Business Information Security Officer (BISO) works closely with the Global Workplace Solutions (GWS) line of business and the D&T GWS Executive. In this role, you will be supporting a group/team to develop a deep understanding of the business in order to have specialized cyber security risk-based discussions. This relationship will ensure a focus on the correct risk priorities, provide guidance on information security policies and controls, client RFPs & audits, and input for securing new product development. The individual will work to ensure Information Security risks are proactively managed, effectively controlled, mitigated and/or remediated with Senior Business Head support and buy-in.
Actively supports the execution of the GCSO program and other plans developed by the Business or as applicable.
Develops a target state security posture in-line with client and market needs; develops a plan to address gaps and lead execution.
Interfaces with the client for RFPs, inquiries, and client security audit reviews; outlines best-practices incl. creating a "standard" information stack in order to streamline information security reviews.
Engages with client executives as appropriate to drive confidence in CBRE's progress and vision as it pertains to information security.
Strong working knowledge related to governance, controls, secure agile development, and effective monitoring.
Support data owners and provide guidance related to access, usage, storage, and sharing of all data including existing and emerging data (e.g. digital, unstructured).
Strong understanding of data privacy laws and regulations
Strong working knowledge of Operations and Information Technology risks and control management.
Actively engages with senior leaders to address, identify and/or escalate security concerns and emerging risks.
Provides the business with strategic security guidance to ensure consistency in development/deployment globally.
Identifies key risks to applications and understand business risk tolerance in order to identify solutions and provide guidance.
Reports cyber security issues/risks to the Business as applicable with appropriate documentation and supports the response to security events.
Provide guidance preparing for audits, support the resolution of audit findings and ensuring closure.
Work with the Business to develop processes and procedures to ensure information security policies and standards are integrated.
Develops and tracks Business Information Security Metrics in conjunction with GCSO Team
Awareness & Training:
Facilitates awareness and training programs as needed based on issue/risk trends.
Promotes awareness of current policies and standards, as well as revisions and developments; provide consistent interpretation of policy to business unit.
Distributes information security awareness materials and publications appropriately within the business.
Builds relationships and engage frequently with business leaders and client account teams.
Frequently interact with, and educate, business leads and their Senior Management team on current issues and overall status of the global cyber security program.
Help drive cyber security best practices between organizations and countries.
Identify key business contacts to ensure adequate coverage for the business' security program.
Maintain a positive relationship with client auditors.
QUALIFICATIONS: Required Skills:
10+ years of experience in technology and 8 + years in information security
Must display subject matter experience in application security (security by design), vulnerability testing, identity management, and incident response, with deep experience in software engineer.
7+ years of risk management experience or direct participation in risk management processes, including application risk classification and application control assessments.
Experience giving presentations and superb communication skills
Bachelor's and/or Master's degree in Computer Science, Information Technology or related field; CISSP / CISM a plus
Internal Number: 19020677
With broader and deeper capabilities than any other company, CBRE is the leading full-service real estate services and investment organization in the world.
CBRE Group, Inc. is the world’s largest commercial real estate services and investment firm, with 2017 revenues of $14.2 billion and more than 80,000 employees (excluding affiliate offices). CBRE has been included in the Fortune 500 since 2008, ranking #214 in 2017. It also has been voted the industry’s top brand by the Lipsey Company for 17 consecutive years, and has been named one of Fortune’s “Most Admired Companies” in the real estate sector for six years in a row. Its shares trade on the New York Stock Exchange under the symbol “CBRE.”
CBRE offers a broad range of integrated services, including facilities, transaction and project management; property management; investment management; appraisal and valuation; property leasing; strategic consulting; property sales; mortgage services and development services.