Senior Cybersecurity Risk & Compliance Specialist

JLL empowers you to shape a brighter way.

Our people at JLL are shaping the future of real estate for a better world by combining world class services advisory and technology for our clients. We are committed to hiring the best most talented people and empowering them to thrive grow meaningful careers and to find a place where they belong. Whether youve got deep experience in commercial real estate skilled trades or technology or youre looking to apply your relevant experience to a new industry join our team as we help shape a brighter way forward.

Senior Cybersecurity Risk & Compliance Specialist

Reporting to the Cybersecurity Compliance Manager the Cybersecurity Risk & Compliance Specialist serves as a subject matter expert for cybersecurity risk assessments and regulatory compliance across JLLs global operations. This role supports cybersecurity program maturity initiatives policy governance and continuous improvement efforts while ensuring alignment with business objectives and regulatory requirements.

Key Responsibilities

Risk Management & Assessment

Monitor changes in business processes information systems management and operations and maintain ongoing risk assessments

Perform comprehensive cybersecurity risk assessments using established methodologies (FAIR OCTAVE etc.)

Develop and maintain cybersecurity risk registers and treatment plans aligned with business objectives

Monitor and report on key risk indicators (KRIs) and compliance metrics

Support vendor risk management programs including security questionnaire reviews and on-site assessments

Evaluate third parties for the presence of fundamental information security controls

Compliance & Audit Management

Lead audits of control effectiveness and design ensuring completion within established deadlines

Collaborate with internal audit teams on cybersecurity-focused audit programs

Support regulatory examinations and coordinate with external auditors and regulatory bodies

Maintain relationships with external auditors regulators and cybersecurity assessment bodies

Ensure assessments of internal control structures are supported by sufficient and documented evidence

Anticipate and resolve obstacles to timely completion of audits and compliance reviews

Policy & Standards Governance

Develop review and maintain cybersecurity policies standards and procedures to ensure regulatory alignment

Establish and maintain a cybersecurity policy governance framework including lifecycle management processes

Conduct regular policy reviews and updates to address emerging threats and regulatory changes

Maintain cybersecurity policy and standards repositories with proper version control and accessibility

Create and deliver cybersecurity policy awareness training and education programs

Coordinate with legal HR and business units to integrate cybersecurity policies into organizational processes

Stakeholder Management & Communication

Build and maintain productive relationships with process owners across all business functions

Provide direct guidance to internal control process owners and departments

Coordinate cybersecurity compliance reporting for executive leadership and board-level communications

Demonstrate effective interaction with all levels of management and business partners

Ensure proactive communication regarding audit timing logistics and findings

Use various internal communication methods to disseminate policies and compliance information

Incident Response & Investigation Support

Assist with internal cybersecurity investigations and incident response activities Participate in post-incident compliance reviews and lessons learned processes Support crisis management and business continuity planning initiatives Conduct root cause analysis for identified security and compliance issues

Strategic & Business Support

Support cybersecurity due diligence activities for mergers acquisitions and strategic partnerships

Collaborate with cross-functional teams to embed cybersecurity requirements in business processes

Continually evaluate efficiency and effectiveness of internal controls and identify improvement areas

Support cybersecurity program maturity initiatives and continuous improvement efforts

Required Experience & Education

Education

Bachelors degree in Computer Science Information Systems Cybersecurity or Computer Engineering

Equivalent combination of education and professional experience will be considered

Professional Experience

Minimum 4 years of IT/cybersecurity experience with focus on risk and compliance

Minimum 4 years contributing to midsize-to-large multi-country initiatives

Experience designing and managing compliance and risk management controls in IT operations and projects

Experience conducting internal audits of IT operations applications and projects

Experience in cybersecurity policy development implementation and management across enterprise environments

Experience with cybersecurity risk quantification methodologies and control testing techniques

Industry & Regulatory Knowledge

Strong understanding of compliance frameworks: ISO 27001/27002 NIST Cybersecurity Framework SOC1/SOC2 CIS Controls Knowledge of data privacy regulations (GDPR CCPA etc.) and their intersection with cybersecurity controls Experience supporting regulatory examinations and external audits Understanding of business continuity and disaster recovery principles Familiarity with cybersecurity insurance requirements and claims processes

Technical Expertise

Exposure to GRC technologies and policy management platforms (ServiceNow GRC Archer MetricStream)

Knowledge of network security cloud security application security and penetration testing concepts

Understanding of threat intelligence and its application to risk assessments

Familiarity with cybersecurity maturity models (C2M2 NIST CSF etc.)

Experience with security control testing and validation techniques

Required Skills & Competencies

Communication & Leadership

Exceptional written and oral English communication skills

Strong technical writing skills for policy and standards documentation

Ability to present complex technical concepts in user-friendly language to non-technical audiences

Credible and effective communication with clients colleagues and senior management

Analytical & Problem-Solving

High-level analytical conceptual and problem-solving abilities

Strong research skills and attention to detail management

Forward-thinking approach to anticipate problems issues and solutions

Ability to draw appropriate conclusions from risk assessments and articulate findings

Professional Qualities

Quality-focused with high flexibility and adaptability

Ability to effectively prioritize and execute tasks in high-pressure environments

Team player with experience in collaborative cross-functional environments

Proactive approach to stakeholder management and issue resolution

Preferred Qualifications

Industry Experience

Experience in corporate sectors (financial services telecommunications utilities)

Real estate services industry experience

Real estate technology environment exposure (PropTech smart buildings IoT)

Multi-jurisdictional regulatory compliance experience

Advanced Technical Knowledge

Experience with cloud security compliance (AWS Azure GCP)

Knowledge of cybersecurity metrics and reporting dashboards

Crisis management and business continuity planning involvement

Professional Certifications

Certified Information Systems Auditor (CISA)

Certified Information Security Manager (CISM) Certified in Risk and Information Systems Control (CRISC)

ISO 27001 Lead Auditor/Implementer certification

Information Technology Infrastructure Library (ITIL) Foundation

Success Metrics

Successful completion of regulatory audits with minimal findings

Timely completion of risk assessments and remediation tracking

Stakeholder satisfaction scores for GRC guidance and support

Reduction in cybersecurity-related compliance gaps

Effective policy adoption and awareness metrics

Quality and timeliness of compliance reporting and documentation

This role offers the opportunity to work with cutting-edge cybersecurity technologies and frameworks while supporting JLLs global operations and digital transformation initiatives. The successful candidate will play a critical role in strengthening JLLs cybersecurity posture and ensuring regulatory compliance across diverse markets and business functions.

Why JLL

At JLL we are collectively shaping a brighter way for our clients ourselves and our fellow employees. We choose to take the more inspiring innovative and optimistic path on our journey toward success. What sets JLL apart is our culture of collaboration locally and across the globe which allows us to create transformative solutions for the real estate industry.

If this job description resonates with you we encourage you to apply even if you dont meet all the requirements. Were interested in getting to know you and what you bring to the table!

Location:

Scheduled Weekly Hours:

If this job description resonates with you we encourage you to apply even if you dont meet all of the requirements. Were interested in getting to know you and what you bring to the table!

At JLL we harness the power of artificial intelligence (AI) to efficiently accelerate meaningful connections between candidates and opportunities. Using AI capabilities we analyze your application for relevant skills experiences and qualifications to generate valuable insights about how your unique profile aligns with the specific requirements of the role yourepursuing.

JLL Privacy Notice

Jones Lang LaSalle (JLL) together with its subsidiaries and affiliates is a leading global provider of real estate and investment management services. We take our responsibility to protect the personal information provided to us seriously. Generally the personal information we collect from you are for the purposes of processing in connection with JLLs recruitment process. We endeavour to keep your personal information secure with appropriate level of security and keep for as long as we need it for legitimate business or legal reasons. We will then delete it safely and securely.

For more information about how JLL processes your personal data please view our Candidate Privacy Statement.

For additional details please see our career site pages for each country.

For candidates in the United States please see a full copy of our Equal Employment Opportunity policy here.

Jones Lang LaSalle (JLL) is an Equal Opportunity Employer and is committed to working with and providing reasonable accommodations to individuals with disabilities. If you need a reasonable accommodation because of a disability for any part of the employment process including the online application and/or overall selection process you may email us at . This email is only to request an accommodation. Please direct any other general recruiting inquiries to our Contact Us page > I want to work for JLL.