Technology Risk Manager

Join RSA and make a difference every day. Whether you are just beginning your career or looking to take the next progressive step in your journey, RSA Insurance Ireland is an organization where you can be yourself, learn and develop and a place where your ideas and contributions matter. With offices in Belfast, Galway, and Dublin, we have embraced hybrid work empowering our people to work flexibly and to suit their individual needs, which enables them to deliver great service to the customers we look after every day. Our Dublin office is also home to our sister-company 123.ie. At RSA and 123.ie we empower our customers to make a difference in their lives. And the same goes for our employees. We are proud to have 32 different nationalities represented in our workforce. Our diverse customer base benefits from the diverse perspectives of our teams that serve them, solving complex problems with creative ideas. As a proud member of the Intact family, were part of something bigger with a presence in North America, the UK, and Europe. Our business has grown organically and through acquisitions to over $21 billion of total annual premiums. We want you to thrive and grow with us and well give you all the tools, flexibility and learning opportunities you need to do it. And, if you bring your best, then we promise to give you, our best. Culture and Community RSA is a purpose-driven business our purpose is to help people, businesses, and society prosper in good times, and be resilient in bad times. We do that by living our values Integrity, Respect, Customer-driven, Excellence, and Generosity in everything that we do. We provide an open and honest workplace where everybody contributes, and every view is listened-to and respected. Generosity is in our DNA and is the value that guides and enables our people to help others, protect the environment and make our communities more resilient. It drives our efforts to care for people and to give our time, financial resources and talent. Were also committed to helping society adapt to a changing climate taking reasonable care to ensure that our business activities are conducted in an environmentally sustainable manner. Our stats dont lie in our annual engagement survey 87% of our people celebrate the diversity in their teams and the wider company 90% of our people feel safe to speak up and share if theyve made a mistake 91% of our people feel valued and respected by leadership 89% of our people are benefiting and thriving through our hybrid working model So if you want to make a difference every day, wed love to have you. Technology Risk Manager The role of Technology Risk Manager is a key position within our business. This role will involve advising, guiding and supporting IT leadership and management in carrying out their technology risk management responsibilities. The role will also involve designing, developing, monitoring, and reporting on Technology Risk, Control and Compliance frameworks and maintaining our IT policies, procedures, standards, guidelines, and reporting requirements. In addition, this role will be responsible for co-ordinating and supporting Line 2, Line 3, external, and regulatory IT audit activity, resulting actions and remediation plans. This role is also responsible for managing Line 1 IT Control testing activities to deliver against the agreed plan. A key responsibility of this role is the effective management and facilitation of Technology Risk Reporting on behalf of the CIO. Regular and accurate Technology Risk Reporting, that can be easily and clearly interpreted by the business, is key to enabling Senior and Executive Management and the Board understand any potential exposure to the organisation. Reporting to the Head of Technology Risk Management, this role will work closely with the IT teams within the CIO function, our IT Outsource partners and the Risk, Financial Control and Audit teams locally and across the Group. The role holder will work with key business stakeholders across all RSAI locations, providing advice, and guidance on managing technology risks and concerns, and ensuring compliance with the appropriate policies and standards. This role will also act as operational manager, coach and mentor to a team of SME technology risk professionals. Key Responsibilities: Managing and facilitating Technology Risk reporting on behalf of the CIO to local executive management, Committees, Board, Group and Regulatory bodies. Attending committees to provide updates as required. Building strong key business stakeholder relationships with Line 2, Line 3, External auditors, IT teams, Business teams, and IT Outsource partners to ensure effective working relationships. Facilitating and supporting all Line 2, Line 3, external and regulatory IT audit and assurance activity, and resulting actions and remediation plans across RSAII. Supporting the Head of Technology Risk Management with strategic planning of Line 1 IT Control testing activities. Managing Line 1 IT Control testing activities in conjunction with our strategic partner to deliver IT policy requirement and control objective testing in line with agreed plan. Advising, guiding and supporting management in carrying out their technology risk management responsibilities in all aspects of technology risk including identification, assessment, triage, evaluation and management of technology risks. Providing technology Risk and Compliance related advice, support and assistance to all business areas to ensure compliance with policies, procedures, standards, guidelines and reporting requirements. Designing, developing, monitoring and reporting on technology Risk, Control and Compliance frameworks including the CIO Risk Profile, IT Risk Appetite and associated Governance Frameworks, associated tooling and reporting submissions. Representing the RSAII Technology Risk Management team at Regional IT risk fora and committees. Providing oversight and maintenance of a centralised Enterprise Risk Management Technology Risk Register and remediation action tracker for RSAII. Chairing and facilitating technology Risk Meetings within the CIO function and acting as Technology Risk Champion for the CIO function. Co-ordinating the quarterly IRE CIO Risk and Control Committee. Providing oversight of compliance to IT related policies and any gaps identified by internal staff, 3rd parties and IT Outsourcers providers and ensuring they are addressed through IT risk management process. Guiding and advising management in the preparation, review and approval of technology related remediation plans and localisation/policy adjustments for IT related policies. Monitoring, oversight and tracking of all technology remediation actions and plans from L1, L2, L3, external audit, and regulatory assurance activities. Completing quality assurance review and challenge of IT Control testing detailed testing workpapers to provide RSAII oversight on testing activities completed. Acting as operational manager, coach and mentor to a team of SME technology risk professionals to further develop their competencies in technology risk management practices. Demonstrating the RSAII values of Integrity, Respect, Customer-Driven, Generosity and Excellence in carrying out all responsibilities within this role. Acting as delegate for the Head of Technology Risk Management as required. Requirements: In-depth knowledge of Technology Risk Management, IT Governance principles, Information Security risks and controls, IT processes and infrastructure and/or IT external audit or IT internal audit experience of 5+ years is preferable. Strong experience is Stakeholder Management across Technology Risk Management, Audit, Assurance activities. Strong knowledge of IT General Controls (Change Management, Logical Access, and IT Operations [backup and recovery, problem and incident management and job scheduling]) General knowledge of IT Controls testing would be an advantage. Experience working with 3rd party outsourced providers. CISA, CRISC, CISM, CISSP or similar certification is desirable. 3rd level qualification in related discipline such as Information Systems, Operational Risk Management, Business Management is desirable. Eagerness to increase technology risk management and control environment knowledge. Strong English proficiency Problem Solving mindset and Can-Do Attitude Based in Ireland - Hybrid/Dundrum Office Regulatory Requirements: If this role is defined as a "controlled function" by the Central Bank Reform Act 2010 Regulations 2011. Any appointment will be conditional on the company being satisfied that you meet the requirements as set out in the Fitness & Probity standards issued in this Act. RSA Insurance Ireland DAC and its affiliate companies consider applicants on the basis of qualifications and without regard to race, colour, religion, sex, national origin, age, marital or veteran status, sexual orientation, disability or any other legally protected status Skills: IT Risk Management IT Audit Controls testing