This role is responsible for the governance and execution of Third-Party Supplier Management, ensuring effective end-to-end process is in place to appropriately manage cyber and resiliency risk for identified suppliers globally. To ensure teams effectively execute against globally consistent processes, this role may also drive effective governance related to the various global processes and services, including Secure by Design, Secure in Run, Firewall Revalidation and User and Domain exceptions management.
Strategic leadership role that manages a team and is an advisor to all technical and business functions across the division and globally on all risk related activities. Manage key relationships with divisional and global stakeholders regarding identified security risks related to policies, standards and audit requirements, and ensures new requirements are incorporated into existing standards.
The Opportunity: As a direct report to the Global Head of Cyber Service Operations & Governance, this role is responsible for supporting the establishment and management of a team of cyber service operations and governance specialists to enable improved service delivery to divisional CIO teams and business stakeholders.
This role is responsible for the governance and execution of Third-Party Supplier Management, ensuring effective end-to-end process is in place to appropriately manage cyber and resiliency risk for identified suppliers globally. You will ensure teams effectively execute against globally consistent processes, this role may also drive effective governance related to the various global processes and services, including Secure by Design, Secure in Run, Firewall Revalidation and User and Domain exceptions management.
This is a strategic leadership role that manages a team and is an advisor to all technical and business functions across the division and globally on all risk related activities. You will manage key relationships with divisional and global stakeholders regarding identified security risks related to policies, standards and audit requirements, and ensures new requirements are incorporated into existing standards.
• Location: Sun Prairie, Wisconsin, USA
• Work Arrangement: This role is a hybrid role, with the expectation of 2-3 days/week our Sun Prairie the office.
• The starting salary range for this role is between $148,000-$222,000 annually
Your New Role:
Align with QBE Operating Principles with a focus on global alignment, challenging thinking to consistently deliver and drive outcomes towards our purpose, vision, strategy and culture.Elevate business partnering capabilities by reducing the burden of service delivery from the DISO teams.Centralized ownership of uplift and maintenance of Global Cyber Security service catalogue.Enable consistent, efficient and improved cyber service delivery to Technology Services teams and business stakeholders through consolidation or governance of services that: are repeatable; must be consistently delivered across the globe; require global decision making/deeper expertise; can be grouped together with other similar specialized services across the globe.Assist in designing new global operational services to ensure clarity of delivery model across people, process and technologies; own and maintain agreed global services with continuous improvement plans in place.Take ownership of relevant capabilities and team members (including GSSC) to support potential opportunities for service consolidation.Governance and execution of Third-Party Supplier Management, ensuring effective end-to-end process is in place to appropriately manage cyber and resiliency risk for identified suppliers globallyPerform Risk and Control Self Assessments for relevant Cyber Security Controls and/or assist in peer reviews/QA.Execute and coordinate with ERM on reviews and any issues from the Risk and Control Self Assessments (RCSA) or Independent Control Assurance (ICA) activitiesAct with integrity and transparency in threat and risk identification and problem solving.Role model the creation, innovation and negotiation of solutions and risk mitigation strategies; driving fast paced and agile behaviors.Take personal accountability for seeking out and identifying compliance and security weaknesses; self-identify associated risks and provide strategic oversight to drive mitigation and remediation efforts to closure.Drive Cyber engagement across QBE to ensure issues are identified, self-reported and notified to key stakeholders.Track risk remediation benefits to demonstrate impact and mitigation success.Partner with Group and Divisional Legal and Procurement to ensure contractual agreements have mandatory security and data protection requirements.Attend relevant meetings with key stakeholders to ensure collaboration and transparency.Required Qualifications/Experience
Required Qualifications include:
Education: Bachelor’s Degree or equivalent combination of education and work experience
Experience: 10+ years relevant experience
Necessary Work Experience includes:
Significant relevant experience.Preferred Work Experience includes:
Strong demonstrable experience with security and risk-based standards.Experienced in helping a business, its partners, and customers to become more innovative and fast-paced, delivering improved business agility.Experienced in leading and working across multiple in-house and outsourced service models, time zones, and collaborating in a multicultural environment.Preferred Qualifications include;
Experience
Strong demonstrable experience with security and risk-based standards such as ISO2700X, ISO31000, HIPAA, NIST800 and PCI-DSS and other relevant security risk standards and technologies.Experienced in helping a business, its’ partners and customers to become more innovative and fast paced delivering improved business agilityExperienced in leading in and working across multiple in house and outsourced service models, time zones and collaborating in a multi-cultural environment.Licenses/Certifications
Certified Risk and Information Systems Controls (CRISC)Certified Information Systems Auditor (CISA)Certified Information Security Manager (CISM)Preferred Qualifications/Knowledge
Ability to work in a matrixed global team working closely and collaboratively with members of the GCSLT to ensure service excellence is part of how we operate, while balancing divisional needs with global requirements. 10+ years’ experience across relevant areas of Cyber Security, Technology, Compliance and Risk Management practices. Large corporate / global experience preferred, preferably in financial services. Proven track record leading and/or leveraging a diverse set of specialists across multiple Cyber Security disciplines. Track record of building new teams and service models with clarity of ways of working across people, process and technology. Understanding of relevant service delivery frameworks (e.g. ITIL), continuous improvement methods (e.g. Lean Six Sigma) and service excellence concepts (e.g. user centred design), highly regarded. Strong people management skills and ability to lead teams through change and continuous improvement initiatives, while actively contributing to strategic decisions and delivery. Track record of leading through influence rather than accountability as part of global function. Skilful negotiator and problem solver able to identity and propose solutions to key stakeholders and business partners. Experience in building global alignment of technology, people and process capabilities preferred. Solution orientatedCoaching mentalityProblem solving mindset with tenacity to see solutions through to deliveryStrong decision-making ability when faced with complex and business critical threatsExcellent communication, negotiation and conflict management skills, with an ability to anticipate and pre-empt potential obstacles, strong listening skillsGood ability to write and articulate, summarize, and present complex problems and messages in a succinct and comprehensible mannerDemonstrable ability to lead and coach a team and build to talent knowledgeInsightful and expert ability to consider where and how people or technology could be exploitedExceptional ability to get deeply technical and apply that skill to the businessStrong knowledge and understanding of business and technical cyber security and risk management concepts and methods, including policy concepts, risk assessment procedures, and role-based authentication and authorization methodologies and technologiesPreferred Work Experience
Strong demonstrable experience with security and risk-based standards.Experienced in helping a business, its partners, and customers to become more innovative and fast-paced, delivering improved business agility.Experienced in leading and working across multiple in-house and outsourced service models, time zones, and collaborating in a multicultural environmentCompensation Package: The salary range for this role is provided above. This is the national range for location(s) listed. The salary offer will be decided based on the role's complexity, its location, and the candidate’s professional background, including their education and experience. Beyond the base salary, regular full-time and part-time employees will also be eligible for QBE’s annual discretionary bonus plan based on business and individual performance. We encourage all candidates to apply, even if their salary expectations fall outside of this range, as we are committed to finding the right fit for our team.
QBE Benefits: We offer a range of benefits to help provide holistic support for your work life, whatever your circumstances. As a QBE employee you will have access to:
Hybrid Working – a mix of working from home and in the office22 weeks of paid leave for family growth, with 12 weeks available to all parents on a gender-equal basisCompetitive 401(k) program with company match up to 8%Well-being program including holistic wellbeing coaching, gym membership, confidential counselling, financial and legal adviceTuition Reimbursement for professional certifications, and continuing educationEmployee Network and Community – QBE actively supports six Employee Networks, and many ways to give back to your communityTo learn more, click here: Benefits | QBE US.
Why QBE? What if you could have a positive impact – at work and in the world?
At QBE, we’re enabling a more resilient future – for our customers, communities, environment, and for our people. We’re building momentum to achieve something significant and know our people are at the center of our success.
Our industry offers interesting and varied careers where you can help people to protect what matters most. As part of the QBE team, you’ll get to spend every day working with people who are passionate, talented and kind. And our international scale means we’re big enough for your ambitions, yet small enough for you to make a real impact.
Join us now, so you can be part of our success – and we can be part of yours!
https://www.linkedin.com/company/qbe-north-america/
Commitment to Diversity
QBE is committed to providing reasonable accommodation to, among others, individuals with disabilities and disabled veterans. If you need an accommodation because of a disability to search and apply for a career opportunity with QBE, please inform our Talent Acquisition team to let us know the nature of your accommodation request and your contact information.
Equal Employment Opportunity:
QBE provides equal employment opportunities to applicants and employees without regard to race; color; gender; gender identity; sexual orientation; religious practices and observances; national origin; pregnancy, childbirth, or related medical conditions; protected veteran status; or disability or any other legally protected status.
Supplementary information
Skills:
Client Counseling, Coaching, Coaching for success, Conflict Management, Critical Thinking, Customer Service, Cybersecurity, Cyber Security Management, Decision Making, Influencing, Intentional collaboration, Managing performance, Navigating ambiguity, Regulatory Compliance, Risk ManagementApplication Close Date: 13/08/2025 11:59 PMHow to Apply:
To submit your application, click "Apply" and follow the step by step process.
Equal Employment Opportunity:
QBE is an equal opportunity employer and is required to comply with equal employment opportunity legislation in each jurisdiction it operates.