IT Controls Analyst – Dublin
Excellent opportunity for an experienced IT Controls Analyst to join our IT Risk team in Dublin. This is a key role within our IT Risk, Control and Compliance. The IT Controls Analyst will be involve providing knowledge, guidance and support in IT Risk, Control and Compliance functions.
You will spend most of your time supporting, testing and reporting on IT Risk, Control and Compliance frameworks. You will be responsible for coordinating, executing and reporting on the outcomes of all IT controls testing within the 1st line of defence.
You will also be responsible for IT controls testing exceptions (arising from either design or operating ineffectiveness) and ensuring that these are raised, understood and agreed with Management in terms of ratings, recommendations and remedial actions and tracking these until eventual closure.
You will work closely with IT, IT Risk and IT Security colleagues in RSAII, other RSAII areas and across the Group and our outsourced partners to enhance our IT control framework. You will work with key business and IT representatives, providing advice, supporting the management of IT risks and issues, and supporting compliance with the appropriate RSA policies and standards. You will have good knowledge of the IT Risk, Control and Compliance aspects of IT.
Headquartered in London, we have over 12,500 people supporting our 9 million customers, in over 100 countries. We’ve a long-standing reputation in Ireland too and have been providing insurance solutions to the Irish market since 1721. With teams in Dublin, Belfast and Galway we support our customers through our affinity and broker channels and our 123.ie business.
We are committed to building an inclusive culture of continued development, with our people at the very heart of it. ‘Your Best U’ is our people brand and reflects our desire for everyone to bring the very best version of themselves to work every day and we build our culture on our values of love simplicity, do the right thing, be better every day and boundless ambition. We are a flexible employer and understand the need to balance work and life outside the office. This is a flexible role with the ability to Headquartered in London, we have over 12,500 people supporting our 9 million customers, in over 100 countries. We’ve a long-standing reputation in Ireland too and have been providing insurance solutions to the Irish market since 1721. With teams in Dublin, Belfast and Galway we support our customers through our affinity and broker channels and our 123.ie business.
We are committed to building an inclusive culture of continued development, with our people at the very heart of it. ‘Your Best U’ is our people brand and reflects our desire for everyone to bring the very best version of themselves to work every day and we build our culture on our values of love simplicity, do the right thing, be better every day and boundless ambition. We are a flexible employer and understand the need to balance work and life outside the office. This is a flexible role with the ability to work dynamically.
- Generating an IT controls testing plan annually for the current year period, agreeing this with the IT Risk and Compliance Manager and communicating this plan to impacted stakeholders (i.e., control owners / control operators) timely and in advance of commencing testing.
- Conducting IT control walkthroughs in order to understand the control end-to-end and select a sample of one operation of the control in order to assess the design adequacy/design effectiveness of the control. Where any control design issues have been identified, you will raise these as issues to Management as needed for control remediation activity to be performed and tracked.
- Conducting operational effectiveness testing (only for IT controls which have been deemed to be effective by design (per above)) of IT controls on a sample basis and in line with RSAII sampling guidelines.
- Ensuring that IT control testing is planned and executed in compliance with the Group IT Control Validation Framework considering a risk-based approach and adopting requirements of the overall Framework
- Documenting the outcomes and conclusions of all IT controls testing to a high-quality manner within agreed templates and with robust audit evidence such that the testing can be reviewed by Management with minimal review points or reperformed by Risk/Group Internal Audit/External Audit.
- Reporting all IT control effectiveness and/or ineffectiveness to control owners/control operators in a timely fashion.
- Reporting periodically on the status of IT controls testing and remediation progress to the IT Risk and Compliance Manager, relevant committees and impacted control owners/control operators.
- Escalating overdue actions resulting from IT controls testing to IT Risk and Compliance Manager and impacted control owners/control operators as needed.
- Working closely with the FCF function in terms of all aspects of IT general controls (ITGC) testing which relate to and are relied upon for internal financial control purposes.
- Working closely with our IT External Auditors to ascertain whether they wish to place reliance on our IT controls testing for external audit purposes and, if so, that all required updates to our testing are made to align to our IT External Auditors’ requirements.
- Working closely with the IT Risk Analyst and Management to ensure that the IT risk profile appropriately reflects any issues identified because of IT controls testing.
- Working closely with the IT Risk Analyst and Management to ensure that our IT controls testing appropriately supplements and compliments our IT Control Validation process/activity.
- Providing IT Risk and Compliance related advice, support and assistance to all business areas/RSAII subsidiaries to ensure compliance with policies, procedures, standards, guidelines and reporting requirements.
- Satisfaction of stakeholders with IT risk & compliance guidance, support, and advice.
- Improvement in the management of IT risks, controls and IT related remediation plans, IT operational effectiveness.
- % of IT controls testing completed versus plan.
- Professional services IT external audit or IT internal audit experience of 2-3 years is preferable
- Experience executing detailed IT Controls testing
- Strong knowledge of IT General Controls (Change Management, Logical Access and IT Operations [backup and recovery, problem and incident management and job scheduling])
- Solid understanding of IT Risk Management, IT Governance principles, Information Security risks and controls, IT processes and infrastructure
- Experience working with 3rd party outsourced providers
- CISA, CRISC, CISM, CISSP or similar certification is desirable
- IT External Audit experience, preferably in FS with a Big 4 firm or IT Internal Audit experience/ Experience executing detailed IT Controls testing.
- Experience in various aspects of IT Risk, IT Control and IT Compliance roles.
- Experience of Information Security, governance and risk frameworks.
- Specialised professional recognised as highly competent in their discipline.
- Has awareness of latest emerging IT threats and emerging IT risks with good verbal and written communication skills.
RSA Insurance Ireland DAC and its affiliate companies consider applicants on the basis of qualifications and without regard to race, colour, religion, sex, national origin, age, marital or veteran status, sexual orientation, disability or any other legally protected status.