JOB SUMMARY

Executes on Cybersecurity governance risk and compliance activities with a primary focus on BIA (Business Impact Analysis) DR (Disaster Recovery) process management and BCM (Business Continuity Management).

Executes independently and with minimal supervision to complete assignments and efforts related to BIA and DR process management . Has a foundational understanding of supporting BIA DR and information compliance activities that may include:

Identify risk mitigation and recovery strategies based on criticality

Identify recovery priorities for sequencing recovery and resources

Prepare for events that could disrupt D&T services SLAs (Service Level Agreements) or key performance measures

Respond appropriately to events that have impacted D&T services and operations

Recover D&T operations and services to clients following disruptive events

Prevent issue impacts and be proactive in mitigation of DR risks

Provide procedures metrics and training for DR activities

Provide initial response assessment triage and stabilization of situations until such time as the threat/impact ends transition from response to recovery is possible or control is transferred to authorities having authority

As necessary and through partnership with Corporate Communication and Legal issue crisis communication action plans that accurately communicate critical continuity information.

Document and perform clear and consistent procedures aligning with CBRE documentation standards.

Validate and verify that IT systems are restored and recovered to acceptable levels based on SLAs key performance measures (KPMs) or contractual agreements

Track record and recommend modifications changes or resolutions via Change Control (CC) management to continually improve event response and be proactive and preventative where possible

May perform in niche spaces including: data governance controls policies and standards disaster recovery vulnerability management customer reporting vendor risk assessments and control testing.

ESSENTIAL DUTIES AND RESPONSIBILITIES

Provides detailed BIA risk evaluations disaster recovery plan assessments and impact of findings disaster recovery exercise compliance validations and exception logging. The BIA is an input to DR program strategies responses and actions items and is used to determine Recovery Time Objectives (RTO) Recovery Point Objectives (RPO) and recommend DR strategies to meet those objectives.

Frequently schedules reports and executes structured DR testing exercises documents the results and escalates to leadership any findings exceeding the results acceptance criterion noncompliant to a business risk or requiring immediate attention and remediation.

Will support the DR and BCM programs and their respective outcomes in aligning with international standards and professional practices including but not limited to ISO 22301:2019 BS 25999 NFPA 1600 ISO AS/NZS 31000 AS/NZS 5050 AS 3745 and BCI/DRI s Ten Certification Standards for professional practitioners. This also includes support for SOX (Sarbanes Oxley) System and Organization Controls (SOC) 2 SAS70/SSAE1618 relevant ISO standardizations and contractual SLAs KPMs and assigned target goals.

Inputs and executes on BIA identification and quantification. Provides input for plan roadmaps and prioritization for projects and remediation activities.

Interacts and partners with process/control owners to understand BIA and DR hierarchy dependencies and process steps. Evaluates areas for continual improvement to internal standards and process execution and identifies risks that fall outside CBREs risk tolerances.

Articulates thoughts ideas and analysis into business values and may present to crossfunctional partners and business leaders.

Conducts and contributes to inscope BIA activities and activities that promote DR expansion capabilities and DR process optimization and automation. All Tier 0 and Tier 1 corporatemanaged resources infrastructure telecom and datacenters are included within the program. Hosted and thirdparty information technology (IT) systems are also included for due diligence monitoring contractual agreements and managing DR risks.

Researches to learn and stay ahead of changes in the cybersecurity and DR regulatory landscape. Provides suggestions to Lead Analysts and Management on processes procedures and other supporting documentation and solutions that promote compliance and reduce risk.

Follows risk assessment methodology; develops documentation of control standards and process.

Interprets and applies cybersecurity standards to Digital & Technologyrelated policies to ensure cybersecurity standards policies and procedures align with defined risk methodology.

Develops recommendations and remediation strategies to enable the business and maintain an acceptable level of risk control/management.

SUPERVISORY RESPONSIBILITIES

No formal supervisory responsibilities in this position. Provides informal assistance such as technical guidance and/or training to coworkers.

QUALIFICATIONS

To perform this job successfully an individual must be able to perform each essential duty satisfactorily. The requirements listed below are representative of the knowledge skill and/or ability required. Reasonable accommodations may be made to enable individuals with disabilities to perform the essential functions.

EDUCATION and EXPERIENCE

Bachelors Degree (BA/BS) or equivalent from fouryear college or university in Computer Science

Information Technology Math Statistics or other technical discipline / related degree plus a minimum of 4 years related work experience; or equivalent combination of education and experience (equivalent work experience 2 years experience for every year of higherlevel education).

At least 2 years of relevant / prior experience as a significant contributor involving BIA activities.

At least 2 years of relevant / prior experience supporting disaster recovery exercises and leading exercise tasks.

At least 2 years of project management experience.

CERTIFICATES and/or LICENSES

Certified Business Continuity Professional (CBCP) Disaster Recovery Certified Specialist (DRCS) or related BC or DR certification preferred.

ITIL Six Sigma or related certifications and Project Management certifications preferred

CISSP CISA CRISC CISM or related security certifications preferred.

COMMUNICATION SKILLS

Excellent written and verbal communication skills. Strong organizational and analytical skills. Ability to provide efficient timely reliable and courteous service to customers and internal support organizations. Ability to effectively present information.

FINANCIAL KNOWLEDGE

Requires some knowledge of financial terms and principles. Ability to calculate intermediate figures such as percentages. Conducts intermediate financial analysis.

REASONING ABILITY

Ability to comprehend analyze and interpret complex documents. Ability to solve problems involving several options in situations. Requires advanced analytical and quantitative skills.