Join RSA and make a difference every day.

At RSA and we empower our customers to make a difference in their lives. And the same goes for our employees.

We have offices in Belfast, Galway and Dublin, where we’ve embraced hybrid working and empower our people to work flexibly to suit their needs and those of our customers. Our Dublin office is also home to our sister-company 123.ie.

Our diverse customer base benefits from the diverse perspectives of our teams that serve them, solving complex problems with creative ideas.

As proud member of the Intact family, we’re part of something bigger with a presence in North America, the UK, and Europe. Our business has grown organically and through acquisitions to over $20 billion of total annual premiums. 

We want you to succeed with us and grow with us – and we’ll give you the tools, flexibility and learning opportunities you need to do it. 

And, if you bring your best, then we promise to give you, our best.

Culture and Community

RSA is a purpose-driven business – our purpose is to ‘help people, businesses, and society prosper in good times, and be resilient in bad times’.

We do that by living our values – Integrity, Respect, Customer-driven, Excellence, and Generosity – in everything that we do.

We provide an open and honest workplace – where everybody contributes, and every view is listened-to and respected.

Generosity is in our DNA and is the value that guides and enables our people to help others, protect the environment and make our communities more resilient. It drives our efforts to care for people and to give our time, financial resources and talent. We’re also committed to helping society adapt to a changing climate taking reasonable care to ensure that our business activities are conducted in an environmentally sustainable manner.

Our stats don’t lie… in our annual engagement survey

95% of our people are committed to driving innovation and change

91% of our people celebrate the diversity in their teams and wider company

90% of our people feel safe to share they’ve made a mistake

89% of our people strive to recognise colleagues for the amazing work they do

89% of our people know how their job supports the company’s strategy

So if you want to make a difference every day, we’d love to have you.

IT Risk and Compliance Specialist 

The role of the IT Risk and Compliance Specialist is an important role within the IT Risk and Compliance and wider Integrated Technology Solutions (ITS) teams. This key role will involve providing knowledge, guidance, and support in relation to IT Risk and Compliance Management to support our IT leaders and teams in carrying out their IT risk management responsibilities.  The role will also involve supporting our IT teams in maintaining compliance with RSAII IT policies, procedures, standards, guidelines, and reporting requirements.

In addition, this role will help to co-ordinate validation and assurance activates across Line 1, Line 2, Line 3, external, and regulatory IT assurance, and audit requirements. This role will be involved in the co-ordination of activities to ensure compliance with Canadian regulatory requirements, and Line 1 IT Control validation testing activities performed by a key strategic partner.

This role will also help co-ordinate IT risk reporting activities including quarterly IT risk reporting to meet reporting requirements and to provide management information (MI) as required to satisfy adhoc IT risk reporting requests. IT Risk Governance also forms part of the teams’ activities, and this role will co-ordinate IT risk related governance/meetings (both internal and third party) and outputs as required.

The IT Risk and Compliance Specialist will work closely with the different teams across Integrated Technology Solutions (including Service Delivery, IT Architecture, Resilience and Security, Technology Enablement and Transformation and Data and Analytics teams), and key business and assurance stakeholders across RSAII and the RSA UKI region to enhance the IT control environment.  The role will also involve working with key third party stakeholders from an IT risk and control perspective to support the management of IT risks and issues and further enhance IT risk and control activities.

RSAII is working within an increasingly dynamic IT risk environment so this role will also be involved in enhancements to IT risk related activities as RSAII moves towards a wholly Cloud operated environment and looks forward to the future in implementing new regulatory requirements such as CBI Guidelines on Operational Resilience and the Digital Operational Resilience Act (DORA) amongst other key IT risk industry developments.

Key Responsibilities:

• Working collaboratively with the different teams across Integrated Technology Solutions (including Service Delivery, IT Architecture, Resilience and Security, Technology Enablement and Transformation and Data and Analytics teams), and key business and assurance stakeholders across RSAII and the RSA UKI region to enhance the IT control environment.
• Working with key strategic third-party partners from an IT risk and control perspective to support the management of IT risks and issues and further enhance IT risk and control activities.
• Co-ordinating IT risk reporting activities as required to support the Senior IT Risk and Compliance Specialist in the delivery of quarterly IT risk reporting submissions and to provide management information (MI) as required to satisfy adhoc IT risk reporting requests.
• Supporting IT Risk Governance activities by co-ordinating IT risk related governance/meetings (both internal and third party) and outputs as required and assisting with risk identification, assessment, triage, evaluation, and management.
• Supporting management in maintaining compliance with RSAII IT policies, procedures, standards, guidelines, and reporting requirements and in documenting and tracking any non-compliance to policy through the established remediation plan agreed (RPA) process.
• Co-ordinate validation and assurance activities, including where relevant evidence submission, across Line 1, Line 2, Line 3, external, and regulatory activity, and remediation plans in support to the Senior IT Risk and Compliance Specialist.
• Working closely with the Financial Control team in support to the Senior IT Risk and Compliance Specialist in relation to Canadian regulatory requirements testing to co-ordinate supporting activities such as IT control self-assessments, operational effectiveness testing and year end attestations and reporting to ensure annual compliance.
• Supporting the Senior IT Risk and Compliance Specialist in the development of an annual IT Control Validation plan, agreeing this with the Head of IT Risk and Compliance and supporting the communication of this plan to impacted stakeholders.
• Co-ordinating and supporting IT control validation activities and walkthroughs with our key strategic partner and control owners including agreement with management where any control design and/or operational effectiveness weaknesses have been identified and assist in the identification of appropriate remediation activities.
• Supporting the oversight and RSAII sample-based QA review of IT Control Validation testing workpapers documented by our strategic partner to ensure appropriate documentation of test execution and outcomes in line with the UKI IT Control Validation Guidance.
• Joint responsibility as part of the IT Risk and Compliance team in maintaining a centralised IT Risk Register, audit and Remediation Plan Agreed (RPA) and Risk Acceptance (RA) action tracker for RSAII.
• Reporting periodically on the status of IT remediation activities and progress to relevant stakeholders and/or committees and impacted control owners/control operators to include escalation of any overdue remediation actions so they can be managed effectively to closure.
• Acting as delegate to the Senior IT Risk and Compliance Specialist as required.
• Demonstrating the RSAII values of Integrity, Respect, Customer-Driven, Generosity and Excellence in carrying out all responsibilities within this role.

Requirements:

• General knowledge of IT Risk Management, IT Governance principles, Information Security risks and controls, IT processes and infrastructure and/or IT external audit or IT internal audit experience of 2-3 years is preferable
• Experience in Stakeholder Management across IT Risk Management, Audit, Assurance activities
• Knowledge of IT General Controls (Change Management, Logical Access, and IT Operations [backup and recovery, problem and incident management and job scheduling])
• General knowledge of IT Controls testing would be an advantage
• Experience working with 3rd party outsourced providers
• CISA, CRISC, CISM, CISSP or similar certification is desirable
• Eagerness to increase IT risk management and control environment knowledge
• Problem Solving mindset and Can-Do Attitude
• Based in Ireland - Hybrid/Dundrum Office

 RSA Insurance Ireland DAC and its affiliate companies consider applicants on the basis of qualifications and without regard to race, colour, religion, sex, national origin, age, marital or veteran status, sexual orientation, disability or any other legally protected status