Job Directory Cbre Business Information Security Officer

Business Information Security Officer Cbre
Dallas, TX

CBRE Group is a real estate services and investment company.

Companies like Cbre
are looking for tech talent like you.

On Hired, employers apply to you with up-front salaries.
Sign up to start matching for free.

About Cbre

Job Description

Business Information Security Officer (BISO) works closely with the Global Workplace Solutions (GWS) line of business and the D&T GWS Executive. In this role, you will be supporting a group/team to develop a deep understanding of the business in order to have specialized cyber security risk-based discussions. This relationship will ensure a focus on the correct risk priorities, provide guidance on information security policies and controls, client RFPs & audits, and input for securing new product development. The individual will work to ensure Information Security risks are proactively managed, effectively controlled, mitigated and/or remediated with Senior Business Head support and buy-in.


* Actively supports the execution of the GCSO program and other plans developed by the Business or as applicable.
* Develops a target state security posture in-line with client and market needs; develops a plan to address gaps and lead execution.
* Interfaces with the client for RFPs, inquiries, and client security audit reviews; outlines best-practices incl. creating a "standard" information stack in order to streamline information security reviews.
* Engages with client executives as appropriate to drive confidence in CBRE's progress and vision as it pertains to information security.
* Strong working knowledge related to governance, controls, secure agile development, and effective monitoring.
* Support data owners and provide guidance related to access, usage, storage, and sharing of all data including existing and emerging data (e.g. digital, unstructured).
* Strong understanding of data privacy laws and regulations
* Strong working knowledge of Operations and Information Technology risks and control management.
* Actively engages with senior leaders to address, identify and/or escalate security concerns and emerging risks.
* Provides the business with strategic security guidance to ensure consistency in development/deployment globally.
* Identifies key risks to applications and understand business risk tolerance in order to identify solutions and provide guidance.
* Reports cyber security issues/risks to the Business as applicable with appropriate documentation and supports the response to security events.
* Provide guidance preparing for audits, support the resolution of audit findings and ensuring closure.
* Work with the Business to develop processes and procedures to ensure information security policies and standards are integrated.
* Develops and tracks Business Information Security Metrics in conjunction with GCSO Team

Awareness & Training:

* Facilitates awareness and training programs as needed based on issue/risk trends.
* Promotes awareness of current policies and standards, as well as revisions and developments; provide consistent interpretation of policy to business unit.
* Distributes information security awareness materials and publications appropriately within the business.

Relationship Management:

* Builds relationships and engage frequently with business leaders and client account teams.
* Frequently interact with, and educate, business leads and their Senior Management team on current issues and overall status of the global cyber security program.
* Help drive cyber security best practices between organizations and countries.
* Identify key business contacts to ensure adequate coverage for the business' security program.
* Maintain a positive relationship with client auditors.


* 10+ years of experience in technology and 8 + years in information security
* Must display subject matter experience in application security (security by design), vulnerability testing, identity management, and incident response, with deep experience in software engineer.
* 7+ years of risk management experience or direct participation in risk management processes, including application risk classification and application control assessments.
* Experience giving presentations and superb communication skills

Desired Skills:

* Bachelor's and/or Master's degree in Computer Science, Information Technology or related field; CISSP / CISM a plus

About Cbre

CBRE Group is a real estate services and investment company.

10001 employees

2100 mckinney avenue, floor 12h

Let your dream job find you.

Sign up to start matching with top companies. It’s fast and free.