Divisional Business Information Security Officer Job ID 224657 Posted 24-Jun-2025 Service line Corporate Segment Role type Full-time Areas of Interest Digital & Technology/Information Technology Location(s) Atlanta - Georgia - United States of America, Boston - Massachusetts - United States of America, Chicago - Illinois - United States of America, Dallas - Texas - United States of America, Seattle - Washington - United States of America **About The Role:** As a CBRE Divisional Business Information Security Officer (BISO), you will join CBRE’s Global Business Information Security team and serve as a trusted advisor between cybersecurity and business operations. You will serve as a catalyst for aligning security with business goals, contributing to the overall success of CBRE. At a high level, the BISO plays a valuable and pivotal role in the following key objectives: + Execution of corporate cybersecurity strategy within the assigned division, in alignment with the business needs and regulatory environment, + Reduction of cybersecurity risk, + Facilitation of cyber risk-based decision-making, + Enablement of the business, through alignment of security products and services with business objectives. + Addressing security-related business challenges, + Promoting the security culture. **What You'll Do:** + Provide regular briefings to divisional leadership on security posture, risks, and risk reduction/mitigation efforts. + Bring ‘voice of the business’ insights to the CISO, Global BISO and the broader Global Cybersecurity Office to drive business awareness with cyber teams and partner on improvements. + Collaborate with Global BISO, Cyber Incident Response, Security Operations Center and Client Assurance teams, in response to division-specific security incidents, coordinating with broader security, technology, legal, compliance and corporate communication teams, as needed. + Drive cyber control adoption, as well as remediation of cybersecurity issues (including audit findings, regulatory compliance items, contractual compliance issues, regulatory compliance requirements) and cybersecurity control gaps through coordination of and communication of remediation plans. + Assist the CBRE Client Assurance team with division-related client requests by providing business insights and using your knowledge to connect the team with appropriate partners. + Assist with risk analysis and assessment, identifying potential security threats, and developing mitigation strategies tailored to the business risk profile and specific business needs. + Translate corporate security policies, standards and cyber-related regulatory requirements into actionable plans for the assigned division, ensuring awareness within the business and assisting to drive consistency to policies, standards and compliance requirements. + Assist with development, implementation, and evolution of cybersecurity-related processes, including but not limited to application registration, cyber risk evaluation, cybersecurity control self-assessment processes while partnering with product and technology teams to drive successful and timely execution of these processes. + Serve in a consulting/advising function to optimally identify relevant cybersecurity requirements (example – MFA, WAF, etc.) for new and existing projects/initiatives, in partnership with appropriate product teams and subject-matter experts, ultimately driving the implementation of security into the division’s products and services, balancing business needs with security requirements. + Supervise the assigned division’s cybersecurity objectives and measures and assist the division’s business and technology teams with prioritization of cybersecurity-related efforts needed to address control adoption and/or operational control deficiencies. + Educate division staff on cybersecurity standard methodologies, integration of cybersecurity controls, and importance of meeting targets for cybersecurity-related operational measures. **What You'll Need:** To perform this job successfully, an individual will need to perform each crucial duty satisfactorily. The requirements listed below are representative of the knowledge, skill, and/or ability required. Reasonable accommodations may be made to enable individuals with disabilities to perform essential functions. + Bachelor’s Degree, from an accredited four-year college or university, in Cybersecurity, Computer Science, Information Technology, Business Administration. + Prior experience serving as a BISO or ISO is preferred. + 3+ years working in technology. + 3-5 years working in one or more cyber domains (i.e. security operations, security engineering, network security, identity and access management, etc.) + 1-3 years working in or with a risk management domain (i.e. technology risk, cybersecurity risk, enterprise risk, etc.); prior experience within cybersecurity risk management is preferred. + Certifications are a plus, including ITIL, CISSP, CISM, CRISC, CISA, Cloud Security Practitioner. + Familiarity with key cybersecurity compliance standards (i.e. ISO27001, etc.), frameworks (i.e. NIST CSF, NIST 800-171, etc.) and regulations relevant to cybersecurity (i.e. DORA, GDPR, etc.). + Strong and broad understanding of cybersecurity, risk management and technology with ability to deep dive into specific technology domains, as needed. + Excellent business insight with ability to understand business operations and priorities within the division to effectively align security strategies. + Superb communication skills, with proven ability to translate and explain complex security concepts to non-technical team members, influence decision-making and articulate vision across both technical and business teams. + Must be a self-starter who takes initiative, can work independently, is eager to learn and has a passion for cybersecurity and technology. + Demonstrated ability to build and maintain strong relationships with key collaborators, including at the executive level, as well as with technical subject-matter experts. + Ability to assess and prioritize security risks based on their potential impact on the business. + Must be proficient with MS Office suite of productivity tools as well as collaboration tools. **Why CBRE** When you join CBRE, you become part of the global leader in commercial real estate services and investment that helps businesses and people thrive. We are dynamic problem solvers and forward-thinking professionals who create significant impact. Our collaborative culture is built on our shared values — respect, integrity, service and excellence — and we value the diverse perspectives, backgrounds and skillsets of our people. At CBRE, you have the opportunity to realize your full potential. **Our Values in Hiring** At CBRE, we are committed to fostering a culture where everyone feels they belong. We value diverse perspectives and experiences, and we welcome all applications. **Disclaimers** Applicants must be currently authorized to work in the United States without the need for visa sponsorship now or in the future. CBRE carefully considers multiple factors to determine compensation, including a candidate’s education, training, and experience. The minimum salary for the Divisional Business Information Security Officer position is $120,000 annually and the maximum salary for the Divisional Business Information Security Officer position is $150,000 annually. The compensation offered to a successful candidate will depend on their skills, qualifications, and experience. Successful candidates will also be eligible for a discretionary bonus based on CBRE’s applicable benefit program. This role will provide the following benefits: 401(K), Dental insurance, Health insurance, Life insurance, and Vision insurance. **Equal Employment Opportunity:** CBRE has a long-standing commitment to providing equal employment opportunity to all qualified applicants regardless of race, color, religion, national origin, sex, sexual orientation, gender identity, pregnancy, age, citizenship, marital status, disability, veteran status, political belief, or any other basis protected by applicable law. **Candidate Accommodations:** CBRE values the differences of all current and prospective employees and recognizes how every employee contributes to our company’s success. CBRE provides reasonable accommodations in job application procedures for individuals with disabilities. If you require assistance due to a disability in the application or recruitment process, please submit a request via email at recruitingaccommodations@cbre.com or via telephone at +1 866 225 3099 (U.S.) and +1 866 388 4346 (Canada). CBRE, Inc. is an Equal Opportunity and Affirmative Action Employer (Women/Minorities/Persons with Disabilities/US Veterans)