Position Summary This technical individual will be a direct report to the Vice President of Governance, Risk and Compliance, and will be responsible for enhancing the risk mitigation enablement with other D&T teams by optimizing operational soundness and technical enhancement of risk, security and compliance of Cyber Security solutions. The individual will help define and implement a risk driven approach to ensure effective management of daily operational activities related to governance, risk and compliance -ensuring that adequate prevention mechanisms and response procedures exist and are operationally sound.
Organize, manage and lead a newly formed technical risk management team developing strategies, solutions and methodologies to optimize operational soundness and elevate risk and compliance reporting from Cyber Security solutions, such as:
Configuration Drift Program
Privacy/Data Management – Varonis, Symantec DLP
Identity and Access Management - Sailpoint
Patch Management – Windows Server, LINUX
Threat and Vulnerability – Rapid7
Responsible for developing risk-based use-cases and playbooks, and for coordinating, facilitating and leading risk response actions.
Produce reports and briefs to provide an accurate depiction of the current risk landscape.
Utilize various Cyber Risk sources, to modify existing monitoring capabilities, functions, prevention mechanisms and response processes to account for the changing threat landscape
Assess known internal vulnerabilities, exposures and prior incidents in order to recommend technical and non-technical measures risk mitigation strategies to protect the organization.
Role has the potential for expansion of capabilities, responsibilities and promotion based on the ability to lead, execute and deliver results.
QUALIFICATIONS Key Knowledge and Skill Requirements
Extensive experience as a high performer with a track record of driving innovation and business value, with defined objectives and measures for success.
Demonstrated experience in leading global scope programs, and the challenges associated with working in a global geographically dispersed enterprise.
Attested ability to develop effective operating model for cyber threat detection, analysis and response functions using internal and outsourced partnerships.
Expertise in analyzing the intersection of regulatory, political and geopolitical developments with cyber security threat vectors and policymaking.
Expert level knowledge of network and infrastructure system devices, protocols, mechanisms and management; network and host-based security hardening techniques; security monitoring, metrics, and reporting.
Highly motivated individual with ability to self-task, develop a cohesive team, coach, mentor and delegate appropriately.
Excellent communication skills, including verbal, written and presentation.
Additional Qualifications / Experience
Bachelor's Degree in Computer Science, Information Technology Management, or other technical discipline
Minimum of 5 years information security experience, at least 6 of which must be in cyber threat management or cyber security operations management.
Understanding of large, complex geographically dispersed corporate networking
Ability to deliver succinct and fact-based communications, both verbally and in writing
Attention to detail and high level of consistency in written work.
Superb communications skills (written and verbal).
Superb interpersonal skills.
Able to communicate clearly and concisely with both technical and non-technical colleagues at all levels
Two or more cyber security certifications such as CISSP, CISM, CISA, SANS GIAC, ITIL.
Internal Number: 19007194
With broader and deeper capabilities than any other company, CBRE is the leading full-service real estate services and investment organization in the world.
CBRE Group, Inc. is the world’s largest commercial real estate services and investment firm, with 2017 revenues of $14.2 billion and more than 80,000 employees (excluding affiliate offices). CBRE has been included in the Fortune 500 since 2008, ranking #214 in 2017. It also has been voted the industry’s top brand by the Lipsey Company for 17 consecutive years, and has been named one of Fortune’s “Most Admired Companies” in the real estate sector for six years in a row. Its shares trade on the New York Stock Exchange under the symbol “CBRE.”
CBRE offers a broad range of integrated services, including facilities, transaction and project management; property management; investment management; appraisal and valuation; property leasing; strategic consulting; property sales; mortgage services and development services.