Technology Risk Management Specialist
RSA Insurance
- Southside Dublin Dundrum, Co Dublin
- Permanent
- Full-time
- Working collaboratively with the different teams across Integrated Technology Solutions (including Service Delivery, DevOps, IT Architecture, Resilience and Security, Technology Enablement and Transformation and Data and Analytics teams), and key business and assurance stakeholders across RSAII and the RSA UKI region to enhance the IT control environment.
- Working with key strategic third-party partners from an IT/technology risk and control perspective to support the management of IT/technology risks and issues and further enhance IT/technology risk and control activities.
- Co-ordinating IT/technology risk reporting activities as required to support the Senior Technology Risk Management Specialist in the delivery of quarterly IT/technology risk reporting submissions and to provide management information (MI) as required to satisfy adhoc IT/technology risk reporting requests.
- Supporting IT/Technology Risk Governance activities by co-ordinating IT/technology risk related governance/meetings (both internal and third party) and outputs as required and assisting with risk identification, assessment, triage, evaluation and management.
- Supporting management in maintaining compliance with RSAII IT policies, procedures, standards, guidelines and reporting requirements and in documenting and tracking any non-compliance to policy through the established remediation plan agreed (RPA) process.
- Co-ordinate testing and assurance activites, including where relevant evidence submission, across Line 1, Line 2, Line 3, external, and regulatory activity, and remediation plans in support to the Senior Technology Risk Management Specialist.
- Working closely with the Financial Control team in support to the Senior Technology Risk Management Specialist in relation to Canadian regulatory requirements testing to co-ordinate supporting activities such as IT control self-assessments, operational effectiveness testing and year end attestations and reporting to ensure annual compliance.
- Supporting the Senior Technology Risk Management Specialist in the development of an annual IT Control Testing plan, agreeing this with the Head of Technology Risk Management, IT Leadership, and the CIO, and supporting the communication of this plan to impacted stakeholders.
- Co-ordinating and supporting IT control testing activities and walkthroughs with our key strategic partner and control owners including agreement with management where any control design and/or operational effectiveness weaknesses have been identified and assist in the identification of appropriate remediation activities.
- Supporting the oversight and RSAII sample-based QA review of IT Control testing workpapers documented by our strategic partner to ensure appropriate documentation of test execution and outcomes in line with the UKI IT Control Validation Guidance.
- Joint responsibility as part of the Technology Risk Management team in maintaining a centralised IT Risk Register, audit and Remediation Plan Agreed (RPA) and Risk Acceptance (RA) action tracker for RSAII.
- Reporting periodically on the status of IT/technology remediation activities and progress to relevant stakeholders and/or committees and impacted control owners/control operators to include escalation of any overdue remediation actions so they can be managed effectively to closure.
- Acting as delegate to the Senior Technology Risk Management Specialist as required.
- Demonstrating the RSAII values of Integrity, Respect, Customer-Driven, Generosity and Excellence in carrying out all responsibilities within this role.
- General knowledge of IT/technology Risk Management, IT Governance principles, Information Security risks and controls, IT processes and infrastructure and/or IT external audit or IT internal audit experience of 2-3 years is preferable
- Experience in Stakeholder Management across Technology Risk Management, Audit, Assurance activities
- Knowledge of IT General Controls (Change Management, Logical Access, and IT Operations [backup and recovery, problem and incident management and job scheduling])
- General knowledge of IT Controls testing would be an advantage
- Experience working with 3rd party outsourced providers
- CISA, CRISC, CISM, CISSP or similar certification is desirable
- Eagerness to increase IT/technology risk management and control environment knowledge
- Problem Solving mindset and Can-Do Attitude
- Based in Ireland - Hybrid/Dundrum Office