Senior Cybersecurity GRC Analyst (Audit & Compliance Support)
Advisory Segment
Richardson - Texas - United States of America

Job Summary: 

This position is within the Governance, Risk & Compliance (GRC) function of CBRE’s Global Cyber Security Office and is responsible for managing audit planning, readiness assessments, and support of annual SOC 1, SOC 2, SOX, and ISO 27001 audits within the CBRE Digital & Technology (D&T) organization.


Roles and Responsibilities:         

  • Serves as a subject matter expert within the D&T organization for technology controls related to applications, databases, and underlying infrastructure
  • Reviews and confirms that D&T teams have technology controls adequately designed and operating effectively
  • Acts as a liaison between D&T teams and internal/external auditors
  • Performs audit planning, readiness assessments, and audit preparation with D&T teams
  • Manages the collection of audit evidence documentation to ensure that requests are valid for the tests being performed, assigned to the correct team, and provided timely to auditors
  • Coordinates D&T resources for audit meetings and facilitates the meeting to ensure that tasks performed by D&T personnel meet the control requirement to fulfill the audit request
  • Manages audit exceptions and deficiencies reported by auditors (verification, exploration of compensating controls, coordination of remediation and subsequent retesting)
  • Prepares executive audit status report for distribution to D&T leadership
  • Performs periodic testing of key application controls throughout the year


Supervisory Responsibilities:

  • No direct supervisory responsibilities in this position. Provides guidance to D&T staff members on audit-related topics and projects, through knowledge sharing and assistance with task assignments. Manages Leads audit support activities which include scheduling meetings with support teams and the assigning of tasks to D&T team members.


Qualifications and Education Requirements:

  • Bachelor's degree in accounting, finance or related field and 7 years of IT Audit experience, or
  • 10 years of audit and/or IT Compliance combined experience working on SOC 1, SOC 2, or SOX audits.
  • Excellent communication and presentation skills with the ability to present to executive leadership.
  • Ability to solve complex problems that arise during the audit process and communicate effectively with auditors, audit leadership, IT staff and management


Preferred Skills:

  • Certified Information Systems Auditor (CISA) is preferred (or equivalent) 


Visa sponsorship is not available for this position.