IT Risk Advisor

What role you will play in our team

The IT Risk Advisor role plays a crucial role in providing IT Security & Risk Management services to the corporation.  IT Risk management professionals help protect the enterprise against threats by using their expertise to design, build, and/or maintain a secure IT risk management environment.  IT Risk Advisors are expected to stay current on emerging standards and technologies to help ensure appropriate, risk based controls guidance.  

More About Us

Come be part of the EMIT Department of ExxonMobil Business Support Center Brasil Ltda. at our Global Business Center (GBC) in Curitiba, with more than 21 years of presence in the country and a workforce of ~1800 employees, that provides support to an extensive portfolio of businesses across the globe.  Our offices are located in Brazil, USA, Europe and Asia.

What you will do

• Advise and assist customers on securing new IT solutions (technology areas such as AI, cloud, SaaS, cybersecurity concerns, etc.)

           - Partner with customers when new IT solutions are implemented, ensuring solutions are secure
          - Work with third party vendors to understand and document their security posture and negotiate IT security contract clauses
          - Complete cyber risk evaluations and conduct specialized cloud security assessments
          - Coordinate cyber vulnerability assessment testing and ensure gaps are mitigated, risks are understood by customer, etc.

• Support projects with all IT risk and security deliverables at various gates/checkpoints
• Coordinate and collaborate on IT Audit preparations and fieldwork.  Assist with validating draft observations and answering auditor queries and shaping responses to draft observations.  Assist with validating final audit report, including risk levels.  Post-audit, provide guidance regarding appropriate closure of identified gaps.
• Lead Unit Internal Assessments (UIA).  Includes providing coordination, test/scope selection and execution, conducting interviews, on-going consulting and identification of control process gaps, determining segment criticality, comment significance, preparation and delivery of preliminary and final reports. Post-UIA, provide guidance regarding appropriate closure of gaps identified.
• IT Risk Assessment Support - Assist customers with conducting IT risk assessments, answer questions on process, consultation on mitigating controls, etc.
• Review exceptions/decision records to IT S&C practices and requirements
• Steward quarterly Audit & Controls reporting, in conjunction with Controllers organization
• Provide updates and stewardship, as required, to senior IT management
• Develop and deliver IT risk topics and conduct S&C training
• Coordinate activities with other IT Risk Advisors supporting other customers
   

About you

Skills and Qualifications

Education and Certifications:
• Bachelor's degree in Computer Science, Information Technology, Cybersecurity, or a related field.
• Professional certifications such as CISSP, CISA, CISM, or equivalent preferred.

Experience:
• Minimum of 5 years of experience in IT security, risk management, or a related field
• Proven experience in developing and implementing security policies and procedures
• Proficiency in IT risk assessment and management methodologies
• Strong understanding of, and an ability to ensure compliance with, industry standards (e.g. NIST, ISO 27001, COBIT)
• Experience in managing security projects from inception to completion"
Skills / Knowledge:
• High initiative and proactive support; seeks to understand customer processes, systems, and risks, and applies controls in a fit-for-risk manner to enable secure operations
• Excellent prioritization skills; understand corporate, business line, and organization objectives, service models and priorities and apply to workload
• Outstanding ability to lead without authority and influence customers and vendors, as it relates to risks to corporation, while maintaining a fit-for-risk mindset
• Strong courage of conviction; ability to make difficult decisions and stand by them, upholding security principles and best practices, even in the face of opposition or adversity
• Excellent verbal and written communication skills:
   - Able to communicate complex security concepts to non-technical stakeholders
   - Able to tailor message to audience, being concise, confident, and assertive
• Ability to work under pressure and meet tight deadlines
• Strong negotiation skills; able to effectively resolve conflict
• Excellent collaboration, flexible and adaptable; ability to work collaboratively with cross-functional teams
• Ability to analyze complex security issues and develop effective solutions
• Strong problem-solving skills and attention to detail
• Commitment to ongoing professional development and staying current with emerging security trends

Preferred Qualifications/ Experience
• Familiarity with relevant laws and regulations (e.g. SOX, GDPR, HIPAA)
• Understanding of cloud security principles and best practices for platforms like AWS, Azure, and Google Cloud
• Experience with cloud security technologies
• Knowledge of AI governance frameworks and best practices
• Ability to foster a culture of security awareness within the organization
• Passionate about coaching and proactively mentors others, shares knowledge
• Innovative and drives business value-add process improvements

Your benefits

An ExxonMobil career is one designed to last. Our commitment to you runs deep: our employees grow personally and professionally, with benefits built on our core categories of health, security, finance, and life.

We offer you: 

• PAE – Programa de Assistência aos Empregados
• Seguro de Vida
• Auxílio Creche/ babá
• Tickets alimentação
• Assistência funeral
• Auxilio Filho Excepcional
• Plano de pensões
• Among others.

Please note benefits may be changed from time to time without notice, subject to applicable law.

Stay connected with us

Learn more at our website

Follow us on LinkedIN

Like us on Facebook 

Subscribe our channel at YouTube

EEO statement

All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, age, sexual orientation, gender identity, national origin, citizenship status, protected veteran status, genetic information, or physical or mental disability.