Technology Risk Management Specialist


Job Ref:
2507

Job Title:
Technology Risk Management Specialist

Location:
Dundrum - Dublin 16

Closing date:
Close date not set

Vacancy Description

Join RSA and make a difference every day. 

Whether you are just beginning your career or looking to take the next progressive step in your journey, RSA Insurance is an organization where you can be yourself, learn and develop and a place where your ideas and contributions matter.  

With offices in Belfast, Galway, and Dublin, we have embraced hybrid work empowering our people to work flexibly and to suit their individual needs, which enables them to deliver great service to the customers we look after every day. Our Dublin office is also home to our sister-company 123.ie.        

At RSA and 123.ie we empower our customers to make a difference in their lives. And the same goes for our employees. We are proud to have 32 different nationalities represented in our workforce. Our diverse customer base benefits from the diverse perspectives of our teams that serve them, solving complex problems with creative ideas. 

 As proud member of the Intact family, we’re part of something bigger with a presence in North America, the UK, and Europe. Our business has grown organically and through acquisitions to over $21 billion of total annual premiums. 

We want you to thrive and grow with us – and we’ll give you all the tools, flexibility and learning opportunities you need to do it.

 And, if you bring your best, then we promise to give you, our best. 

 

Culture and Community 

 RSA is a purpose-driven business – our purpose is to ‘help people, businesses, and society prosper in good times, and be resilient in bad times’.  

 We do that by living our values – Integrity, Respect, Customer-driven, Excellence, and Generosity – in everything that we do. 

 We provide an open and honest workplace – where everybody contributes, and every view is listened-to and respected.  

 Generosity is in our DNA and is the value that guides and enables our people to help others, protect the environment and make our communities more resilient. It drives our efforts to care for people and to give our time, financial resources and talent. We’re also committed to helping society adapt to a changing climate taking reasonable care to ensure that our business activities are conducted in an environmentally sustainable manner.  

 

Our stats don’t lie… in our annual engagement survey  

87% of our people celebrate the diversity in their teams and the wider company  

90% of our people feel safe to speak up and share if they’ve made a mistake  

91% of our people feel valued and respected by leadership  

89% of our people are benefiting and thriving through our hybrid working model 

 

 

 

Technology Risk Management Specialist

The role of the Technology Risk Management Specialist is an important role within the Technology Risk Management and wider Integrated Technology Solutions (ITS) team. This key role will involve providing knowledge, guidance, and support in relation to technology risk management to support our IT leaders and teams in carrying out their IT/technology risk management responsibilities.  The role will also involve supporting our IT teams in maintaining compliance with RSAII IT policies, procedures, standards, guidelines and reporting requirements.

In addition, this role will help to co-ordinate testing and assurance activites across Line 1, Line 2, Line 3, external, and regulatory IT assurance and audit requirements. In particular, this role will be involved in the co-ordination of activities to ensure compliance with Canadian regulatory requirements, and also Line 1 IT Control testing activities performed by a key strategic partner.

This role will also help co-ordinate IT/technology risk reporting activities including quarterly IT/technology risk reporting to meet reporting requirements and to provide management information (MI) as required to satisfy adhoc IT/technology risk reporting requests. IT/Technology Risk Governance also forms part of the teams activities and this role will co-ordinate IT/technology risk related governance/meetings (both internal and third party) and outputs as required.

The Technology Risk Management Specialist will work closely with the different teams across Integrated Technology Solutions (including Service Delivery, DevOps, IT Architecture, Resilience and Security, Technology Enablement and Transformation and Data and Analytics teams), and key business and assurance stakeholders across RSAII and the RSA UKI region to enhance the IT control environment.  The role will also involve working with key third party stakeholders from an IT/technology risk and control perspective to support the management of IT/technology risks and issues and further enhance IT/technology risk and control activities.

RSAII is working within an increasingly dynamic technology risk environment so this role will also be involved in enhancements to IT/technology risk related activities as RSAII moves towards a wholly Cloud operated environment and looks forward to the future in implementing new regulatory requirements such as CBI Guidelines on Operational Resilience and the Digital Operational Resilience Act (DORA) amongst other key IT risk industry developments.

 

Key Responsibilities:

  • Working collaboratively with the different teams across Integrated Technology Solutions (including Service Delivery, DevOps, IT Architecture, Resilience and Security, Technology Enablement and Transformation and Data and Analytics teams), and key business and assurance stakeholders across RSAII and the RSA UKI region to enhance the IT control environment.
  • Working with key strategic third-party partners from an IT/technology risk and control perspective to support the management of IT/technology risks and issues and further enhance IT/technology risk and control activities.
  • Co-ordinating IT/technology risk reporting activities as required to support the Senior Technology Risk Management Specialist in the delivery of quarterly IT/technology risk reporting submissions and to provide management information (MI) as required to satisfy adhoc IT/technology risk reporting requests.
  • Supporting IT/Technology Risk Governance activities by co-ordinating IT/technology risk related governance/meetings (both internal and third party) and outputs as required and assisting with risk identification, assessment, triage, evaluation and management.
  • Supporting management in maintaining compliance with RSAII IT policies, procedures, standards, guidelines and reporting requirements and in documenting and tracking any non-compliance to policy through the established remediation plan agreed (RPA) process.
  • Co-ordinate testing and assurance activites, including where relevant evidence submission, across Line 1, Line 2, Line 3, external, and regulatory activity, and remediation plans in support to the Senior Technology Risk Management Specialist.
  • Working closely with the Financial Control team in support to the Senior Technology Risk Management Specialist in relation to Canadian regulatory requirements testing to co-ordinate supporting activities such as IT control self-assessments, operational effectiveness testing and year end attestations and reporting to ensure annual compliance.
  • Supporting the Senior Technology Risk Management Specialist in the development of an annual IT Control Testing plan, agreeing this with the Head of Technology Risk Management, IT Leadership, and the CIO, and supporting the communication of this plan to impacted stakeholders.
  • Co-ordinating and supporting IT control testing activities and walkthroughs with our key strategic partner and control owners including agreement with management where any control design and/or operational effectiveness weaknesses have been identified and assist in the identification of appropriate remediation activities.
  • Supporting the oversight and RSAII sample-based QA review of IT Control testing workpapers documented by our strategic partner to ensure appropriate documentation of test execution and outcomes in line with the UKI IT Control Validation Guidance.
  • Joint responsibility as part of the Technology Risk Management team in maintaining a centralised IT Risk Register, audit and Remediation Plan Agreed (RPA) and Risk Acceptance (RA) action tracker for RSAII.
  • Reporting periodically on the status of IT/technology remediation activities and progress to relevant stakeholders and/or committees and impacted control owners/control operators to include escalation of any overdue remediation actions so they can be managed effectively to closure.
  • Acting as delegate to the Senior Technology Risk Management Specialist as required.
  • Demonstrating the RSAII values of Integrity, Respect, Customer-Driven, Generosity and Excellence in carrying out all responsibilities within this role.

Requirements:

  • General knowledge of IT/technology Risk Management, IT Governance principles, Information Security risks and controls, IT processes and infrastructure and/or IT external audit or IT internal audit experience of 2-3 years is preferable
  • Experience in Stakeholder Management across Technology Risk Management, Audit, Assurance activities
  • Knowledge of IT General Controls (Change Management, Logical Access, and IT Operations [backup and recovery, problem and incident management and job scheduling])
  • General knowledge of IT Controls testing would be an advantage
  • Experience working with 3rd party outsourced providers
  • CISA, CRISC, CISM, CISSP or similar certification is desirable
  • Eagerness to increase IT/technology risk management and control environment knowledge
  • Problem Solving mindset and Can-Do Attitude
  • Based in Ireland – Hybrid/Dundrum Office

 

Regulatory Requirements:

  • If this role is defined as a “controlled function” by the Central Bank Reform Act 2010 Regulations 2011. Any appointment will be conditional on the company being satisfied that you meet the requirements as set out in the Fitness & Probity standards issued in this Act.

 

RSA Insurance Ireland DAC and its affiliate companies consider applicants on the basis of qualifications and without regard to race, colour, religion, sex, national origin, age, marital or veteran status, sexual orientation, disability or any other legally protected status.

 

 


Visit Amris