This technical individual will be a direct report to the Vice President of Governance, Risk and Compliance, and will be responsible for enhancing the risk mitigation enablement with other D&T teams by optimizing operational soundness and technical enhancement of risk, security and compliance of Cyber Security solutions. The individual will help define and implement a risk driven approach to ensure effective management of daily operational activities related to governance, risk and compliance -ensuring that adequate prevention mechanisms and response procedures exist and are operationally sound.
* Organize, manage and lead a newly formed technical risk management team developing strategies, solutions and methodologies to optimize operational soundness and elevate risk and compliance reporting from Cyber Security solutions, such as:
* Configuration Drift Program
* Privacy/Data Management - Varonis, Symantec DLP
* Identity and Access Management - Sailpoint
* Patch Management - Windows Server, LINUX
* Threat and Vulnerability - Rapid7
* Responsible for developing risk-based use-cases and playbooks, and for coordinating, facilitating and leading risk response actions.
* Produce reports and briefs to provide an accurate depiction of the current risk landscape.
* Utilize various Cyber Risk sources, to modify existing monitoring capabilities, functions, prevention mechanisms and response processes to account for the changing threat landscape
* Assess known internal vulnerabilities, exposures and prior incidents in order to recommend technical and non-technical measures risk mitigation strategies to protect the organization.
* Role has the potential for expansion of capabilities, responsibilities and promotion based on the ability to lead, execute and deliver results.
Key Knowledge and Skill Requirements
* Extensive experience as a high performer with a track record of driving innovation and business value, with defined objectives and measures for success.
* Demonstrated experience in leading global scope programs, and the challenges associated with working in a global geographically dispersed enterprise.
* Attested ability to develop effective operating model for cyber threat detection, analysis and response functions using internal and outsourced partnerships.
* Expertise in analyzing the intersection of regulatory, political and geopolitical developments with cyber security threat vectors and policymaking.
* Expert level knowledge of network and infrastructure system devices, protocols, mechanisms and management; network and host-based security hardening techniques; security monitoring, metrics, and reporting.
* Highly motivated individual with ability to self-task, develop a cohesive team, coach, mentor and delegate appropriately.
* Excellent communication skills, including verbal, written and presentation.
Additional Qualifications / Experience
* Bachelor's Degree in Computer Science, Information Technology Management, or other technical discipline
* Minimum of 5 years information security experience, at least 6 of which must be in cyber threat management or cyber security operations management.
* Understanding of large, complex geographically dispersed corporate networking
* Ability to deliver succinct and fact-based communications, both verbally and in writing
* Attention to detail and high level of consistency in written work.
* Superb communications skills (written and verbal).
* Superb interpersonal skills.
* Able to communicate clearly and concisely with both technical and non-technical colleagues at all levels
* Two or more cyber security certifications such as CISSP, CISM, CISA, SANS GIAC, ITIL.
CBRE Group is a real estate services and investment company.