The Business Information Security Office (BISO) Cyber Security Risk Analyst is a member of the Business Information Security Office within Global Cyber Security and works closely with the global lines of business, the Digital & Technology (D&T) Solutions & Delivery teams, and other D&T teams.
Roles and Responsibilities:
Interfaces with the client for RFPs, inquiries, and client security audit reviews.
Understands and communicates policies and standards for inquiries internally and externally.
Maintains client relationship by responding to client security-related inquiries and documenting actions.
Prepares for client inquiries by studying our products, services, and client service processes.
Responds to client inquiries by understanding inquiry; reviewing previous inquiries and responses; gathering and researching information; assembling and forwarding information; verifying client’s understanding of information and answer.
Manages, prepares, and dispatches client security support requests.
Records client inquiries by documenting inquiry and response in clients’ accounts.
Improves quality service by recommending improved processes and identifying new client security requirements from clients.
Updates job knowledge by participating in educational opportunities.
Accomplishes client service and organization mission by completing related results as needed.
Actively supports the execution of the GCSO program and other plans developed by the Business or as applicable.
Strong working knowledge related to cyber security governance, controls, and effective monitoring is a plus.
Awareness & Training:
Facilitates awareness and training programs as needed based on issue/risk trends.
Promotes awareness of current policies and standards, as well as revisions and developments; provide consistent interpretation of policy to business unit.
Distributes information security awareness materials and publications appropriately within the business.
Builds relationships and engage frequently with business leaders and client account teams.
Frequently interact with, and educate, business leads and their Senior Management team on current issues and overall status of the global cyber security program.
Help drive cyber security best practices between organizations and countries.
Identify key business contacts to ensure adequate coverage for the business’ security program.
Maintain a positive relationship with client auditors.
Qualifications and Education Requirements:
Previous in-depth experience in technology including information security governance, risk or compliance
Experience giving presentations and superb communication skills
Client-facing experience in sales, sales support, or service delivery
Subject matter experience in application security (security by design), vulnerability testing, identity management, and incident response with deep experience in software engineering/development.
1+ years of risk management experience or direct participation in risk management processes, including application risk classification and application control assessments.
Knowledge and familiarity in using ServiceNow for Request Management and GRC Management.
Bachelor's and/or Master’s degree in Computer Science, Information Technology or related field
CISSP or CISM (or equivalent)
We are an equal opportunities employer and do not discriminate on the grounds of gender, sexual orientation, marital or civil partner status, pregnancy or maternity, gender reassignment, race, colour, nationality, ethnic or national origin, religion or belief, disability or age.
CBRE is the world’s leading commercial real estate services firm with offices located around the globe. CBRE currently employs roughly 100,000 people worldwide, with 2,500 working in the UK.