IT Risk Analyst

Time Type: Full time. Worker Type: Employee. This role is to provide maternity cover for an existing IT Risk Analyst. The role is to assist in developing and conducting consistent divisional and functional risk and control assessments, performing control testing, risk reporting, and maintaining risk and control registers.

The role involves collaborating with various teams to drive proactive risk management strategies and ensure compliance with IT controls.

We’re seeking a skilled and forward-thinking IT Risk Analyst to join our Technology team. In this role, you’ll help shape the resilience and integrity of our digital infrastructure, support the delivery of insightful analysis and drive best practices across our IT risk and control environment.

This is an exciting opportunity to work in a fast-paced setting and make a meaningful impact on how we manage and mitigate technology related risks.

Please note this is a 12 Month Fixed Term Contract.

As part of a collaborative Technology Risk & Governance team, you’ll build and maintain close relationships with business stakeholders across Divisional and Global IT teams, Enterprise Risk Management and Business Operations, to ensure our systems and processes remain resilient, secure and compliant.

• Develop and maintain a strong understanding of IT Risk principles, frameworks and practices, to support our culture of proactive risk management
• Provide guidance and practical advice to IT teams in identifying, assessing and documenting risks and controls
• Coordinate and support the completion of IT Risk and Control Self-Assessments, ensuring alignment with Group standards
• Support the execution of IT Risk and Control Assurance activities, helping to validate the effectiveness of controls and identify areas for improvement
• Review and assess AI use cases to ensure they meet internal policy and standards
• Contribute to Line 1 IT Risk reporting, delivering clear and accurate insights to support governance requirements
• Coordinate with IT stakeholders to manage policy exceptions and risk acceptances, ensuring alignment with QBE’s risk appetite
• Advise stakeholders on Issue and Incident Management processes and champion the adoption of sound IT risk practices

• A degree in a related field such as Information Technology, Cybersecurity, Risk Management or equivalent career experience
• Demonstrable experience in IT Risk, Technology, IT Audit or a related discipline
• Proven ability to assess and provide assurance on IT risks and controls, across multiple technology and cyber operational areas
• Strong experience conducting risk and control assessments, ideally within a regulated or enterprise environment
• Familiarity with IT control frameworks and standards e.g. COBIT, NIST, ISO 27001 or similar
• Understanding of AI-related risks and emerging technologies
• Strong stakeholder engagement skills and experience working with matrixed, geographically distributed teams
• Excellent analytical and communication skills, with the ability to translate risk concepts into clear, actionable insights

• Communication
• Conflict Management
• Critical Thinking
• Decision Making
• Enterprise Risk Management (ERM)
• Influencing Others (Inactive)
• Information Technology (IT) Risk Management
• Intentional collaboration
• IT Project Lifecycle
• Managing performance
• Prioritization
• Report Writing
• Risk Management
• Stakeholder Management
• Technology Risk Management

QBE is an equal opportunity employer and is required to comply with equal employment opportunity legislation in each jurisdiction it operates.

We encourage you to apply! Simply click the “apply” button to submit your CV and other relevant documents, and a member of our friendly Talent Acquisition team will be in contact to discuss your interest further if you meet the requirements of the role.

If you have a passion to contribute to QBE’s vision of enabling a more resilient future for our customers and the community, we invite you to submit your application.

We believe this is our moment – what if it was yours too?