Operational Risk Manager

Rothesay is the UK’s largest pensions insurance specialist, purpose-built to protect pension schemes and their members’ pensions. With over £69 billion of assets under management, we secure the pensions of nearly one million people and pay out, on average, approximately £350 million in pension payments each month. Rothesay is dedicated to providing excellence in customer service alongside prudent underwriting, a conservative investment strategy and the careful management of risk.

The Risk Team oversees the business to support exceptional risk management standards consistent with the high expectations of our stakeholders and Rothesay’s risk appetite. Operational and Technology Risk provides trusted advice and robust challenge to enhance risk owner decision making and continually improve the identification, mitigation and monitoring of risks.

The role reports to the Head of Operational and Technology Risk and will be responsible for providing 2nd line independent assurance and oversight over the firm’s control functions (inc. Finance, Human Resources and Legal). In this role, you will provide constructive challenge of Rothesay’s related controls and core processes, actively contributing to future improvements and risk mitigation. In addition to ‘day-to-day’ oversight activities, you will be actively involved in reviewing and challenging relevant major change initiatives and third parties.

Job responsibilities:

• Engage proactively with senior stakeholders to ensure operational risks are effectively identified, assessed, managed and reported.
• Provide robust review and challenge of Risk and Control Self‑Assessments (RCSAs), ensuring risks, issues and mitigations are accurately captured in the GRC tool as the system of record.
• Oversee and monitor risk events, ensuring appropriate triage, root cause analysis, reporting and remediation, and that lessons learned are embedded into controls and business processes.
• Lead in‑depth ad‑hoc and read‑across reviews with stakeholders to identify thematic risk issues and required mitigations.
• Maintain a forward‑looking view of emerging risks and regulatory expectations, engaging stakeholders to ensure these are appropriately considered and addressed.
• Provide second line oversight of material third‑party relationships, change initiatives and projects, ensuring operational risks are understood and effectively controlled.
• Direct the analysis of operational risk data (including KRIs, events, issues and assurance outcomes) to produce clear, insightful reports for risk committees and senior management.
• Partner with stakeholders to promote a strong risk culture, embedding robust risk event reporting and sound risk management principles.
• Enable stakeholders to enhance their risk management practices by providing clear, practical guidance on operational risk policies, standards and the use of the GRC tool.
• Support the function’s technical work, including operational risk capital calculation, stress testing and scenario analysis, using internal and external data to inform these assessments.
• Work collaboratively with other Risk teams and assurance functions (e.g. Compliance, Internal Audit) to strengthen the integrated assurance model, minimise duplication and close coverage gaps.

Skills and experience required for the role:

• Proven experience in Operational Risk within financial services or a similarly regulated environment, gained in either a first line controls function or a second line risk role.
• Strong and credible challenger to business stakeholders, with evidenced experience in promoting and embedding risk‑aware cultures.
• Strong communication skills, with the ability to communicate clearly and with impact when engaging internal and external stakeholders.
• Strong experience in applying Operational / Non‑Financial Risk frameworks, including core components such as risk taxonomies and Key Risk Indicators (KRIs).
• Strong experience in leading Risk and Control Self‑Assessments (RCSAs) to proactively identify vulnerabilities and map them to the firm’s risk appetite.
• Demonstrated experience in managing the end‑to‑end lifecycle of operational risk events, including deep‑dive root cause analysis and implementation of long‑term remediation.
• Experience in third‑party and change oversight, ensuring new vendors and change execution remain within risk appetite and align with applicable control requirements.
• Evidence of a pragmatic, commercial approach to operational risk management, enabling continuous improvement of the control environment and risk‑aware culture without overly constraining the business.
• Good awareness of regulatory requirements and expectations in relation to operational risk management, third‑party risk management and operational resilience (e.g. SS1/21, SS2/21, Solvency II), with DORA knowledge beneficial but not essential.
• Relevant professional certifications such as the IRM International Certificate in Operational Risk Management (ICORM), the CISI Managing Operational Risk in Financial Institutions, or the GARP Financial Risk Manager (FRM) are highly advantageous.
• Proficiency in analytical tools and coding skills to develop relevant dashboards and KRIs for senior governance committees is a plus.

Disclaimer: This position description is intended to describe the duties most frequently performed by an individual in this position. It is not intended to be a complete list of assigned duties, but to describe a position level. The role shall be performed within a professional office environment. Rothesay has health and safety policies that are available for all workers upon request. There are no specific health risks associated with the role.

Inclusion: Rothesay actively promotes diversity and inclusivity. We know that our success depends on our people and that by nurturing a culture that values difference, we create a stronger, more dynamic business. We welcome applications from all qualified candidates, regardless of race, colour, religion, gender, gender identity or expression, sexual orientation, national origin, genetics, disability or age.