At a Glance
- Tasks: Join our team to manage external security assurance and drive risk management activities.
- Company: Rothesay is the UK's largest pensions insurance specialist, securing over £68 billion in assets.
- Benefits: Enjoy a dynamic work environment with opportunities for growth and innovation in technology.
- Other info: We're looking for creative thinkers who want to influence secure building practices.
- Why this job: Be part of a transformative journey in securing pensions and making a real impact.
- Qualifications: 5+ years in information security roles; strong knowledge of cyber security and risk management required.
The predicted salary is between 48000 - 72000 € per year.
Information Security Risk Manager – External Assurance
London
Rothesay is the UK’s largest pensions insurance specialist, purpose-built to protect pension schemes and their members’ pensions. With over £68 billion of assets under management, we secure the pensions of more than one million people and pay out, on average, approximately £200 million in pension payments each month. Rothesay is dedicated to providing excellence in customer service alongside prudent underwriting, a conservative investment strategy and the careful management of risk. We are trusted by the pension schemes of some of the UK’s best known companies to provide pension solutions, including British Airways, Cadbury, the Civil Aviation Authority, the Co-Operative, Morrisons, Smiths Industries and Talent.
At Rothesay, we are striving to transform our industry. We believe deeply in creating real security for the future and our leadership in finding new and better ways to do that is the key to our success. To do that, we need the very brightest original thinkers to bring creativity as well as rigour. Rothesay is a rewarding place to work, where quality people can thrive and prosper. We pride ourselves on the connections our people build, many of whom have been with us for over ten years.
Job Title: Information Security Risk Manager – External Assurance
Contract: Permanent
Rothesay is investing heavily in a modern, secure, cloud-native technology stack, backed by executive sponsorship and a multi-year strategic transformation. As part of this journey, we’re expanding our Information Security team to embed security and good risk management into every component of the stack.
This is an opportunity to join a high-impact Information and Technology Risk Management team helping drive strong security practices in our business and with our strategic partners. If you are passionate about securing integrated systems spanning a multiple firms and providers, building relationships across security teams to achieve mutually secure environments, and designing complex recovery plans including multiple organisations, we want to hear from you.
What you’ll do:
You’ll be a member of the Information and Technology Risk Management team, working with a team of experts to drive assurance and risk management activities across the firm.
Your primary focus will be managing our external assurance practice. Your responsibilities will include:
- Collaborate, build relationships with security teams at our important vendors, and work towards best-in-class mutual security. Design and lead activities such as joint incident response testing.
- Build a strong understanding of how 3 rd party systems are used to deliver services to Rothesay pension holders, how they integrate with Rothesay systems, and how to secure the combined systems.
- Contribute to strategic business programs, supporting the business in securing the technology partners it chooses to deliver products and services to our stakeholders.
- Manage an outsourcing arrangement with a vendor who performs security reviews at 3rd parties. Review and challenge assessments the vendor has performed.
- Perform thematic security reviews in relation to vendor and Rothesay systems e.g. SaaS and API security. Report issues identified and recommendations to senior management.
- Build and maintain lightweight processes to ensure new features in vendor systems are identified and evaluated before use.
- Produce (and automate) regular information security reporting dashboards, KPIs, KCIs, and reporting packs for security topics.
- Contribute to the evaluation of security of Artificial Intelligence (AI) internally and in vendor products, and review whether Rothesay uses AI securely and responsibly.
The role is essential for ensuring implementation of the firmwide strategy within the Information Security team.
Other activities include project management, accurately and convincingly representing technical risk and security priorities, measuring key indicators, improving awareness of good security practices, and reporting.
What we’re looking for:
Required:
- Excellent knowledge of information and cyber security, networks, Cloud, and Internet technologies e.g. encryption, APIs and authentication techniques.
- Solid understanding of security in an environment leveraging 3rd party systems.
- Ability to build strong relationships with peers and at key vendor partners.
- Experience in scoping and performing thematic security reviews in relation to Internet based systems e.g. SaaS authentication.
- Adequate knowledge of security risk management e.g. determining impact, likelihood and compensating controls.
- Ability to develop security standards and guidelines based on best practices, regulatory requirements, and industry standards.
- Broad knowledge of information security controls and good practices (experience with the NIST publications and specifically CSF2 would be advantageous).
- Broad knowledge of modern Artificial Intelligence (AI) systems and security topics e.g. prompt engineering.
- Project management abilities (experience with the Atlassian suite of products would be advantageous).
- Strong oral and written communication skills, e.g. engaging workshop facilitation, high quality report writing, etc.
- Experience in information security risk management at a financial services institution would be advantageous.
- Ability to multi-task and manage multiple priorities.
- 5 or more years’ experience in information security aligned roles (e.g. Business Information Security Officer).
- Certification in Cyber Risk and Information Systems such as CISA or CRISC or equivalent (not required but desirable).
- Advanced security certifications such as CISSP or equivalent (not required but advantageous).
- Degree, diploma, or equivalent experience in a technology related field such as Computer Science or Information Sciences (not required but advantageous).
We’re not just looking for someone to implement controls — we’re looking for someone who wants to influence how we build securely, empower vendor owners to have productive conversations about security, and help shift security left in a meaningful, pragmatic way.
Apply for this job
*
indicates a required field
First Name *
Last Name *
Preferred First Name
Email *
Phone
Resume/CV
Enter manually
Accepted file types: pdf, doc, docx, txt, rtf
Enter manually
Accepted file types: pdf, doc, docx, txt, rtf
LinkedIn Profile
Website
Are you connected to any current employees of Rothesay? If yes, please confirm how you are connected. * Select...
Please provide the name and team of your referrer. if you haven\'t been referred please select n/a *
#J-18808-LjbffrInformation Security Risk Manager – External Assurance London employer: Rothesay Life Limited
Rothesay is an exceptional employer, offering a dynamic work environment in London where innovation and security are at the forefront of our mission to protect pensions. With a strong commitment to employee development, we provide ample opportunities for growth within our expanding Information Security team, fostering a culture of collaboration and excellence. Our investment in cutting-edge technology and strategic partnerships ensures that our employees are equipped to thrive in their roles while contributing to meaningful outcomes for over one million pension holders.
StudySmarter Expert Advice🤫
We think this is how you could land Information Security Risk Manager – External Assurance London
✨Tip Number 1
Familiarise yourself with Rothesay's business model and their approach to risk management. Understanding how they integrate security into their cloud-native technology stack will help you demonstrate your alignment with their goals during discussions.
✨Tip Number 2
Network with professionals in the information security field, especially those who have experience in financial services. Engaging with current or former employees of Rothesay on platforms like LinkedIn can provide valuable insights and potentially a referral.
✨Tip Number 3
Prepare to discuss specific examples of how you've successfully managed external assurance practices in previous roles. Highlighting your experience with third-party systems and incident response testing will showcase your relevant expertise.
✨Tip Number 4
Stay updated on the latest trends in information security, particularly around AI and cloud technologies. Being able to speak knowledgeably about these topics will set you apart as a candidate who is not only qualified but also forward-thinking.
We think you need these skills to ace Information Security Risk Manager – External Assurance London
Some tips for your application 🫡
Tailor Your CV:Make sure your CV highlights relevant experience in information security, risk management, and any specific technologies mentioned in the job description. Use keywords from the job listing to demonstrate your fit for the role.
Craft a Compelling Cover Letter:Write a cover letter that showcases your passion for information security and your understanding of Rothesay's mission. Mention specific examples of how you've successfully managed security risks or built relationships with vendors in previous roles.
Highlight Relevant Skills:In your application, emphasise your knowledge of cloud technologies, third-party systems, and security frameworks like NIST. Be sure to mention any certifications you hold that are relevant to the position.
Showcase Communication Abilities:Since strong communication skills are essential for this role, provide examples of how you've effectively communicated complex security concepts to non-technical stakeholders or facilitated workshops in your past positions.
How to prepare for a job interview at Rothesay Life Limited
✨Understand the Role and Responsibilities
Before the interview, make sure you thoroughly understand the job description. Familiarise yourself with the key responsibilities, such as managing external assurance practices and collaborating with security teams. This will help you articulate how your experience aligns with what Rothesay is looking for.
✨Showcase Your Technical Knowledge
Given the technical nature of the role, be prepared to discuss your knowledge of information security, cloud technologies, and third-party systems. Highlight any relevant experience you have with security reviews, risk management, and compliance with industry standards like NIST.
✨Demonstrate Relationship-Building Skills
Rothesay values collaboration with vendors and partners. Be ready to share examples of how you've successfully built relationships in previous roles, particularly in security contexts. This will show that you can effectively work with others to achieve mutual security goals.
✨Prepare for Scenario-Based Questions
Expect scenario-based questions that assess your problem-solving skills in real-world situations. Think about past experiences where you had to manage security risks or lead incident response activities, and be ready to discuss your approach and the outcomes.
