Rothesay is a UK insurance company purpose built to protect pensions. We are the largest specialist pension insurer in the UK, managing over £62bn of assets and securing pensions for over 800,000 people. We secure pensions for over 170 pension schemes and insurers including British Airways, Post Office, ASDA, National Grid and Aegon.
At Rothesay, we are striving to transform our industry. We believe deeply in creating real security for the future and our leadership in finding new and better ways to do that is the key to our success. To do that, we need the very brightest original thinkers to bring creativity as well as rigour. Rothesay is a rewarding place to work, where quality people can thrive and prosper. We pride ourselves on the connections our people build, many of whom have been with us for over ten years.
Execution of Audits
- Work as part of a team working on the delivery of audits and projects, some major and/or highly complex, based on the critical assessment of the business, governance, risk and internal control frameworks.
- Prepare, plan and execute the audit testing program and assessment of the adequacy of the design and operation of the controls associated with the key risks identified across audit projects, completing the full audit lifecycle with minimal supervision.
- Perform audit work in accordance with department and professional standards, complete assignments in an efficient manner (on time, accurately and on budget), and provide sound recommendations for any areas for improvement identified.
- Excellent verbal and written communication skills, as well as good interpersonal skills with the ability to present complex and / or sensitive issues to executive management, and influence change.
- Manage multiple tasks concurrently in an efficient and effective manner, with good attention to detail.
- Execute integrated and technology specific audits covering business and technology applications, distributed platforms, information security, infrastructure, and public cloud.
Reporting and Attendance at Committees
- Provide input to the reporting to the Audit Committee, as well as reporting to local management committees and senior management as required.
- Attending, as an observer, Rothesay working groups, Steering Committees, Project Boards and other Committees as required, feeding back to the wider audit team, critically contributing to the debate.
- Interaction with co-source partners, external auditors and/or regulators, as required.
On Going Findings Remediation
- Proactively follow up with internal clients on the remediation of management actions arising out of issues identified during audits. Highlight areas of concern to the Chief Auditor in a timely manner.
- Perform testing and review testing of the evidence provided by internal clients to support the closure of findings raised.
- Establish and maintain effective working relationships with all business partners, and in particular, Compliance and Risk Management.
- Contribute to developing a culture of risk awareness throughout the organisation, offering advice and support where necessary.
- Deliver aspects of the Internal Audit Continuous Monitoring Program, including providing updates for and direct input into the quarterly update and the annual planning processes.
Skills and experience
- Bachelor's degree in Technology or Finance with extensive experience in internal or external technology audit.
- Financial services experience preferred, e.g. Insurance / Reinsurance / Pensions / Capital Markets, etc.
- Minimum 3 years' experience auditing technology and/or cybersecurity within UK / US regulated financial services.
- Experience at stakeholder engagement – a proven track record for developing positive working relationships and influencing stakeholders at all levels, including at the most senior level.
- Solid knowledge and experience auditing applications, general computing, information security, and end user computing risks and associated controls.
- Knowledge of distributed technologies considered a plus along with a good understanding of controls related to operating system and database platforms. Working knowledge of physical or public network and infrastructure security also an advantage.
- Working knowledge of generally accepted technology and information security standards and control practices (e.g. ITIL, COBIT, ISO27001, CIS, CSA CCM, NIST, etc.).
- Good understanding of the current regulatory environment and developments with respect to IT risks and controls, regulatory rules and guidelines, and key current industry topics.
- Experience with data analytics tools and / or coding languages desirable.
- Entry-level technology audit / risk industry certifications not required but desirable, e.g. CISA, CCAK, CISM, CRISC, etc.
- More advanced information security and public cloud certifications would be an advantage, e.g. CISSP, CCSP, AWS Certified Solutions Architect (Associate or Professional), AWS Certified Security Specialty, etc.