A Fortune 500 company, CBRE is the global leader in real estate services and leverages the industry's most powerful knowledge base to meet the commercial real estate needs of its clients worldwide. Our vision is to be the preeminent, vertically integrated, globally capable real estate service firm. Globally we employ over 70,000 employees and operate in over 60 countries.
At CBRE, you are empowered to take your career path into your own hands. Our people enjoy workplace flexibility in a global organization with tremendous scale providing corporate real estate and property services. Each day you will work in an inclusive and collaborative environment with supportive teammates and be challenged to grow and be your best every day.
The Cyber Defence & Assurance Director (CDAD) is responsible for establishing and maintaining a region wide information security management program to ensure that information assets are adequately protected. This is in coordination with Global Cyber
Defense & Assurance taking into consideration both global priorities and regional considerations.
The CDAD works with executive management to determine acceptable levels of risk for the organisation and must be highly knowledgeable about
security risks, compliance, and operations to ensure information systems are maintained in a fully functional, secure mode. The CDAD must be a thought leader, consensus builder and be able to bring disparate drivers, constraints, and personalities together.
The ability to manage multiple projects and priorities as well as communicate at an executive and technical level is key to the success of this role.
Key responsibilities and deliverables:
- Manage the enterprise's information security organisation, consisting of direct reports (located in shared services centers) and indirect reports staff development, performance management and annual performance reviews.
- Facilitate information security governance through the implementation of a hierarchical governance program, including the formation of an information security steering committee or advisory board that either leverages existing governance frameworks or new as and when required.
- Develop, maintain and publish up-to-date information security policies, standards and guidelines. Oversee the approval, training, and dissemination of security policies and practices.
- Create, communicate and implement a risk-based process for vendor risk management, including the assessment and treatment for risks that may result from partners, consultants and other service providers.
- Develop and manage information security budgets, and monitor them for variances.
- Create and manage information security and risk management awareness training programs for all employees, contractors and approved system users.
- Liaise with the enterprise architecture team to ensure alignment between the security and enterprise architectures, thus coordinating the strategic planning implicit in these architectures.