IT Risk and Compliance Manager - Dublin

RSA is one of the world's leading general insurers and a FTSE 100 Company with a heritage dating back over 300 years, and we are proud of it!
Our products are high quality and innovative – just ask our 20 million customers in over 100 countries.
We provide a great service to our customers when they need us most. That’s why we’re always looking at new and innovative ways in which to improve our service for our customers. We set new standards in the industry every day.
 
Excellent Career Opportunity for a IT Risk and Compliance Manager to join a dynamic & innovative team.

The job of IT Risk and Compliance Manager is a key position within our business. The role will involve Managing IT Risk across the Irish operations of RSA Insurance. Reporting to the Head of Information Security, IT Risk and (IT) Compliance, you will work closely with the IT teams in RSA and 123.ie, our IT Outsource partners and the Risk, Financial Control and Audit teams locally and across the Group.

You will work with key business representatives in locations in Dublin, Galway and Belfast, providing advice, managing risks and concerns, and ensuring compliance with the appropriate policies and standards.

A key feature of this role is the development of RSA’s IT Risk management and control validation capabilities and maturity. This will involve adherence to and development of existing Risk Management/Appetite/Validation Frameworks, IT Risk processes and reporting both locally and in association with your colleagues across the RSA Group.

You and your team will also be responsible for managing all IT audit/assurance activity and the tracking and reporting of resulting actions, remediation plans and risk acceptances. You will have good experience of the Risk, audit and compliance aspects of IT, preferably from a large FS company and/or consultancy firm.  

Key Responsibilities:

• Development and management of RSA’s IT Risk management and control validation capabilities/frameworks, processes in conjunction with local, regional and Group colleagues
• Managing local and Group IT Risk reporting on behalf of the IT function to local executive management, Committees, Board, Group executives, Regulatory bodies
• Tracking and managing all IT remediation actions and plans, for example, from internal Risk Management, Validation/ Assurance and internal and external/Compliance audit activities
• Management, oversight and governance of all IT control validation in IT by RSA colleagues and IT Outsource partners, including design and operational effectiveness testing of control operation
• Operation of IT control validation within your functional area
• Identification of emerging IT Risks and management of local IT risk registers. Management and oversight of IT risk assessment activities within the IT function
• Assistance in preparation, review and approval of IT related remediation plans and localisation/policy adjustments for IT related policies
• Management and support for Assurance (2nd line) and Audit (3rd line) activities related to IT including acting as a central point of contact for all audit activity
• IT representative at UK&WE Financial Control Framework Committee
• Liaison with UK& International Technical Operational Risk Management team, GIA, Risk, Compliance teams
• Providing IT Risk and Compliance related advice, support and assistance to all areas/RSAII subsidiaries to ensure compliance with policies, procedures, standards, guidelines and reporting requirements. E.g. Attendance at project risk workshops.
• Management IT Risk and Compliance training/awareness programmes
• Management and support for EUCA tooling and country managing owner for the End User Computing policy

Requirements:

• A recognized university degree or equivalent, specializing in computer science, information systems, computer forensics, or information security.
• Minimum 10 years’ IT experience, ideally in a multi-national FS environment/ IT consultancy firm to include 5+ years in IT Risk/IT Audit with management experience
• IT Security experience and experience in working with and governing IT Outsourcers an advantage

The following Industry certification are desirable:

• CRISC, CISA or similar certification
• CISSP (Certified Information System Security Professional), SANS or similar
• IT / Computing Security Certifications (Cisco, Microsoft, Oracle, etc.)

RSA Insurance Ireland DAC and its affiliate companies consider applicants on the basis of qualifications and without regard to race, colour, religion, sex, national origin, age, marital or veteran status, sexual orientation, disability or any other legally protected status