IT Risk & Controls Analyst

Job Ref:

Job Title:
IT Risk & Controls Analyst

Dundrum - Dublin 16

Closing date:
Close date not set

Vacancy Description

RSA and

Founded in 1710, we are a 300-year-old organisation that is empowering people to put the right things in place to prepare them for their future so that they can live a more fulfilled life free from worry and anxiety.

Built on resilience, expertise and human empathy, we provide insurance that makes people’s lives easier. We learn from our experiences and build on our strengths every day to deliver the best products and services in the market. We are always searching for the best protection for our customers with our extensive range of Commercial and Personal Lines products driven by our network of Insurance brokers, scale partners and via our brand.

With a global footprint, we have leading positions in Scandinavia, Canada, the UK, Ireland and Middle East. In Ireland, we have offices in Belfast, Galway and Dublin, where we empower our people work flexibly to suit their needs and those of our customers.  We know that if we plan for tomorrow, we can truly make a positive impact on people’s lives today. 

Looking to the future In order to be there for our customers during their greatest challenges we are looking for like-minded individuals who will embrace our strategy:

Our Vision — our ambition:
Prepared to make the difference

Our Mission — how we will live our vision:
Harnessing human expertise with agile technology

Our Purpose — why we go to work every day:
To empower people

Our Values — our DNA:
Love simplicity, Better every day, Do the right thing, Boundless ambition
We’re looking for people that are open, engaged, curious and striving to make a real difference – not only in their own lives – but in the lives of those around them.

Culture and Community

Culture and community is a key priority within our organisation. 
We strive to create a diverse and vibrant workforce where everyone feels valued and everyone’s voice is heard. 
In RSA and career progression is nurtured and performance is recognised. We help people move forward in life that’s why we put steps in place to encourage our colleagues to learn, adapt and grow.
We cultivate an open and transparent culture where people can be their true selves. RSA and support a stimulated workforce where individuals feel more fulfilled in their role and more comfortable in who they are as a person. Most importantly, we care about our environment and the communities around us.
We support programmes and events that give back and enhance the lives of the vulnerable and those in need. We have a dedicated Corporate Responsibility programme that facilitates new ways of thinking to help reduce our carbon footprint, protect our planet for future generations and give back to our communities. 

IT Risk & Controls Analyst – Dublin 

Excellent opportunity for an experienced IT Risk & Controls Analyst to join our IT Risk team in Dublin.  This is a key role within our IT Risk, Control and Compliance.  The IT Risk & Controls Analyst will be involve providing knowledge, guidance and support in IT Risk, Control and Compliance functions.  

You will spend most of your time supporting, testing and reporting on IT Risk, Control and Compliance frameworks. You will be responsible for coordinating, executing and reporting on the outcomes of all IT controls testing within the 1st line of defence.  
You will also be responsible for IT controls testing exceptions (arising from either design or operating ineffectiveness) and ensuring that these are raised, understood and agreed with Management in terms of ratings, recommendations and remedial actions and tracking these until eventual closure. 

 You will work closely with IT, IT Risk and IT Security colleagues in RSAII, other RSAII areas and across the Group and our outsourced partners to enhance our IT control framework.  You will work with key business and IT representatives, providing advice, supporting the management of IT risks and issues, and supporting compliance with the appropriate RSA policies and standards.  You will have good knowledge of the IT Risk, Control and Compliance aspects of IT.


Key Responsibilities:

  • Generating an IT controls testing plan annually for the current year period, agreeing this with the IT Risk and Compliance Manager and communicating this plan to impacted stakeholders (i.e., control owners / control operators) timely and in advance of commencing testing.
  • Conducting IT control walkthroughs in order to understand the control end-to-end and select a sample of one operation of the control in order to assess the design adequacy/design effectiveness of the control.  Where any control design issues have been identified, you will raise these as issues to Management as needed for control remediation activity to be performed and tracked.
  • Conducting operational effectiveness testing (only for IT controls which have been deemed to be effective by design (per above)) of IT controls on a sample basis and in line with RSAII sampling guidelines.
  • Ensuring that IT control testing is planned and executed in compliance with the Group IT Control Validation Framework considering a risk-based approach and adopting requirements of the overall Framework
  • Documenting the outcomes and conclusions of all IT controls testing to a high-quality manner within agreed templates and with robust audit evidence such that the testing can be reviewed by Management with minimal review points or reperformed by Risk/Group Internal Audit/External Audit.
  • Reporting all IT control effectiveness and/or ineffectiveness to control owners/control operators in a timely fashion.
  • Reporting periodically on the status of IT controls testing and remediation progress to the IT Risk and Compliance Manager, relevant committees and impacted control owners/control operators.
  • Escalating overdue actions resulting from IT controls testing to IT Risk and Compliance Manager and impacted control owners/control operators as needed.
  • Working closely with the FCF function in terms of all aspects of IT general controls (ITGC) testing which relate to and are relied upon for internal financial control purposes.
  • Working closely with our IT External Auditors to ascertain whether they wish to place reliance on our IT controls testing for external audit purposes and, if so, that all required updates to our testing are made to align to our IT External Auditors’ requirements.
  • Working closely with the IT Risk Analyst and Management to ensure that the IT risk profile appropriately reflects any issues identified because of IT controls testing.
  • Working closely with the IT Risk Analyst and Management to ensure that our IT controls testing appropriately supplements and compliments our IT Control Validation process/activity.
  • Providing IT Risk and Compliance related advice, support and assistance to all business areas/RSAII subsidiaries to ensure compliance with policies, procedures, standards, guidelines and reporting requirements.
  • Satisfaction of stakeholders with IT risk & compliance guidance, support, and advice.
  • Improvement in the management of IT risks, controls and IT related remediation plans, IT operational effectiveness.
  • % of IT controls testing completed versus plan.



  • Professional services IT external audit or IT internal audit experience of 2-3 years is preferable 
  • Experience executing detailed IT Controls testing
  • Strong knowledge of IT General Controls (Change Management, Logical Access and IT Operations [backup and recovery, problem and incident management and job scheduling])
  • Solid understanding of IT Risk Management, IT Governance principles, Information Security risks and controls, IT processes and infrastructure
  • Experience working with 3rd party outsourced providers
  • CISA, CRISC, CISM, CISSP or similar certification is desirable
  • IT External Audit experience, preferably in FS with a Big 4 firm or IT Internal Audit experience/ Experience executing detailed IT Controls testing.
  • Experience in various aspects of IT Risk, IT Control and IT Compliance roles.
  • Experience of Information Security, governance and risk frameworks.
  • Specialised professional recognised as highly competent in their discipline. 
  • Has awareness of latest emerging IT threats and emerging IT risks with good verbal and written communication skills.


RSA Insurance Ireland DAC and its affiliate companies consider applicants on the basis of qualifications and without regard to race, colour, religion, sex, national origin, age, marital or veteran status, sexual orientation, disability or any other legally protected status.

Visit Amris