Business Information Security Officer (BISO) works closely with the Global Workplace Solutions (GWS) line of business and the D&T GWS Executive. In this role, you will be supporting a group/team to develop a deep understanding of the business in order to have specialized cyber security risk-based discussions. This relationship will ensure a focus on the correct risk priorities, provide guidance on information security policies and controls, client RFPs & audits, and input for securing new product development. The individual will work to ensure Information Security risks are proactively managed, effectively controlled, mitigated and/or remediated with Senior Business Head support and buy-in.
* Actively supports the execution of the GCSO program and other plans developed by the Business or as applicable.
* Develops a target state security posture in-line with client and market needs; develops a plan to address gaps and lead execution.
* Interfaces with the client for RFPs, inquiries, and client security audit reviews; outlines best-practices incl. creating a "standard" information stack in order to streamline information security reviews.
* Engages with client executives as appropriate to drive confidence in CBRE's progress and vision as it pertains to information security.
* Strong working knowledge related to governance, controls, secure agile development, and effective monitoring.
* Support data owners and provide guidance related to access, usage, storage, and sharing of all data including existing and emerging data (e.g. digital, unstructured).
* Strong understanding of data privacy laws and regulations
* Strong working knowledge of Operations and Information Technology risks and control management.
* Actively engages with senior leaders to address, identify and/or escalate security concerns and emerging risks.
* Provides the business with strategic security guidance to ensure consistency in development/deployment globally.
* Identifies key risks to applications and understand business risk tolerance in order to identify solutions and provide guidance.
* Reports cyber security issues/risks to the Business as applicable with appropriate documentation and supports the response to security events.
* Provide guidance preparing for audits, support the resolution of audit findings and ensuring closure.
* Work with the Business to develop processes and procedures to ensure information security policies and standards are integrated.
* Develops and tracks Business Information Security Metrics in conjunction with GCSO Team
Awareness & Training:
* Facilitates awareness and training programs as needed based on issue/risk trends.
* Promotes awareness of current policies and standards, as well as revisions and developments; provide consistent interpretation of policy to business unit.
* Distributes information security awareness materials and publications appropriately within the business.
* Builds relationships and engage frequently with business leaders and client account teams.
* Frequently interact with, and educate, business leads and their Senior Management team on current issues and overall status of the global cyber security program.
* Help drive cyber security best practices between organizations and countries.
* Identify key business contacts to ensure adequate coverage for the business' security program.
* Maintain a positive relationship with client auditors.
* 10+ years of experience in technology and 8 + years in information security
* Must display subject matter experience in application security (security by design), vulnerability testing, identity management, and incident response, with deep experience in software engineer.
* 7+ years of risk management experience or direct participation in risk management processes, including application risk classification and application control assessments.
* Experience giving presentations and superb communication skills
* Bachelor's and/or Master's degree in Computer Science, Information Technology or related field; CISSP / CISM a plus
CBRE Group is a real estate services and investment company.