At a Glance
- Tasks: Lead cyber security assessments and ensure secure designs for IT projects.
- Company: Join QBE Europe, a leader in cyber security consulting.
- Benefits: Enjoy 30 days holiday, flexible working, and a generous pension plan.
- Other info: Dynamic role with opportunities for global collaboration and career growth.
- Why this job: Make a real impact in cyber security while collaborating with diverse teams.
- Qualifications: Experience in security standards and risk management; certifications like CISSP preferred.
The predicted salary is between 70000 - 90000 £ per year.
Hybrid role, happy to talk flexible working.
Time Type: Full time
Worker Type: Employee
Location: London
Type: Permanent, full time.
The Opportunity
QBE Europe is looking for a Cyber Security Consulting Lead to join our European Cyber Security team in our London office. This role will provide Cyber Security Technology and Integration Assessment for QBE's IT Change Projects utilising a Secure Design Framework based on the NIST framework. The role will require the ability to work with Architects and Solution Design SMEs across a range of technologies to identify Cyber threats and gaps in controls and processes. The regular output across workstreams will be the production of the Secure by Design assessment, NFRs and supporting the project in identifying, remediating or raising relevant risks.
Your new role
- Lead security assurance, assessments, advisory for IT and Business projects (Cloud and On-prem) within EO and globally against the NIST 800-53 cyber security standard and compliance framework.
- Partner with the security architecture and other relevant teams to define security patterns and ensure that appropriate security controls are embedded within solutions.
- Develop non‑functional security requirements and provide directions on how they should be integrated into solution designs.
- Carry out security risk assessments and provide the appropriate mitigation to identified risks.
- Collaborate, guide and influence IT and Business stakeholders correcting non‑compliant processes.
- Assist and contribute to strategic global and regional security projects and initiatives and their deployment within EO and Global security teams.
About You
- Security and Risk Expertise: Demonstrable experience applying security and risk‑based standards, including ISO 2700X, ISO 31000, NIST 800, and PCI‑DSS. Strong understanding of how to identify security weaknesses and take accountability for driving mitigations through to a secure outcome.
- Stakeholder and Delivery Experience: Experience working across in‑house and outsourced service models, multiple time zones, and multicultural environments. Able to work independently while seeking support when needed. Financial services experience would be advantageous with awareness of APRA, PRA, FCA.
Desired Qualifications
- Certified Information Systems Security Professional (CISSP).
- Sherwood Applied Business Security Architecture (SABSA) or equivalent, highly regarded.
- Certified Cloud Security Professional (CCSP) or equivalent.
- Certified Risk and Information Systems Controls (CRISC).
- Other security certifications such as Certified Information Security Manager (CISM).
Benefits
We offer a range of benefits to support your work life. As a QBE employee you will have access to:
- 30 days holiday a year with the option to buy up to 2 additional days.
- Flexible working – part‑time, job share and compressed hours are available.
- Pension – automatically enrolled into the QBE pension plan, employer contributions 10% of your basic salary.
Skills
- Client Counseling
- Commercial Acumen
- Conflict Management
- Critical Thinking
- Customer Service
- Cybersecurity
- Cyber Security Governance
- Cyber Security Management
- Information Security
- Information Security Risk Management
- Intentional Collaboration
- Managing performance
- Problem Solving
- Quality Control (QC)
- Risk Management
Equal Employment Opportunity: QBE is an equal opportunity employer and is required to comply with equal employment opportunity legislation in each jurisdiction it operates.