Tab icon


Business Information Security Officer (BISO) works closely with the Global Workplace Solutions (GWS) line of business and the D&T GWS Executive. In this role, you will be supporting a group/team to develop a deep understanding of the business in order to have specialized cyber security risk-based discussions. This relationship will ensure a focus on the correct risk priorities, provide guidance on information security policies and controls, client RFPs & audits, and input for securing new product development.  The individual will work to ensure Information Security risks are proactively managed, effectively controlled, mitigated and/or remediated with Senior Business Head support and buy-in.


  • Actively supports the execution of the GCSO program and other plans developed by the Business or as applicable.
  • Develops a target state security posture in-line with client and market needs; develops a plan to address gaps and lead execution. 
  • Interfaces with the client for RFPs, inquiries, and client security audit reviews; outlines best-practices incl. creating a “standard” information stack in order to streamline information security reviews.
  • Engages with client executives as appropriate to drive confidence in CBRE’s progress and vision as it pertains to information security.
  • Strong working knowledge related to governance, controls, secure agile development, and effective monitoring.
  • Support data owners and provide guidance related to access, usage, storage, and sharing of all data including existing and emerging data (e.g. digital, unstructured).
  • Strong understanding of data privacy laws and regulations
  • Strong working knowledge of Operations and Information Technology risks and control management.
  • Actively engages with senior leaders to address, identify and/or escalate security concerns and emerging risks.
  • Provides the business with strategic security guidance to ensure consistency in development/deployment globally.
  • Identifies key risks to applications and understand business risk tolerance in order to identify solutions and provide guidance.
  • Reports cyber security issues/risks to the Business as applicable with appropriate documentation and supports the response to security events.
  • Provide guidance preparing for audits, support the resolution of audit findings and ensuring closure.
  • Work with the Business to develop processes and procedures to ensure information security policies and standards are integrated.
  • Develops and tracks Business Information Security Metrics in conjunction with GCSO Team

Awareness & Training:

  • Facilitates awareness and training programs as needed based on issue/risk trends.
  • Promotes awareness of current policies and standards, as well as revisions and developments; provide consistent interpretation of policy to business unit.
  • Distributes information security awareness materials and publications appropriately within the business.

Relationship Management:

  • Builds relationships and engage frequently with business leaders and client account teams.
  • Frequently interact with, and educate, business leads and their Senior Management team on current issues and overall status of the global cyber security program.
  • Help drive cyber security best practices between organizations and countries.
  • Identify key business contacts to ensure adequate coverage for the business’ security program.
  • Maintain a positive relationship with client auditors.

Required Skills


  • 10+ years of experience in technology and 8 + years in information security
  • Must display subject matter experience in application security (security by design), vulnerability testing, identity management, and incident response, with deep experience in software engineer.
  • 7+ years of risk management experience or direct participation in risk management processes, including application risk classification and application control assessments.
  • Experience giving presentations and superb communication skills

Desired Skills


  • Bachelor's and/or Master’s degree in Computer Science, Information Technology or related field; CISSP / CISM a plus
Tab icon

Apply Now

Please complete the form to apply.

Job Application Form
Upload CV
Maximum upload size: 3MB