IT Risk Advisor

**About us**

At ExxonMobil, our vision is to lead in energy innovations that advance modern living and a net-zero future. As one of the world’s largest publicly traded energy and chemical companies, we are powered by a unique and diverse workforce fueled by the pride in what we do and what we stand for.

The success of our Upstream, Product Solutions and Low Carbon Solutions businesses is the result of the talent, curiosity and drive of our people. They bring solutions every day to optimize our strategy in energy, chemicals, lubricants and lower-emissions technologies.

We invite you to bring your ideas to ExxonMobil to help create sustainable solutions that improve quality of life and meet society’s evolving needs. Learn more about **our What and our Why** and how we can** **work** together**.

**What role you will play in our team**:
The IT Risk Advisor role plays a crucial role in providing IT Security & Risk Management services to the corporation. IT Risk management professionals help protect the enterprise against threats by using their expertise to design, build, and/or maintain a secure IT risk management environment. IT Risk Advisors are expected to stay current on emerging standards and technologies to help ensure appropriate, risk based controls guidance.

**More About Us**:
Come be part of the EMIT Department of ExxonMobil Business Support Center Brasil Ltda. at our Global Business Center (GBC) in Curitiba, with more than 21 years of presence in the country and a workforce of ~1800 employees, that provides support to an extensive portfolio of businesses across the globe. Our offices are located in Brazil, USA, Europe and Asia.

**What you will do**:

- Advise and assist customers on securing new IT solutions (technology areas such as AI, cloud, SaaS, cybersecurity concerns, etc.)
- Partner with customers when new IT solutions are implemented, ensuring solutions are secure
- Work with third party vendors to understand and document their security posture and negotiate IT security contract clauses
- Complete cyber risk evaluations and conduct specialized cloud security assessments
- Coordinate cyber vulnerability assessment testing and ensure gaps are mitigated, risks are understood by customer, etc.
- Support projects with all IT risk and security deliverables at various gates/checkpoints
- Coordinate and collaborate on IT Audit preparations and fieldwork. Assist with validating draft observations and answering auditor queries and shaping responses to draft observations. Assist with validating final audit report, including risk levels. Post-audit, provide guidance regarding appropriate closure of identified gaps.
- Lead Unit Internal Assessments (UIA). Includes providing coordination, test/scope selection and execution, conducting interviews, on-going consulting and identification of control process gaps, determining segment criticality, comment significance, preparation and delivery of preliminary and final reports. Post-UIA, provide guidance regarding appropriate closure of gaps identified.
- IT Risk Assessment Support - Assist customers with conducting IT risk assessments, answer questions on process, consultation on mitigating controls, etc.
- Review exceptions/decision records to IT S&C practices and requirements
- Steward quarterly Audit & Controls reporting, in conjunction with Controllers organization
- Provide updates and stewardship, as required, to senior IT management
- Develop and deliver IT risk topics and conduct S&C training
- Coordinate activities with other IT Risk Advisors supporting other customers

**About you**:
**Skills and Qualifications**

**Education and Certifications**:

- Bachelor's degree in Computer Science, Information Technology, Cybersecurity, or a related field.
- Professional certifications such as CISSP, CISA, CISM, or equivalent preferred.

**Experience**:

- Minimum of 5 years of experience in IT security, risk management, or a related field
- Proven experience in developing and implementing security policies and procedures
- Proficiency in IT risk assessment and management methodologies
- Strong understanding of, and an ability to ensure compliance with, industry standards (e.g. NIST, ISO 27001, COBIT)
- Experience in managing security projects from inception to completion"

**Skills / Knowledge**:

- High initiative and proactive support; seeks to understand customer processes, systems, and risks, and applies controls in a fit-for-risk manner to enable secure operations
- Outstanding ability to lead without authority and influence customers and vendors, as it relates to risks to corporation, while maintaining a fit-for-risk mindset
- Strong courage of conviction; ability to make difficult decisions and stand by them, upholding security principles and best practices, even in the face of opposition or adversity
- Excellent verbal and written communication skills:

- Able to communicate complex security concepts to non-technical stakeholders
- Able to tail