Business Information Security Officer (BISO) works closely with the Global Workplace Solutions (GWS) line of business and the D&T GWS Executive. In this role, you will be supporting a group/team to develop a deep understanding of the business in order to have specialized cyber security risk-based discussions. This relationship will ensure a focus on the correct risk priorities, provide guidance on information security policies and controls, client RFPs & audits, and input for securing new product development. The individual will work to ensure Information Security risks are proactively managed, effectively controlled, mitigated and/or remediated with Senior Business Head support and buy-in.
- Actively supports the execution of the GCSO program and other plans developed by the Business or as applicable.
- Develops a target state security posture in-line with client and market needs; develops a plan to address gaps and lead execution.
- Interfaces with the client for RFPs, inquiries, and client security audit reviews; outlines best-practices incl. creating a standard information stack in order to streamline information security reviews.
- Engages with client executives as appropriate to drive confidence in CBRE s progress and vision as it pertains to information security.
- Strong working knowledge related to governance, controls, secure agile development, and effective monitoring.
- Support data owners and provide guidance related to access, usage, storage, and sharing of all data including existing and emerging data (e.g. digital, unstructured).
- Strong understanding of data privacy laws and regulations
- Strong working knowledge of Operations and Information Technology risks and control management.
- Actively engages with senior leaders to address, identify and/or escalate security concerns and emerging risks.
- Provides the business with strategic security guidance to ensure consistency in development/deployment globally.
- Identifies key risks to applications and understand business risk tolerance in order to identify solutions and provide guidance.
- Reports cyber security issues/risks to the Business as applicable with appropriate documentation and supports the response to security events.
- Provide guidance preparing for audits, support the resolution of audit findings and ensuring closure.
- Work with the Business to develop processes and procedures to ensure information security policies and standards are integrated.
- Develops and tracks Business Information Security Metrics in conjunction with GCSO Team
Awareness & Training:
- Facilitates awareness and training programs as needed based on issue/risk trends.
- Promotes awareness of current policies and standards, as well as revisions and developments; provide consistent interpretation of policy to business unit.
- Distributes information security awareness materials and publications appropriately within the business.
- Builds relationships and engage frequently with business leaders and client account teams.
- Frequently interact with, and educate, business leads and their Senior Management team on current issues and overall status of the global cyber security program.
- Help drive cyber security best practices between organizations and countries.
- Identify key business contacts to ensure adequate coverage for the business security program.
- Maintain a positive relationship with client auditors.
- Bachelor's degree (BA/BS) from four-year college or university and a minimum of 12 years of related experience and/or training, including 7+ years of experience at the management level.
- Must display subject matter experience in application security (security by design), vulnerability testing, identity management, and incident response, with deep experience in software engineer.
- 7+ years of risk management experience or direct participation in risk management processes, including application risk classification and application control assessments.
- Experience giving presentations and superb communication skills
Equal Opportunity and Affirmative Action Employer Women/Minorities/Persons with Disabilities/US Veterans
- General Management and C-Suite
- Alternative Investments