IRM L&R team is the authority on the legal and regulatory subjects concerning information protection in IRM. Team plays a key role in interfacing with business and IT legal at a time of heightened regulatory activity as nations address risks to critical infrastructure, to the rights of individuals and to transparency and effectiveness of markets, while Shell deploys new technologies and enters new markets to realize its strategy.

L&R team is a group of Legal & Regulatory analysts who identify implement and roll out (including training) IRM policy and process updates needed to address new regulatory requirements and advises the business on IRM related Legal & Regulatory requirements.

The ERM Risk Management team owns the Shell IRM risk assessment process and related policies. Within this team the IRM L&R team focuses on Legal & Regulatory risks and requirements. The L&R Analyst will be part of the IRM L&R team and reports directly to the ERM Risk Manager. The team supports all Shell businesses (global cross-business exposure) and maintains relations with key stakeholders within Shell, such as Shell Ethics and Compliance Office, (IT) Legal, IT and IRM, as well as some external relations.

• Provide sound analysis and advisory on IRM L&R inquiries, and be flexible (as needed) but firm in message delivery (for example, on shortcomings) to ensure that L&R risks are adequately addressed
• Provide in collaboration with Legal sound analysis on IRM related new and changing legal and regulatory requirements and evaluate impact for IRM processes and potential remediation requirements.
• Contribute to the L&R processes simplification, clarity and alignment with (IT) Legal and the additions to the knowledge management system (for example, IRM Connect) to ensure sufficient guidance material is available for project managers, other IRM staff and staff supporting IT solutions.
• Prepare and contribute to L&R reporting requirements such as Business IRM engagements, L&R risk visual updates and training completion.
• Undertake as a SME and be the focal point at least for a L&R subject and deliver risk advice with clarity, respect and diplomacy.
• Determine requirements for training including preparation and embedding L&R processes through training delivery in the IRM, IT and Project community.

We are looking for someone who is able to apply sound professional judgment to identify, assess and advise on L&R risks relating to information management and cybersecurity. The candidate should have a proven record of relations management.

• The ability to balance IRM needs/standards in light of risk and affordability to the Shell Group
• An understanding of and/or previous experiences with IRM and its impact on application development and operations as well as the IT Infrastructure, will be a plus.
• Good understanding and experiences with Audit (both internal and external), Risk management, IT Controls and Business Controls
• Strong interpersonal and negotiating skills at all levels of staff. Ability to lead through influence rather than hierarchical relationships
• Ability to network globally across Group businesses, as well as with external groups.
• A good team player who can work collaboratively to set direction, build, communicate and implement a shared vision with respect to IRM.
• Pro-active and self-motivated
• Analytical and problem-solving skills
• A good understanding of specific governance and overall processes of the Shell Group such as the Shell (IT) Control Framework.
• Knowledge (and application) of Collective and Power BI capability will be an advantage.
• Ability to translate complex and/or regulatory/technical information and synthesize for fit for purpose communication and presentation to relevant stakeholders.
• Prior experience in dealing with legal & regulatory matters is a plus (e.g. Data Privacy (GDPR), Trade Control, Antitrust).