Head of Cyber Security Governance & Insights

Primary DetailsTime Type: Full time

Worker Type: Employee

The Security Governance & Assurance Specialist supports QBE’s cyber security objectives by providing clear, data-driven insights into the performance of key controls and the organisation’s overall security posture. The role is responsible for tracking and analysing control metrics, surfacing risk signals, and contributing to reporting for governance forums, senior stakeholders, and regulatory engagements.

Working as part of the Group Cyber Security function, the role acts as a central point for integrating control performance data into meaningful narratives that support decision-making and risk prioritisation. As the function continues to mature, the role will also support targeted, evidence-based assurance activities that complement formal risk and control assessments, and strengthen overall confidence in the design and effectiveness of QBE’s cyber controls.

Primary Responsibilities – Security Governance & Assurance Specialist

• Monitor and analyse cyber control performance metrics and key risk indicators (KRIs) to identify trends, emerging risks, and opportunities for control uplift.

• Develop and maintain reporting artefacts (e.g. dashboards, briefings, governance packs) that clearly communicate security posture and risk insights to a range of stakeholders, including senior management and governance forums.

• Translate complex control and risk data into actionable insights, enabling stakeholders to make informed trade-offs aligned with QBE’s risk appetite and strategic priorities.

• Collaborate with control owners, delivery teams, and second-line functions to improve the quality, clarity, and consistency of control performance data and reporting inputs.

• Support the integration of control telemetry and other evidence-based measures into reporting processes, with a focus on control immutability and automation where feasible.

• Contribute to the continuous improvement of governance and reporting frameworks, ensuring alignment with QBE’s cyber strategy, regulatory obligations, and business needs.

• Participate in targeted, risk-informed assurance activities that validate control effectiveness in high-priority areas, complementing formal audits and RCSA processes.

• Act as a feedback channel to Strategy & Architecture and other stakeholders, highlighting implementation challenges or systemic issues surfaced through metrics or reporting.

• Engage stakeholders to support a culture of risk transparency and accountability, encouraging proactive issue identification and evidence-based dialogue.

• Support audit and regulatory engagement by ensuring reporting artefacts and supporting evidence are accurate, consistent, and audit-ready.

Skills:

Application Security, Coaching for success, Communication, Critical Thinking, Detail-Oriented, Influencing, Information Technology Applications, Intentional collaboration, Managing performance, Navigating ambiguity, Risk Management, Software Development, Stakeholder Management, Strategic Planning, Team Management

How to Apply:

To submit your application, click "Apply" and follow the step by step process.

Equal Employment Opportunity:

QBE is an equal opportunity employer and is required to comply with equal employment opportunity legislation in each jurisdiction it operates.