Cybersecurity Senior Analyst, Audit & Compliance

About The Role

As a CBRE Cybersecurity Sr Analyst, Audit & Compliance, you will serve as a member of the Governance, Risk, & Compliance (GRC) team within the Global Cyber Security Office (GCSO), reporting to the Cyber Security Information Security Officer (CISO). You will perform compliance and regulatory oversight, audit facilitation and coordination, and adhoc consultation. This role works closely with the Global SOX Audit (GSA) and Internal Audit (IA) teams, external auditors, the global lines of business, the Digital & Technology (D&T) Infrastructure & Operations (IO) teams, and other D&T teams.

This role will support the ongoing effectiveness of Cybersecurity controls and IT general controls across CBRE (both automated and manual), working with technology/business control owners across the CBRE organization, evaluating control design and standards in a variety of programs areas with focus and expertise in SOX and SOC, and can apply hands-on skills to coordinate and execute compliancy objectives.

• Focus on annual Sarbanes-Oxley (SOX) readiness and SOC and support for annual internal and external reviews across existing and new CBRE entities.
• Participate in facilitating audits, compliance, and regulatory activities in accordance with to SOX, SOC, and Internal Audit using knowledge of the cybersecurity regulatory environment and risk management practices.
• Work closely with corporate compliance, internal audit, enterprise risk management, regulatory risk and various technical teams in the design and implementation of audit, regulatory, and compliance practices for cybersecurity.
• Support proactive readiness activities and improvement of cybersecurity-based internal controls to support future reviews.
• Support cybersecurity risk management reporting activities, including dashboards, metrics, and executive reporting content.
• Advise GCSO Cyber Security leadership regarding confirmation and status of compliance issues, and the status of management action plans (MAPs).

• Bachelor’s degree or equivalent experience in Cybersecurity, Computer Science, Information Systems, Management Information Systems, or Business Administration or another related field.
• Significant and relevant technical experience meeting the job description may be substituted for degree requirements.
• 6+ years of experience in Cybersecurity, Information Security, Audit, Risk, and/or Compliance.
• Open to expand knowledge to other relevant entity level regulations, divisional level regulation, requirements, and framework governances such as ISO, NIST, others.
• Broad and deep experience across SOX and SOC standards with the ability to apply the standards with confidence across different organizational contexts is preferred.
• Prefer experience working with multiple individuals on internal and external delivery and communication initiatives.
• Ability to synthesize data points, problem solve, and formulate comprehensive and effective execution and compliance plans.
• Excellent data analysis skills using Microsoft Excel, SQL, or other applications.
• CISSP, CISA, CISM, or similar certifications preferred.
• 1+ years of risk management experience or direct participation in risk management processes, including application risk classification and application control assessments is preferred.
• Knowledge and familiarity using Auditboard in performing and managing audit facilitations and Service Now for Request Management and GRC Management preferred.

When you join CBRE, you become part of the global leader in commercial real estate services and investment that helps businesses and people thrive. We are dynamic problem solvers and forward-thinking professionals who create significant impact. Our collaborative culture is built on our shared values — respect, integrity, service and excellence — and we value the diverse perspectives, backgrounds and skillsets of our people.

At CBRE, you have the opportunity to chart your own course and realize your potential. We welcome all applicants.

At CBRE, we are committed to fostering a culture where everyone feels they belong. We value diverse perspectives and experiences, and we…