Senior Technology Risk Manager

Rothesay is a UK insurance company purpose built to protect pensions. We are the largest specialist pension insurer in the UK, managing over £68bn of assets and securing pensions for over 1million policy holders. We secure pensions for over 170 pension schemes and insurers including British Airways, Post Office, ASDA, National Grid and Aegon.

At Rothesay, we are striving to transform our industry. We believe deeply in creating real security for the future and our leadership in finding new and better ways to do that is the key to our success. To do that, we need the very brightest original thinkers to bring creativity as well as rigour. Rothesay is a rewarding place to work, where quality people can thrive and prosper. We pride ourselves on the connections our people build, many of whom have been with us for over ten years.

Job title:                        Senior Technology Risk 

Role type:                      Permanent

SM&CR classification: N/A

The team:

• The Risk Team oversees the business to support exceptional standards of risk management consistent with the high expectations of our stakeholders and Rothesay’s risk appetite
• The team provides trusted advice and robust challenge in order to enhance decision making and continually improve the identification, mitigation, and monitoring of risks
• This role will work closely with the wider risk teams including the Operational Risk team

The role:

• Rothesay is mid-way through a major IT transformation project which will materially change the Group’s technology risk profile. Aligned within this change, the Risk Team is now looking to strengthen its technology domain expertise and skill set through the creation of a new, senior technology focused role
• The Senior Technology Risk SME is reporting into the Head of Technology Risk and will be responsible for providing Technical independent assurance and oversight over the firm’s Technology stack and technology controls.
• In this role, you will provide constructive challenge of Rothesay’s technology and information security related control environment actively contributing into future improvements

Job responsibilities:

• Provide independent oversight and assurance of AWS and Azure services, workloads, and their associated technologies.
• Review and challenge technology controls across the full technology stack to ensure alignment with regulatory and internal risk standards.
• Conduct independent reviews of changes related to cloud services, databases, and code deployments, identifying potential risks and recommending mitigation strategies.
• Oversee and monitor technology incidents and risk events, ensuring appropriate root cause analysis, reporting, and remediation are conducted.
• Support the coordination of senior risk management forums, including preparation of materials and facilitation of discussions with senior stakeholders.
• Participate in change reviews, ensuring risks related to technology transformation and development processes are adequately managed.
• Ensure alignment with industry standards and frameworks, such as NIST, ISO 27001, and COBIT.
• Partner with DevOps and development teams to drive a secure-by-design culture and promote robust engineering practices.

Skills and experience required for the role:

• AWS Certified Solutions Architect or AWS Certified Security Specialist; Azure Security Engineer or equivalent.
• Strong experience in DevOps and Agile environments, with practical knowledge of Python and automation tools.
• Familiarity with security and risk management standards, including AWS Well-Architected Framework, NIST CSF, OWASP, ISO 27001, and CIS Benchmarks.

Proven experience in overseeing technology incidents, conducting risk event analysis, and delivering effective risk mitigation strategies.

• Expertise in assessing cloud workloads, databases, and conducting independent code reviews for compliance and security.
• Good understanding of risk management principles, preferably gained within insurance or financial services sectors.
• Familiarity with AI technologies and their associated risks and controls is a plus.

Rothesay competencies:

• Technical Skills - Demonstrates strong technical skills required for the role, attention to detail, takes initiative to broaden their knowledge and demonstrates appropriate analytical skills
• Drive and Motivation - Be a self-starter; successfully handles multiple tasks, takes initiative to improve their own performance, works intensely towards extremely challenging goals and persists in the face of obstacles or setbacks
• Teamwork - Demonstrate evidence of being a strong team player, collaborates with others within and across teams, encourages other team members to participate and contribute and acknowledges others' contributions
• Communication Skills - Communicates what is relevant and important in a clear and concise manner and shares information/new ideas with others
• Judgement and Problem solving - Thinks ahead, anticipates questions, plans for contingencies, finds alternative solutions and identifies clear objectives. Sees the big picture and effectively analyses complex issues
• Creativity / Innovation - Looks for new ways to improve current processes and develop creative solutions that are grounded in reality and have practical value
• Influencing Outcomes - Presents sound, persuasive rationale for ideas or opinions. Takes a position on issues and influences others' opinions and presents persuasive recommendations

Disclaimer 

This position description is intended to describe the duties most frequently performed by an individual in this position. It is not intended to be a complete list of assigned duties, but to describe a position level.  The role shall be performed within a professional office environment. Rothesay has health and safety polices that are available for all workers upon request.  There are no specific health risks associated with the role.

Inclusion

Rothesay actively promotes diversity and inclusivity. We know that our success depends on our people and that by nurturing a culture that values difference, we create a stronger, more dynamic business. We welcome applications from all qualified candidates, regardless of race, colour, religion, gender, gender identity or expression, sexual orientation, national origin, genetics, disability, or age.