IT Risk Analyst

Time Type: Full time
Worker Type: Employee

This role provides maternity cover for an existing IT Risk Analyst. It involves developing and conducting consistent divisional and functional risk and control assessments, performing control testing, reporting risks, and maintaining risk and control registers. The position collaborates with various teams to drive proactive risk‑management strategies and ensure compliance with IT controls.

We seek a skilled, forward‑thinking IT Risk Analyst to shape the resilience of our digital infrastructure, support insightful analysis, and drive best practices across our IT risk and control environment.

Opportunity: 12‑month fixed‑term contract in a fast‑paced setting.

As part of a collaborative Technology Risk & Governance team, you will build and maintain close relationships with business stakeholders across Divisional and Global IT teams, Enterprise Risk Management, and Business Operations to ensure our systems and processes remain resilient, secure and compliant.

• Develop and maintain a strong understanding of IT Risk principles, frameworks and practices to support proactive risk management.
• Provide guidance and practical advice to IT teams in identifying, assessing and documenting risks and controls.
• Coordinate and support the completion of IT Risk and Control Self‑Assessments, ensuring alignment with Group standards.
• Support the execution of IT Risk and Control Assurance activities, helping validate control effectiveness and identify improvement areas.
• Review and assess AI use cases to ensure they meet internal policy and standards.
• Contribute to Line 1 IT Risk reporting, delivering clear, accurate insights to support governance requirements.
• Coordinate with IT stakeholders to manage policy exceptions and risk acceptances, aligning with QBE’s risk appetite.
• Advise stakeholders on Issue and Incident Management processes and champion sound IT risk practices.

• A degree in a related field such as Information Technology, Cybersecurity, Risk Management or equivalent experience.
• Demonstrable experience in IT Risk, Technology, IT Audit or a related discipline.
• Proven ability to assess and provide assurance on IT risks and controls across multiple technology and cyber operational areas.
• Strong experience conducting risk and control assessments, ideally within a regulated or enterprise environment.
• Familiarity with IT control frameworks and standards such as COBIT, NIST, ISO 27001 or similar.
• Understanding of AI‑related risks and emerging technologies.
• Strong stakeholder engagement skills and experience working with matrixed, geographically distributed teams.
• Excellent analytical and communication skills, with the ability to translate risk concepts into clear, actionable insights.

• Communication
• Conflict Management
• Critical Thinking
• Decision Making
• Enterprise Risk Management (ERM)
• Information Technology (IT) Risk Management
• Intentional collaboration
• IT Project Lifecycle
• Managing performance
• Prioritization
• Report Writing
• Risk Management
• Stakeholder Management
• Technology Risk Management

QBE is an equal opportunity employer and is required to comply with equal employment opportunity legislation in each jurisdiction it operates.