Principle Cyber Analyst, Audit & Compliance Job ID 225978 Posted 25-Jun-2025 Service line Corporate Segment Role type Full-time Areas of Interest Digital & Technology/Information Technology Location(s) Richardson - Texas - United States of America **About The Role:** This Principle Cyber Analyst, Audit & Compliance position will serve as a member of the Governance, Risk, & Compliance (GRC) team within the Global Cyber Security Office (GCSO), reporting to the Cyber Security Information Security Officer (CISO). The Principle Cyber Analyst performs compliance and regulatory oversight, audit facilitation and coordination, and adhoc consultation. This role works closely with the Global SOX Audit (GSA) and Internal Audit (IA) teams, external auditors, the global lines of business, the Digital & Technology (D&T) Infrastructure & Operations (IO) teams, and other D&T teams. This role will support the ongoing effectiveness of Cybersecurity controls and IT general controls across CBRE (both automated and manual), working with technology/business control owners across the CBRE organization, evaluating control design and standards in a variety of programs areas with focus and expertise in SOX and SOC, and can apply hands-on skills to coordinate and execute compliancy objectives. **What You'll Do:** + Focus on annual Sarbanes-Oxley (SOX) readiness and SOC and support for annual internal and external reviews across existing and new CBRE entities. + Participate in facilitating audits, compliance, and regulatory activities in accordance with to SOX, SOC, and Internal Audit using knowledge of the cybersecurity regulatory environment and risk management practices. + Work closely with corporate compliance, internal audit, enterprise risk management, regulatory risk and various technical teams in the design and implementation of audit, regulatory, and compliance practices for cybersecurity. + Support proactive readiness activities and improvement of cybersecurity-based internal controls to support future reviews + Support cybersecurity risk management reporting activities, including dashboards, metrics, and executive reporting content. + Advise GCSO Cyber Security leadership regarding confirmation and status of compliance issues, and the status of management action plans (MAPs). **What You'll Need:** To perform this job successfully, an individual will need to perform each crucial duty satisfactorily. The requirements listed below are representative of the knowledge, skill, and/or ability required. Reasonable accommodations may be made to enable individuals with disabilities to perform essential functions. + Bachelor's degree or equivalent experience in Cybersecurity, Computer Science, Information Systems, Management Information Systems, or Business Administration or another related field. + Significant and relevant technical experience meeting the job description may be substituted for degree requirements. + 6-12 years of experience in Cybersecurity, Information Security, Audit, Risk, and/or Compliance. + Open to expand knowledge to other relevant entity level regulations, divisional level regulation, requirements, and framework governances such as ISO, NIST, others. + Broad and deep experience across SOX and SOC standards with the ability to apply the standards with confidence across different organizational contexts is preferred. + Prefer experience working with multiple individuals on internal and external delivery and communication initiatives. + Ability to synthesize data points, problem solve, and formulate comprehensive and effective execution and compliance plans. + Excellent data analysis skills using Microsoft Excel, SQL, or other applications. + CISSP, CISA, CISM, or similar certifications preferred + 1+ years of risk management experience or direct participation in risk management processes, including application risk classification and application control assessments is preferred. + Knowledge and familiarity using Auditboard in performing and managing audit facilitations and ServiceNow for Request Management and GRC Management preferred. **Why CBRE** When you join CBRE, you become part of the global leader in commercial real estate services and investment that helps businesses and people thrive. We are dynamic problem solvers and forward-thinking professionals who create significant impact. Our collaborative culture is built on our shared values — respect, integrity, service and excellence — and we value the diverse perspectives, backgrounds and skillsets of our people. At CBRE, you have the opportunity to realize your full potential. **Our Values in Hiring** At CBRE, we are committed to fostering a culture where everyone feels they belong. We value diverse perspectives and experiences, and we welcome all applications. Applicants must be currently authorized to work in the United States without the need for visa sponsorship now or in the future **Equal Employment Opportunity:** CBRE has a long-standing commitment to providing equal employment opportunity to all qualified applicants regardless of race, color, religion, national origin, sex, sexual orientation, gender identity, pregnancy, age, citizenship, marital status, disability, veteran status, political belief, or any other basis protected by applicable law. **Candidate Accommodations:** CBRE values the differences of all current and prospective employees and recognizes how every employee contributes to our company’s success. CBRE provides reasonable accommodations in job application procedures for individuals with disabilities. If you require assistance due to a disability in the application or recruitment process, please submit a request via email at recruitingaccommodations@cbre.com or via telephone at +1 866 225 3099 (U.S.) and +1 866 388 4346 (Canada). CBRE, Inc. is an Equal Opportunity and Affirmative Action Employer (Women/Minorities/Persons with Disabilities/US Veterans)