Job title: Technology Risk Manager 

Contract: Permanent         

‘Rothesay’ is a UK insurance company purpose built to protect pensions. We are the largest specialist pension insurer in the UK, managing over £60bn of assets and securing pensions for over 800,000 people. We secure pensions for over 170 pension schemes and insurers including British Airways, Post Office, ASDA, National Grid and Aegon.

At Rothesay, we are striving to transform our industry. We believe deeply in creating real security for the future and our leadership in finding new and better ways to do that is the key to our success. To do that, we need the very brightest original thinkers to bring creativity as well as rigour. Rothesay is a rewarding place to work, where quality people can thrive and prosper. We pride ourselves on the connections our people build, many of whom have been with us for over ten years.


The Operational Risk Team provides insight and assurance to the business to support exceptionally high standards of operational risk management and resilience. We act as trusted advisors to enhance decision making and continually improve the identification, mitigation, and monitoring of operational risks.

Rothesay is in the early stages of major initiatives to redevelop and modernise its full technology stack, transition to Cloud technologies, and further mature our information security capabilities. To support this technology journey, the Operational Risk Team is looking to strengthen its technology domain expertise and skill set through the creation of a dedicated technology risk role.


Working as part of the Operational Risk Team, you will lead the second line assurance of current and emerging technology risks in the business. In this role you will provide constructive challenge of technology and information security related activities and decisions and help shape a deeper, more informed approach to managing technology risk.

You will work closely with senior stakeholders in the technology teams and the wider business in order to provide assurance to the Board and Senior Exec. that technology and information security risks are being managed within appetite.

Key Responsibilities

As a senior member of the team, your responsibilities will include:

  • provide actionable insight to the business on how the control environment around technology risks can be further improved and be maintained as our technology footprint changes;
  • develop and maintain the Group’s technology risk management framework, policies, and standards;
  • articulate the Group’s risk appetite technology risk and define appropriate KRIs and limits consistent with this appetite;
  • enhance 2nd line activity in relation to technology and cyber related incidents, risks, controls, and metrics in line with the wider operational risk management framework;
  • lead the ongoing second line oversight of technology change programmes;
  • deliver operational risk “deep dive” reviews to provide targeted assurance around the operational risks and surrounding controls in relation to specific areas of the Group’s infrastructure, systems, and services;
  • run the scenario analysis process to explore and assess material technology and cyber threats;
  • engage with teams across the business to provide consistent, risk based review and challenge of the technology risks that arise internally and oversee 1st line adherence to risk and control standards;
  • engage with vendor owners, our technology teams, and our third-parties directly to provide 2nd line assurance around the technology risks at our key third-parties;
  • support the further strengthening of the Group’s operational resilience to system outage and cyber disruption, including enhanced resilience monitoring and stress testing;
  • work collaboratively with other teams within the Risk function and other assurance functions (compliance, internal audit, etc.) to support and strengthen our integrated assurance model.

Skills & Experience

  • knowledge of key technologies including cloud infrastructure, SaaS platforms, IT networks, and information security systems;
  • experience working in or supporting the technology department of a financial services organisation, ideally including involvement with major technology change programmes;
  • detailed understanding of the controls and metrics to manage and monitor technology risks;
  • up-to-date knowledge of market practice and industry standards / frameworks in relation to technology governance and risk management, e.g. ISO, NIST, COBIT, ITIL, etc.;
  • strong awareness of cyber threats vectors and defensive / preventative measures to protect against such threats;
  • strong oral and written communication skills, e.g. engaging workshop facilitation, high quality report writing, etc.;
  • ability to build strong relationships with peers across the 3 lines of defence;
  • pragmatic, commercial approach to technology risk management to enable continuous improvement of the control environment and risk aware culture without overly constraining the business; and
  • a desire to support the ongoing improvement of the Operational Risk Management framework and deliver increased value to the business.

Disclaimer This position description is intended to describe the duties most frequently performed by an individual in this position. It is not intended to be a complete list of assigned duties, but to describe a position level.  The role shall be performed within a professional office environment. Rothesay has health and safety polices that are available for all workers upon request.  There are no specific health risks associated with the role.


Diversity & Inclusion

Rothesay actively promotes diversity and inclusivity. We know that our success depends on our people and that by nurturing a culture that values difference, we create a stronger, more dynamic business. We welcome applications from all qualified candidates, regardless of race, colour, religion, gender, gender identity or expression, sexual orientation, national origin, genetics, disability or age. 

Apply for this Job

* Required
resume chosen  
(File types: pdf, doc, docx, txt, rtf)
cover_letter chosen  
(File types: pdf, doc, docx, txt, rtf)