Reporting to the Cybersecurity Compliance Manager, the Cybersecurity Risk & Compliance Analyst provides analytical support for cybersecurity risk assessments and regulatory compliance across JLL's global operations. This role contributes to cybersecurity program initiatives, policy maintenance, and compliance monitoring while learning from senior team members and gaining exposure to business operations.
Key Responsibilities
Risk Assessment Support
- Assist in monitoring business process changes and maintaining risk assessment documentation
- Support cybersecurity risk assessments using established methodologies and templates
- Help maintain cybersecurity risk registers and update treatment plans under guidance
- Track and compile key risk indicators (KRIs) and compliance metrics for reporting
- Assist with vendor risk management activities, including questionnaire reviews
- Support evaluation of third-party security controls
Compliance & Audit Support
- Assist in audits of control effectiveness and help ensure timely completion
- Support internal audit teams with cybersecurity audit documentation
- Help coordinate regulatory examinations and external auditor requests
- Maintain audit documentation and evidence files
- Support completion of audits and compliance reviews under supervision
Policy & Standards Maintenance
- Assist in reviewing and updating cybersecurity policies, standards, and procedures
- Help maintain cybersecurity policy repositories with proper version control
- Support policy review processes and documentation updates
- Assist with cybersecurity awareness training material development
- Help coordinate policy integration activities with business units
Communication & Coordination
- Support relationship building with process owners across business functions
- Assist with compliance reporting preparation for management
- Help coordinate audit logistics and communication
- Support internal communication of policies and compliance information
Incident Response Support
- Provide analytical support for cybersecurity investigations and incident response
- Assist with post-incident compliance documentation and lessons learned
- Support business continuity planning documentation
General Analytical Support
- Support cybersecurity due diligence activities for business initiatives
- Assist with embedding cybersecurity requirements in business processes
- Help evaluate internal control effectiveness and identify improvement opportunities
- Contribute to cybersecurity program improvement initiatives
Required Experience & Education
Education
- Bachelor's degree in Computer Science, Information Systems, Cybersecurity, or Computer Engineering
- Equivalent combination of education and professional experience will be considered
Professional Experience
- 2-3 years of IT/cybersecurity experience with exposure to risk and compliance
- 2-3 years contributing to multi-site or multi-country initiatives
- Experience supporting compliance and risk management activities in IT environments
- Exposure to internal audits of IT operations, applications, or projects
- Basic experience with cybersecurity policy development or implementation
- Familiarity with cybersecurity risk assessment methodologies
Industry & Regulatory Knowledge
- Basic understanding of compliance frameworks: ISO 27001/27002, NIST Cybersecurity Framework, SOC1/SOC2
- Awareness of data privacy regulations (GDPR, CCPA, etc.)
- Exposure to regulatory examinations or external audits
- Basic understanding of business continuity principles
Technical Exposure
- Familiarity with GRC technologies and policy management platforms
- Basic knowledge of network security, cloud security, and application security concepts
- Understanding of cybersecurity maturity models
- Experience with security control documentation and testing support
Required Skills & Competencies
Communication & Collaboration
- Strong written and oral English communication skills
- Good technical writing skills for documentation
- Ability to explain technical concepts to business audiences
- Effective communication with colleagues and management
Analytical & Problem-Solving
- Strong analytical and problem-solving abilities
- Good research skills and attention to detail
- Ability to support risk assessments and document findings
- Proactive approach to identifying issues
Professional Qualities
- Quality-focused with flexibility and adaptability
- Ability to prioritize tasks effectively
- Team player with collaborative approach
- Eager to learn and develop professionally
Preferred Qualifications
Industry Experience
- Exposure to corporate environments (financial services, telecommunications, utilities)
- Real estate services industry awareness
- Multi-jurisdictional compliance exposure
Technical Knowledge
- Exposure to GRC technologies and policy management platforms (ServiceNow GRC, Archer, MetricStream)
- Knowledge of network security, cloud security, application security, and penetration testing concepts
- Understanding of threat intelligence and its application to risk assessments
- Familiarity with cybersecurity metrics and reporting
- Familiarity with cybersecurity maturity models (C2M2, NIST CSF, etc.)
- Experience with security control testing and validation techniques
Professional Development
- Working toward relevant certifications (CISA, CISM, CRISC)
- ITIL Foundation or similar process certifications
Success Metrics
- Quality and timeliness of analytical support and documentation
- Successful completion of assigned audit and compliance tasks
- Contribution to risk assessment and remediation tracking activities
- Support quality for policy maintenance and awareness initiatives
- Professional development progress and certification advancement
Why JLL
At JLL, we are collectively shaping a brighter way for our clients, ourselves, and our fellow employees. We choose to take the more inspiring, innovative, and optimistic path on our journey toward success. What sets JLL apart is our culture of collaboration, locally and across the globe, which allows us to create transformative solutions for the real estate industry.
If this job description resonates with you, we encourage you to apply, even if you don't meet all the requirements. We're interested in getting to know you and what you bring to the table!
