical and actionable recommendations for a more robust control execution and to address deficiencies
Building specialized process knowledge for ITGCs, which is required for value added risk and assurance support to the relevant process and business and serve as subject matter expert in specified areas of the Company’s ITGCs where people within or outside the FO-IRM team can seek inputs.
Ideally, the Compliance Specialist should:
Be flexible and able to get up to speed and provide the necessary support to the IRM organization since the nature and timing of deliverables requires a rapid on-boarding to be in place for the team to effectively produce required deliverables.
Have good time management and prioritization skills to deliver results within a specified timeframe.
Have strong interpersonal, communication and stakeholder management skills, vital for frequent interactions with global stakeholders at senior levels. The individual needs to be capable and credible in these situations, as well as with all other stakeholders throughout the business.
Have a learner mindset and desire to contribute to continuous improvement initiatives.
Be able to live out the core values of honesty, integrity, and respect; and be one with Shell in championing for diversity, equity, and inclusion.
Preferably, the following qualifications are expected:
Strong audit & governance background with 1 to 3 years of experience, specifically with strong knowledge of IT security and infrastructure and solid IT audit experience.
Sound knowledge of internal controls/ internal audit methodologies, risk management together with practical knowledge in this area, including planning and executing audits/test/walkthroughs, and implementing control frameworks within the business/ process.
Solid knowledge of SOX Methodology, SOX issues, IT Controls, and IT Risk
IT literate and very proficient with MS Office Applications. Working knowledge of PowerBI usage and/or VBA Macros is also highly desired.
Currently a Certified Public Accountant (CPA), Certified Information Systems Auditor (CISA) or Certified Risk and Information System Control (CRISC) or having a strong desire to work towards obtaining such certifications.