Listing Description

Rothesay is a UK insurance company purpose built to protect pensions. We are the largest specialist pension insurer in the UK, managing over £60bn of assets and securing pensions for over 830,000 people. We secure pensions for over 170 pension schemes and insurers including British Airways, Post Office, ASDA, National Grid and Aegon.

At Rothesay, we are striving to transform our industry. We believe deeply in creating real security for the future and our leadership in finding new and better ways to do that is the key to our success. To do that, we need the very brightest original thinkers to bring creativity as well as rigour. Rothesay is a rewarding place to work, where quality people can thrive and prosper. We pride ourselves on the connections our people build, many of whom have been with us for over ten years.

Job title: Information Security Governance Risk & Controls Apprentice

Reporting into: Head of Information Security

Information Security

The Information Security team works across the business to drive business resilience and information assurance across operational, development and business teams. They’re responsible for Rothesay ’s ability to maintain the confidentiality, integrity and availability of Rothesay’s systems and maintain the reputation of the organisation.

Under the leadership of the Chief Technology Officer, Rothesay has launched a multi-year project, Project Quest, to redevelop and modernize the full technology stack, encompassing pricing and other analytics, risk management, market data and trade capture and reporting.

Project Quest is progressing well and we are in the early stages of migrating functionality onto cloud infrastructure, which provides an exciting opportunity for the information security team to become even more closely involved in the project, including defining and implementing cloud controls, designing and establishing secure connectivity, managing identities in a cloud first ecosystem, and designing best in class security operations.

The Role

We are looking for an Information Security GRC Apprentice to join this high performing team and help deliver exceptional value to the business. The successful candidate will be hard working, driven and have communication skills that enables operation with stakeholders at all levels across the business to drive effective security assurance.  The successful applicant will be expected to integrate into a small team and hit the ground running, picking up technologies and processing quickly and supporting to drive the transformation of the organisation into a risk focused information security practice.

Responsibilities:

• Work with the Information Security Assurance Lead to support in the development and maintenance of an effective technology and security governance framework, supported by robust policies, standards, controls and processes utilising industry standards, regulatory requirements and considering the current threat landscape


• Support Rothesay’s digital’s transformation by playing a pivotal role in developing, embedding and maintaining a technology control framework to operate securely and efficiently, ensuring continuous assurance and monitoring across the environment


• Support in the day to day management of the Information Technology and Information Security Risk process with focus on identifying risks and driving risk reduction and process improvements


• Support strategic change initiatives, BAU activity, and projects with practical and sound Information Security support


• Support the Information Security Assurance Lead in maintaining MI, Key Risk Indicators (KRIs) relating to the security control environment and feed information across various governance groups


• Support incident investigations and the completion of relevant mitigating steps aimed at containing and recovering from the incident in order to minimise impact to Rothesay.


• Contribute to compliance efforts across ISO22301 and IS027001 and supporting ongoing annual recertification efforts across the firm.


• Support information security awareness activities and focus on building a cyber-aware culture at Rothesay by regularly driving awareness on relevant cyber security themes


• Support Third party information security risk management due diligence activities.


• Contribute to driving improvements across Rothesay’s BCP framework and resilience initiatives


• Maintain reliable, up-to-date information on security trends and government regulations, especially in the financial services industry

Skills and Experience:

Required:

• Must have Information security knowledge mainly around process, risk management and controls


• Understanding of various technologies such as cloud infrastructure, endpoint protection, DLP, insider threat protection and mobile device protection and the drive/passion to learn about new technologies


• Understanding of Information Security practices across multiple technologies including cloud.


• Ability to work as part of an extended IT team with shared strategy and vision


• Ability to communicate with stakeholders at all levels and external suppliers


• Organised with a proven ability to prioritise workload, meet deadlines, and utilise time effectively

Preferred:

• Knowledge of controls frameworks and how to evaluate control effectiveness and identify any potential gaps between information technology and security risks and existing controls


• Experience in conducting risk assessments and working through risk treatment remediation plans


• Experience in conducting vendor assessments or audits is beneficial


• Foundational understanding of ISO27001 and ISO22301 frameworks is beneficial

Inclusion

Rothesay actively promotes diversity and inclusivity. We know that our success depends on our people and that by nurturing a culture that values difference, we create a stronger, more dynamic business. We welcome applications from all qualified candidates, regardless of race, colour, religion, gender, gender identity or expression, sexual orientation, national origin, genetics, disability or age.