About the position
Responsibilities
• Monitor and analyze cyber control performance metrics and key risk indicators (KRIs) to identify trends, emerging risks, and opportunities for control uplift.
• Develop and maintain reporting artefacts (e.g. dashboards, briefings, governance packs) that clearly communicate security posture and risk insights to a range of stakeholders, including senior management and governance forums.
• Translate complex control and risk data into actionable insights, enabling stakeholders to make informed trade-offs aligned with QBE's risk appetite and strategic priorities.
• Collaborate with control owners, delivery teams, and second-line functions to improve the quality, clarity, and consistency of control performance data and reporting inputs.
• Support the integration of control telemetry and other evidence-based measures into reporting processes, with a focus on control immutability and automation where feasible.
• Contribute to the continuous improvement of governance and reporting frameworks, ensuring alignment with QBE's cyber strategy, regulatory obligations, and business needs.
• Participate in targeted, risk-informed assurance activities that validate control effectiveness in high-priority areas, complementing formal audits and RCSA processes.
• Act as a feedback channel to Strategy & Architecture and other stakeholders, highlighting implementation challenges or systemic issues surfaced through metrics or reporting.
• Engage stakeholders to support a culture of risk transparency and accountability, encouraging proactive issue identification and evidence-based dialogue.
• Support audit and regulatory engagement by ensuring reporting artefacts and supporting evidence are accurate, consistent, and audit-ready.
Requirements
• Experience in cyber security governance and assurance.
• Strong analytical skills with the ability to interpret complex data.
• Excellent communication skills to convey technical information to non-technical stakeholders.
• Proficiency in developing reporting artefacts such as dashboards and governance packs.
• Ability to collaborate effectively with various teams and stakeholders.
Nice-to-haves
• Experience with risk management frameworks and methodologies.
• Familiarity with regulatory requirements related to cyber security.
• Knowledge of control performance metrics and key risk indicators (KRIs).
Benefits
• Hybrid Working - a mix of working from home and in the office.
• 22 weeks of paid leave for family growth, with 12 weeks available to all parents on a gender-equal basis.
• Competitive 401(k) program with company match up to 8%.
• Well-being program including holistic wellbeing coaching, gym membership, confidential counselling, financial and legal advice.
• Tuition Reimbursement for professional certifications, and continuing education.
• Employee Network and Community - QBE actively supports six Employee Networks, and many ways to give back to your community.
Apply Now
Apply Now