Senior Technology Risk Manager

Rothesay is a UK insurance company purpose built to protect pensions. We are the largest specialist pension insurer in the UK, managing over £68bn of assets and securing pensions for over 1million policy holders. We secure pensions for over 170 pension schemes and insurers including British Airways, Post Office, ASDA, National Grid and Aegon.

At Rothesay, we are striving to transform our industry. We believe deeply in creating real security for the future and our leadership in finding new and better ways to do that is the key to our success. To do that, we need the very brightest original thinkers to bring creativity as well as rigour. Rothesay is a rewarding place to work, where quality people can thrive and prosper. We pride ourselves on the connections our people build, many of whom have been with us for over ten years.

Job title:                              Senior Technology Risk Manager

Role type:                           Full-time Role

SM&CR classification:        N/A

 The team:

• The Risk Team oversees the business to support exceptional standards of risk management consistent with the high expectations of our stakeholders and Rothesay’s risk appetite.
• The team provides trusted advice and robust challenge in order to enhance decision making and continually improve the identification, mitigation, and monitoring of risks.
• This role will work closely with the Operational Risk team and the wider risk team.

The role:

• Rothesay is mid-way through a major IT transformation project which will materially change the Group’s technology risk profile. Aligned within this change, the Risk Team is now looking to strengthen its technology domain expertise and skill set through the creation of a new, experienced Technology Risk role.
• The Senior Technology Risk Manager is reporting into the Head of Technology Risk and will be responsible for providing Technical independent assurance and oversight over the firm’s Technology stack and technology controls.
• In this role, you will provide constructive challenge of Rothesay’s technology and information security related control environment actively contributing into future improvements.

Job responsibilities:

• Provide independent oversight and assurance over the architecture, security, resilience, and monitoring of AWS and Azure services, workloads, and associated technologies.
• Provide independent oversight and ‘deep-dives’ of technology, cyber and data controls across the firm to ensure alignment with regulatory requirements, internal standards and effective risk mitigation.
• Review and challenge major changes (e.g. new applications, platforms etc.) prior to production deployment identifying potential risks and recommending mitigation strategies.
• Review and challenge technology incidents and risk events, ensuring appropriate root cause analysis and remediation are conducted.
• Provide independent oversight of critical Technology vendors ensuring technology, cyber and data controls meet the risk mitigation expectations of the firm.
• Support the coordination of governance forums, including preparation of materials and facilitation of discussions with senior stakeholders.
• Partner with the Technology teams to promote risk culture and embedding the Technology Risk Management framework.

Skills and experience required for the role:

• Strong experience in DevOps and Agile environments, with practical knowledge of Python and automation tools.
• Strong experience in security standards, including AWS Well-Architected Framework, NIST CSF, OWASP, ISO 27001, and CIS Benchmarks.
• Strong experience in assessing cloud workload migrations, databases, and conducting independent code reviews for compliance and security.
• Proven experience in overseeing technology incidents, conducting root cause analysis, and delivering effective mitigation strategies.
• Good understanding of risk management principles, preferably gained in insurance or financial services sectors.
• Over 10 years of experience in Cyber or Technology SME roles, preferably gained in insurance or financial services sectors.
• Degree in Technology or relevant faculty, CISSP or CCSP certifications is a plus.
• AWS Certified Solutions Architect or AWS Certified Security Specialist, Azure Security Engineer or equivalent.
• Familiarity with AI technologies and their associated risks and controls is a plus.

Rothesay competencies:

• Technical Skills - Demonstrates strong technical skills required for the role, attention to detail, takes initiative to broaden their knowledge and demonstrates appropriate analytical skills.
• Drive and Motivation - Be a self-starter; successfully handles multiple tasks, takes initiative to improve their own performance, works intensely towards extremely challenging goals and persists in the face of obstacles or setbacks.
• Teamwork - Demonstrate evidence of being a strong team player, collaborates with others within and across teams, encourages other team members to participate and contribute and acknowledges others' contributions.
• Communication Skills - Communicates what is relevant and important in a clear and concise manner and shares information/new ideas with others.
• Judgement and Problem solving - Thinks ahead, anticipates questions, plans for contingencies, finds alternative solutions, and identifies clear objectives. Sees the big picture and effectively analyses complex issues.
• Creativity / Innovation - Looks for new ways to improve current processes and develop creative solutions that pragmatic and practical.
• Influencing Outcomes - Presents sound, persuasive rationale for ideas or opinions. Takes a position on issues and influences others' opinions and presents persuasive recommendations.

Disclaimer 

This position description is intended to describe the duties most frequently performed by an individual in this position. It is not intended to be a complete list of assigned duties, but to describe a position level.  The role shall be performed within a professional office environment. Rothesay has health and safety polices that are available for all workers upon request.  There are no specific health risks associated with the role.

Inclusion

Rothesay actively promotes diversity and inclusivity. We know that our success depends on our people and that by nurturing a culture that values difference, we create a stronger, more dynamic business. We welcome applications from all qualified candidates, regardless of race, colour, religion, gender, gender identity or expression, sexual orientation, national origin, genetics, disability, or age.