Global Cyber Security Governance Specialist

About The Position

Requirements

• Ability to get deeply technical and apply that skill to the business environment.
• Exceptionally curious and enquiring mindset with an ability to be fast-paced and agile in meeting business needs.
• Strong communication, negotiation, and conflict management skills, with an ability to anticipate and flag potential obstacles.
• Experience with security and risk-based standards, Microsoft Excel, Power BI and ERC tools.
• Experienced in working across time zones and collaborating in a multi-location environment.

Responsibilities

• Monitor and analyze cyber control performance metrics and key risk indicators (KRIs) to identify trends, emerging risks, and opportunities for control uplift.
• Develop and maintain reporting artefacts (e.g. dashboards, briefings, governance packs) that clearly communicate security posture and risk insights to a range of stakeholders, including senior management and governance forums.
• Translate complex control and risk data into actionable insights, enabling stakeholders to make informed trade-offs aligned with QBE’s risk appetite and strategic priorities.
• Support cyber scenario modelling activities, including scenario definition, refinement, and alignment with threat intelligence and attack tree structures.
• Ensure scenarios remain accurate, defensible, and relevant to QBE’s operating environment, drawing on established methods and practices referenced in stakeholder materials and scenario modelling roadmaps. This includes coordinating scenario refresh cycles, supporting capability assessment inputs, incorporating modelling outputs into reporting, and validating narrative‑to‑model alignment.
• Collaborate with control owners, delivery teams, and second-line functions to improve the quality, clarity, and consistency of control performance data and reporting inputs.
• Support the integration of control telemetry and other evidence-based measures into reporting processes, with a focus on control immutability and automation where feasible.
• Contribute to the continuous improvement of governance and reporting frameworks, ensuring alignment with QBE’s cyber strategy, regulatory obligations, and business needs.
• Participate in targeted, risk-informed assurance activities that validate control effectiveness in high-priority areas, complementing formal audits and RCSA processes.
• Act as a feedback channel to Strategy & Architecture and other stakeholders, highlighting implementation challenges or systemic issues surfaced through metrics or reporting.
• Engage stakeholders to support a culture of risk transparency and accountability, encouraging proactive issue identification and evidence-based dialogue.
• Support audit and regulatory engagement by ensuring reporting artefacts and supporting evidence are accurate, consistent, and audit-ready.

Benefits

• Hybrid Working – a mix of working from home and in the office
• 22 weeks of paid leave for family growth, with 12 weeks available to all parents on a gender-equal basis
• Competitive 401(k) program with company match up to 8%
• Well-being program including holistic wellbeing coaching, gym membership, confidential counselling, financial and legal advice
• Tuition Reimbursement for professional certifications, and continuing education
• Employee Network and Community – QBE actively supports six Employee Networks, and many ways to give back to your community