Rothesay is the UK’s largest pensions insurance specialist, purpose-built to protect pension schemes and their members’ pensions. With over £60 billion of assets under management, we secure the pensions of more than 930,000 people and pay out, on average, approximately £200 million in pension payments each month.
Rothesay is dedicated to providing excellence in customer service alongside prudent underwriting, a conservative investment strategy and the careful management of risk. We are trusted by the pension schemes of some of the UK’s best known companies to provide pension solutions, including Asda, British Airways, Cadbury, the Civil Aviation Authority, the Co-operative Bank, National Grid, Morrisons, the Post Office and telent.
At Rothesay, we are striving to transform our industry. We believe deeply in creating real security for the future and our leadership in finding new and better ways to do that is the key to our success. To do that, we need the very brightest original thinkers to bring creativity as well as rigour. Rothesay is a rewarding place to work, where quality people can thrive and prosper. We pride ourselves on the connections our people build, many of whom have been with us for over ten years.
Job title:
Technology Auditor
Reports to:
Deputy Chief Auditor
Contract:
Permanent
Responsibilities:
Execution of Audits
1. Execute integrated and technology specific audits covering business and technology applications, distributed platforms, information security, infrastructure, and public cloud.
2. Work as part of a team working on the delivery of audits and projects, some major and/or highly complex, based on the critical assessment of the business, governance, risk and internal control frameworks.
3. Prepare, plan, and execute the audit testing program and assessment of the adequacy of the design and operation of the controls associated with the key risks identified across audit projects, completing the full audit lifecycle with minimal supervision.
4. Perform audit work in accordance with department and professional standards, complete assignments in an efficient manner (on time, accurately and on budget), and provide sound recommendations for any areas for improvement identified.
5. Excellent verbal and written communication skills, as well as good interpersonal skills with the ability to present complex and / or sensitive issues to executive management, and influence change.
6. Manage multiple tasks concurrently in an efficient and effective manner, with good attention to detail.
Reporting and Attendance at Committees
1. Provide input to the reporting to the Audit Committee, as well as reporting to local management committees, and senior management, as required.
2. Attending, as an observer, Rothesay working groups, Steering Committees, Project Boards and other Committees as required, feeding back to the wider audit team, critically contributing to the debate.
3. Interaction with co-source partners and external auditors, and/or regulators, as required.
On Going Findings Remediation
1. Proactively follow up with internal clients on the remediation of management actions arising out of issues identified during audits. Highlight areas of concern to the Chief Auditor in a timely manner.
2. Perform testing and review testing of the evidence provided by internal clients to support the closure of findings raised.
3. Establish and maintain effective working relationships with all business partners, and in particular, Compliance and Risk Management.
4. Contribute to developing a culture of risk awareness throughout the organisation, offering advice and support where necessary.
5. Deliver aspects of the Internal Audit Continuous Monitoring Program, including providing updates for and direct input into the quarterly update and the annual planning processes.
Skills and experience
1. Minimum 5 years experience auditing technology and / or cybersecurity within UK / US regulated financial services, with preference for experience with auditing AWS, Azure, Microsoft365, and/or information security / cyber.
2. Working knowledge of generally accepted technology and information security standards and control practices (e.g., COBIT, NIST, CIS, ISO27001, CSA CCM, ITIL).
3. Good understanding of the current regulatory environment and developments with respect to IT risks and controls, regulatory rules and guidelines, and key current industry topics.
4. Experience with data analytics tools (e.g., Jupyter Notebooks, QlikView, Tableau, Alteryx) and / or coding languages (e.g., SQL, Python, R) desirable.
5. Entry-level technology audit / risk industry certifications not required but desirable, e.g., CISA, CCAK, CISM, CRISC, etc.
6. More advanced information security and public cloud certifications would be an advantage, e.g., CCSP, CISSP, AWS Solutions Architect / Security, Microsoft Azure Administrator / Architect, etc.
7. Experience at stakeholder engagement – a proven track record for developing positive working relationships and influencing stakeholders at all levels, including at the most senior level.
8. Dedication to role– Motivated to provide an effective support service across all facets of role.
9. Team Player– Demonstrates evidence of being a strong team player, collaborates well with others and encourages other admin team members.
10. Communication– Ability to communicate what is relevant and important in a clear, constructive, and concise manner.
11. Organised- Ability to work under pressure and prioritise workload in a fast-paced environment. Ability to work autonomously with limited supervision.
12. Creative and innovative– Looks for ways to improve current processes and help develop creative solutions that have practical value for the admin team.
13. Judgement and Problem Solving– Proactive, sees the big picture and willing to be flexible to solve issues as they arise.
Disclaimer This position description is intended to describe the duties most frequently performed by an individual in this position. It is not intended to be a complete list of assigned duties, but to describe a position level. The role shall be performed within a professional office environment. Rothesay has health and safety polices that are available for all workers upon request. There are no specific health risks associated with the role.
Inclusion Rothesay actively promotes diversity and inclusivity. We know that our success depends on our people and that by nurturing a culture that values difference, we create a stronger, more dynamic business. We welcome applications from all qualified candidates, regardless of race, colour, religion, gender, gender identity or expression, sexual orientation, national origin, genetics, disability or age.
#J-18808-Ljbffr