Rothesay is the UK’s largest pensions insurance specialist, purpose-built to protect pension schemes and their members’ pensions. With over £69 billion of assets under management, we secure the pensions of nearly one million people and pay out, on average, approximately £350 million in pension payments each month. Rothesay is dedicated to providing excellence in customer service alongside prudent underwriting, a conservative investment strategy and the careful management of risk. We are trusted by the pension schemes of some of the UK’s best known companies to provide pension solutions, including British Airways, Cadbury’s, the Civil Aviation Authority, the Co-Operative Group, National Grid, NatWest, Morrisons and Telent. At Rothesay, we are striving to transform our industry. We believe deeply in creating real security for the future and our leadership in finding new and better ways to do that is the key to our success. To do that, we need the very brightest original thinkers to bring creativity as well as rigour. Rothesay is a rewarding place to work, where quality people can thrive and prosper. We pride ourselves on the connections our people build, many of whom have been with us for over ten years. Job title: Operational Risk Manager Role type: Permanent The team: The Risk Team oversees the business to support exceptional risk management standards consistent with the high expectations of our stakeholders and Rothesay’s risk appetite. Operational and Technology Risk provides trusted advice and robust challenge to enhance risk owner decision making and continually improve the identification, mitigation and monitoring of risks. The role: The role reports to the Head of Operational and Technology Risk and will be responsible for providing 2nd line independent assurance and oversight over the firm’s control functions (inc. Finance, Human Resources and Legal). In this role, you will provide constructive challenge of Rothesay’s related controls and core processes, actively contributing to future improvements and risk mitigation. In addition to ‘day-to-day’ oversight activities, you will be actively involved in reviewing and challenging relevant major change initiatives and third parties. Job responsibilities: As a senior member of the team, your responsibilities will include: Engage proactively with senior stakeholders to ensure operational risks are effectively identified, assessed, managed and reported. Provide robust review and challenge of Risk and Control Self-Assessments (RCSAs), ensuring risks, issues and mitigations are accurately captured in the GRC tool as the system of record. Oversee and monitor risk events, ensuring appropriate triage, root cause analysis, reporting and remediation, and that lessons learned are embedded into controls and business processes. Lead in‑depth ad‑hoc and read‑across reviews with stakeholders to identify thematic risk issues and required mitigations. Maintain a forward‑looking view of emerging risks and regulatory expectations, engaging stakeholders to ensure these are appropriately considered and addressed. Provide second line oversight of material third‑party relationships, change initiatives and projects, ensuring operational risks are understood and effectively controlled. Direct the analysis of operational risk data (including KRIs, events, issues and assurance outcomes) to produce clear, insightful reports for risk committees and senior management. Partner with stakeholders to promote a strong risk culture, embedding robust risk event reporting and sound risk management principles. Enable stakeholders to enhance their risk management practices by providing clear, practical guidance on operational risk policies, standards and the use of the GRC tool. Support the function’s technical work, including operational risk capital calculation, stress testing and scenario analysis, using internal and external data to inform these assessments. Work collaboratively with other Risk teams and assurance functions (e.g. Compliance, Internal Audit) to strengthen the integrated assurance model, minimise duplication and close coverage gaps. Skills and experience required for the role: Proven experience in Operational Risk within financial services or a similarly regulated environment, gained in either a first line controls function or a second line risk role. Strong and credible challenger to business stakeholders, with evidenced experience in promoting and embedding risk‑aware cultures. Strong communication skills, with the ability to communicate clearly and with impact when engaging internal and external stakeholders. Strong experience in applying Operational / Non‑Financial Risk frameworks, including core components such as risk taxonomies and Key Risk Indicators (KRIs). Strong experience in leading Risk and Control Self‑Assessments (RCSAs) to proactively identify vulnerabilities and map them to the firm’s risk appetite. Demonstrated experience in managing the end‑to‑end lifecycle of operational risk events, including deep‑dive root cause analysis and implementation of long‑term remediation. Experience in third‑party and change oversight, ensuring new vendors and change execution remain within risk appetite and align with applicable control requirements. Evidence of a pragmatic, commercial approach to operational risk management, enabling continuous improvement of the control environment and risk‑aware culture without overly constraining the business. Good awareness of regulatory requirements and expectations in relation to operational risk management, third‑party risk management and operational resilience (e.g. SS1/21, SS2/21, Solvency II), with DORA knowledge beneficial but not essential. Relevant professional certifications such as the IRM International Certificate in Operational Risk Management (ICORM), the CISI Managing Operational Risk in Financial Institutions, or the GARP Financial Risk Manager (FRM) are highly advantageous. Proficiency in analytical tools and coding skills to develop relevant dashboards and KRIs for senior governance committees is a plus. Rothesay competencies: Technical Skills - Demonstrates strong technical skills required for the role, attention to detail, takes initiative to broaden their knowledge and demonstrates appropriate analytical skills Drive and Motivation - Be a self-starter; successfully handles multiple tasks, takes initiative to improve their own performance, works intensely towards extremely challenging goals and persists in the face of obstacles or setbacks Teamwork - Demonstrate evidence of being a strong team player, collaborates with others within and across teams, encourages other team members to participate and contribute and acknowledges others' contributions Communication Skills - Communicates what is relevant and important in a clear and concise manner and shares information/new ideas with others Judgement and Problem Solving - Thinks ahead, anticipates questions, plans for contingencies, finds alternative solutions and identifies clear objectives. Sees the big picture and effectively analyses complex issues Creativity / Innovation - Looks for new ways to improve current processes and develop creative solutions that are grounded in reality and have practical value Influencing Outcomes - Presents sound, persuasive rationale for ideas or opinions. Takes a position on issues and influences others' opinions and presents persuasive recommendations Disclaimer This position description is intended to describe the duties most frequently performed by an individual in this position. It is not intended to be a complete list of assigned duties, but to describe a position level. The role shall be performed within a professional office environment. Rothesay has health and safety polices that are available for all workers upon request. There are no specific health risks associated with the role. Inclusion Rothesay actively promotes diversity and inclusivity. We know that our success depends on our people and that by nurturing a culture that values difference, we create a stronger, more dynamic business. We welcome applications from all qualified candidates, regardless of race, colour, religion, gender, gender identity or expression, sexual orientation, national origin, genetics, disability or age.