IT Controls Analyst – Dublin
RSA is one of the world's leading general insurers and a FTSE 100 Company with a heritage dating back over 300 years, and we are proud of it!
Our products are high quality and innovative – just ask our 20 million customers in over 100 countries.
We provide a great service to our customers when they need us most. That’s why we’re always looking at new and innovative ways in which to improve our service for our customers. We set new standards in the industry every day.
New career opportunity for an experienced IT Controls Analyst to be involved in managing IT Risks as part of the IT Security, Risk and Compliance team in Dublin.
You will spend most of your time designing, enhancing and testing IT controls operating to support IT Operations in RSA Insurance (inc. 123.ie). As part of the IT Security, Risk and Compliance team you will help develop new controls based on leading practice frameworks and test their design and operating effectiveness.
This is an important role as part of growing and experienced seven-person team with significant responsibility and opportunity to learn and develop. The team has grown significantly in the last 12 months. External certifications/courses are encouraged as part of your professional development.
You will manage and report on the IT Controls tested, assist in the resolution of control deficiencies found and track them to resolution. You will work closely with the IT Security, Service Delivery, Architecture and Programme change functions and our IT Outsourcing partners. You will also work closely with Line 2 Risk and Line 3 Internal audit colleagues across the organisation.
You will have a significant role in enhancing our IT control framework. You will work with key business and IT representatives in our multiple Irish locations. You will also liaise with colleagues in RSAs other operations in UK, Middle East, Canada and Scandinavia. You will have exposure to leading practice tooling and technologies.
You will provide advice, support the management of IT risks, issues and controls, and support compliance with the appropriate RSA policies and standards and regulatory expectations.
- Management of the operation of an IT controls testing plan annually, agreeing this with the IT Risk and Compliance Manager and communicating this plan to impacted stakeholders (i.e., control owners / control operators) timely and in advance of commencing testing.
- Conducting IT control walkthroughs to understand the process, technologies and controls end-to-end and assess the design adequacy/design effectiveness of the control.
- Conducting operational effectiveness testing of IT controls (initially IT General Controls, extending to complex technical controls over time) on a sample basis and in line with RSAII sampling guidelines.
- Documenting the outcomes and conclusions of all IT controls testing to a high-quality manner with agreed templates and with robust audit evidence.
- Reporting all IT control effectiveness and/or ineffectiveness to control owners/control operators in a timely fashion.
- Analysis of control design and enhancement of our IT Control validation and Key Risk indicator frameworks and processes to meet emerging control and regulatory requirements.
- Reporting periodically on the status of IT controls testing and remediation progress to the IT Risk and Compliance Manager, relevant committees/Boards and impacted control owners/control operators.
- Escalating overdue actions resulting from IT controls testing to IT Risk and Compliance Manager and impacted control owners/control operators as needed.
- Working closely with the Financial Controls function in terms of all aspects of IT general controls (ITGC) testing which relate to and are relied upon for internal financial control purposes.
- Working closely with our IT External Auditors in the coordination of their IT related controls testing for the purposes of placing reliance on their effective operation.
- Working closely with the IT Risk Analyst and IT Management to ensure that our IT risk profile, risk appetite statements etc. appropriately reflects any issues identified as a result of IT controls testing.
- Providing IT Risk and Compliance related advice, support and assistance to all business areas/RSAII subsidiaries to ensure compliance with policies, procedures, standards, guidelines and reporting requirements.
- IT external audit or IT internal audit experience of 2-3 years is highly desirable
- Strong knowledge of IT general controls (Change Management, Logical Access and IT Operations [backup and recovery, problem and incident management and job scheduling])
- Solid understanding of IT Risk Management, IT Governance principles, Information Security risks and controls, IT processes and infrastructure
- Experience working in Financial Services, professional services firms an advantage
- CISA, ITIL, CRISC, CISM, CISSP or similar certification is preferable
RSA Insurance Ireland DAC and its affiliate companies consider applicants on the basis of qualifications and without regard to race, colour, religion, sex, national origin, age, marital or veteran status, sexual orientation, disability or any other legally protected status.