BISO

Business Information Security Officer (BISO) works closely with the Global Workplace Solutions (GWS) line of business and the D&T GWS Executive. In this role, you will be supporting a group/team to develop a deep understanding of the business in order to have specialized cyber security risk-based discussions. This relationship will ensure a focus on the correct risk priorities, provide guidance on information security policies and controls, client RFPs & audits, and input for securing new product development. The individual will work to ensure Information Security risks are proactively managed, effectively controlled, mitigated and/or remediated with Senior Business Head support and buy-in.

Role/Responsibilities:

Actively supports the execution of the GCSO program and other plans developed by the Business or as applicable.
Develops a target state security posture in-line with client and market needs; develops a plan to address gaps and lead execution.
Interfaces with the client for RFPs, inquiries, and client security audit reviews; outlines best-practices incl. creating a “standard” information stack in order to streamline information security reviews.
Engages with client executives as appropriate to drive confidence in CBRE’s progress and vision as it pertains to information security.
Strong working knowledge related to governance, controls, secure agile development, and effective monitoring.
Support data owners and provide guidance related to access, usage, storage, and sharing of all data including existing and emerging data (e.g. digital, unstructured).
Strong understanding of data privacy laws and regulations
Strong working knowledge of Operations and Information Technology risks and control management.
Actively engages with senior leaders to address, identify and/or escalate security concerns and emerging risks.
Provides the business with strategic security guidance to ensure consistency in development/deployment globally.
Identifies key risks to applications and understand business risk tolerance in order to identify solutions and provide guidance.
Reports cyber security issues/risks to the Business as applicable with appropriate documentation and supports the response to security events.
Provide guidance preparing for audits, support the resolution of audit findings and ensuring closure.
Work with the Business to develop processes and procedures to ensure information security policies and standards are integrated.
Develops and tracks Business Information Security Metrics in conjunction with GCSO Team

Awareness & Training:

Facilitates awareness and training programs as needed based on issue/risk trends.
Promotes awareness of current policies and standards, as well as revisions and developments; provide consistent interpretation of policy to business unit.
Distributes information security awareness materials and publications appropriately within the business.

Relationship Management:

Builds relationships and engage frequently with business leaders and client account teams.
Frequently interact with, and educate, business leads and their Senior Management team on current issues and overall status of the global cyber security program.
Help drive cyber security best practices between organizations and countries.
Identify key business contacts to ensure adequate coverage for the business’ security program.
Maintain a positive relationship with client auditors.

Required Skills

10+ years of experience in technology and 8 + years in information security
Must display subject matter experience in application security (security by design), vulnerability testing, identity management, and incident response, with deep experience in software engineer.
7+ years of risk management experience or direct participation in risk management processes, including application risk classification and application control assessments.
Experience giving presentations and superb communication skills

Desired Skills

Bachelor's and/or Master’s degree in Computer Science, Information Technology or related field; CISSP / CISM a plus

Apply Now

Please complete the form to apply.

Cookie	Duration	Description
cookielawinfo-checkbox-analytics	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Analytics".
cookielawinfo-checkbox-functional	11 months	The cookie is set by GDPR cookie consent to record the user consent for the cookies in the category "Functional".
cookielawinfo-checkbox-necessary	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookies is used to store the user consent for the cookies in the category "Necessary".
cookielawinfo-checkbox-others	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Other.
cookielawinfo-checkbox-performance	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Performance".
viewed_cookie_policy	11 months	The cookie is set by the GDPR Cookie Consent plugin and is used to store whether or not user has consented to the use of cookies. It does not store any personal data.

Cookie	Duration	Description
_ga	2 years	This cookie is installed by Google Analytics. The cookie is used to calculate visitor, session, campaign data and keep track of site usage for the site's analytics report. The cookies store information anonymously and assign a randomly generated number to identify unique visitors.
_gid	1 day	This cookie is installed by Google Analytics. The cookie is used to store information of how visitors use a website and helps in creating an analytics report of how the website is doing. The data collected including the number visitors, the source where they have come from, and the pages visted in an anonymous form.
_hjFirstSeen	30 minutes	Identifies a new user’s first session. Used by Recording filters to identify new user sessions. 30 minutes duration, extended on user activity. Boolean true/false data type.
_hjHasCachedUserAttributes	session	Enables us to know whether the data set in _hjUserAttributes Local Storage item is up to date or not. Session duration. Boolean true/false data type.
_hjid	1 year	This is an old cookie that we do not set anymore, but if a user has it unexpired in their browser, we will reuse its value and migrate to _hjSessionUser_{site_id}. Set when a user first lands on a page. Persists the Hotjar User ID which is unique to that site. Ensures data from subsequent visits to the same site are attributed to the same user ID. 365 days duration. UUID data type.
_hjSessionUser_{site_id}	1 year	Set when a user first lands on a page. Persists the Hotjar User ID which is unique to that site. Hotjar does not track users across different sites. Ensures data from subsequent visits to the same site are attributed to the same user ID. 365 days duration. JSON data type.
_hjUserAttributes		Stores User Attributes sent through the Hotjar Identify API. No explicit expiration. Base64 encoded JSON data type.
_hjUserAttributesHash	2 minutes	Enables us to know when any User Attribute has changed and needs to be updated. 2 minutes duration, extended every 30 seconds. Content hash data type.
hjActiveViewportIds		Stores user active viewports IDs. Stores an expirationTimestamp that is used to validate active viewports on script initialization. JSON data type.
hjViewportId		Stores user viewport details such as size and dimensions. Session duration. UUID data type.