Building Shell's IRM and GDPR team

Published: 24 October 2019

Author: Stuart Parker

Shell is, of course, a well-known Oil & Gas Major. What that means in practical terms, is that much of their business activity is driven by the price of oil. Where the price is low there isn’t the appetite to invest in additional resources. When the price is on the rise, they can take stock and focus on business areas most in need of review.

For me I wanted to share this success story because it is an example of some of the ways we are able to work at Sentinel, that other agencies can’t. We were offered this opportunity because of the great working relationship we have, and we excelled at it because of relationships with candidates and contractors in the market as well as our ability to be flexible and act with the urgency our client needed.


The IRM (Integrated Risk Management) and GDPR (General Data Protection Regulation) teams were an example of this. In 2018 Shell identified 100s of applications across the business, that were in need of improved controls to ensure compliance in cyber security and data protection. They needed a highly scalable team of qualified Information Security professionals, quickly.

Shell’s usual partner organisations didn’t have the availability or skills to supply Shell with what they needed at the time.


Stuart, Director at Sentinel, had previously placed Jeroen in Shell in Iraq. He had thrived there and ended up in the Hague running this programme. Having stayed in touch since 2009, he reached out to see if Stuart could help. Stuart has been with Sentinel for more than 20 years and so, although it sounds cliché, his existing Information Security networks were invaluable.

In a matter of weeks Sentinel were able to get 10 professionals with more than a century of combined experience working on Shell’s project.

The team were deployed across the UK and the EMEA to identify, analyse and document the IRM and GDPR risks with each application throughout Shell. In addition, they designed the required controls, needed to address these risks.


In cooperation with several other consultancy partnerships, this solution gave Shell’s suppliers time to ready their IRM and GDPR practice and take on the BAU activity that followed. This was crucial for making this a success, as it made for a more cost-effective solution and provided an instant solution for a pressing compliance issue.


That said, the team of consultants have been so successful and integrated so well into Shell’s existing teams, that Sentinel are currently working with Shell to find new placements for them elsewhere in the business, helping to get Shell’s applications into a more risk-safe state.

Jeroen Hendriks, Programme Manager GDPR and Lightly Managed Applications IRM Global Functions

“Knowing Stuart, and Sentinel as a recruitment partner I can trust, I was delighted to see that I was able to populate over half my team with excellent professionals, where other existing Shell Suppliers were struggling even to get a couple of candidates of the right calibre. The consultants performed excellently well, and were invaluable in making Shell Global Functions compliant to GDPR, and in addressing cyber security risks in 100s of applications.”

Copyright © 2019 Sentinel. All rights reserved

Brave idea by Venn Digital