Senior Cybersecurity Risk & Compliance Specialist

Reporting to the Cybersecurity Compliance Manager, the Cybersecurity Risk & Compliance Specialist serves as a subject matter expert for cybersecurity risk assessments and regulatory compliance across JLL's global operations. This role supports cybersecurity program maturity initiatives, policy governance, and continuous improvement efforts while ensuring alignment with business objectives and regulatory requirements.

Key Responsibilities

Risk Management & Assessment

• Monitor changes in business processes, information systems, management and operations, and maintain ongoing risk assessments
• Perform comprehensive cybersecurity risk assessments using established methodologies (FAIR, OCTAVE, etc.)
• Develop and maintain cybersecurity risk registers and treatment plans aligned with business objectives
• Monitor and report on key risk indicators (KRIs) and compliance metrics
• Support vendor risk management programs, including security questionnaire reviews and on-site assessments
• Evaluate third parties for the presence of fundamental information security controls
  
  

Compliance & Audit Management

• Lead audits of control effectiveness and design, ensuring completion within established deadlines
• Collaborate with internal audit teams on cybersecurity-focused audit programs
• Support regulatory examinations and coordinate with external auditors and regulatory bodies
• Maintain relationships with external auditors, regulators, and cybersecurity assessment bodies
• Ensure assessments of internal control structures are supported by sufficient and documented evidence
• Anticipate and resolve obstacles to timely completion of audits and compliance reviews
  
  

Policy & Standards Governance

• Develop, review, and maintain cybersecurity policies, standards, and procedures to ensure regulatory alignment
• Establish and maintain a cybersecurity policy governance framework, including lifecycle management processes
• Conduct regular policy reviews and updates to address emerging threats and regulatory changes
• Maintain cybersecurity policy and standards repositories with proper version control and accessibility
• Create and deliver cybersecurity policy awareness training and education programs
• Coordinate with legal, HR, and business units to integrate cybersecurity policies into organizational processes
  
  

Stakeholder Management & Communication

• Build and maintain productive relationships with process owners across all business functions
• Provide direct guidance to internal control process owners and departments
• Coordinate cybersecurity compliance reporting for executive leadership and board-level communications
• Demonstrate effective interaction with all levels of management and business partners
• Ensure proactive communication regarding audit timing, logistics, and findings
• Use various internal communication methods to disseminate policies and compliance information
  
  

Incident Response & Investigation Support

• Assist with internal cybersecurity investigations and incident response activities
• Participate in post-incident compliance reviews and lessons learned processes
• Support crisis management and business continuity planning initiatives
• Conduct root cause analysis for identified security and compliance issues
  
  

Strategic & Business Support

• Support cybersecurity due diligence activities for mergers, acquisitions, and strategic partnerships
• Collaborate with cross-functional teams to embed cybersecurity requirements in business processes
• Continually evaluate efficiency and effectiveness of internal controls and identify improvement areas
• Support cybersecurity program maturity initiatives and continuous improvement efforts
  
  

Required Experience & Education

Education

• Bachelor's degree in Computer Science, Information Systems, Cybersecurity, or Computer Engineering
• Equivalent combination of education and professional experience will be considered
  
  

Professional Experience

• Minimum 4 years of IT/cybersecurity experience with focus on risk and compliance
• Minimum 4 years contributing to midsize-to-large multi-country initiatives
• Experience designing and managing compliance and risk management controls in IT operations and projects
• Experience conducting internal audits of IT operations, applications, and projects
• Experience in cybersecurity policy development, implementation, and management across enterprise environments
• Experience with cybersecurity risk quantification methodologies and control testing techniques
  
  

Industry & Regulatory Knowledge

• Strong understanding of compliance frameworks: ISO 27001/27002, NIST Cybersecurity Framework, SOC1/SOC2, CIS Controls
• Knowledge of data privacy regulations (GDPR, CCPA, etc.) and their intersection with cybersecurity controls
• Experience supporting regulatory examinations and external audits
• Understanding of business continuity and disaster recovery principles
• Familiarity with cybersecurity insurance requirements and claims processes
  
  

Technical Expertise

• Exposure to GRC technologies and policy management platforms (ServiceNow GRC, Archer, MetricStream)
• Knowledge of network security, cloud security, application security, and penetration testing concepts
• Understanding of threat intelligence and its application to risk assessments
• Familiarity with cybersecurity maturity models (C2M2, NIST CSF, etc.)
• Experience with security control testing and validation techniques
  
  

Required Skills & Competencies

Communication & Leadership

• Exceptional written and oral English communication skills
• Strong technical writing skills for policy and standards documentation
• Ability to present complex technical concepts in user-friendly language to non-technical audiences
• Credible and effective communication with clients, colleagues, and senior management
  
  

Analytical & Problem-Solving

• High-level analytical, conceptual, and problem-solving abilities
• Strong research skills and attention to detail management
• Forward-thinking approach to anticipate problems, issues, and solutions
• Ability to draw appropriate conclusions from risk assessments and articulate findings
  
  

Professional Qualities

• Quality-focused with high flexibility and adaptability
• Ability to effectively prioritize and execute tasks in high-pressure environments
• Team player with experience in collaborative, cross-functional environments
• Proactive approach to stakeholder management and issue resolution
  
  

Preferred Qualifications

Industry Experience

• Experience in corporate sectors (financial services, telecommunications, utilities)
• Real estate services industry experience
• Real estate technology environment exposure (PropTech, smart buildings, IoT)
• Multi-jurisdictional regulatory compliance experience
  
  

Advanced Technical Knowledge

• Experience with cloud security compliance (AWS, Azure, GCP)
• Knowledge of cybersecurity metrics and reporting dashboards
• Crisis management and business continuity planning involvement
  
  

Professional Certifications

• Certified Information Systems Auditor (CISA)
• Certified Information Security Manager (CISM)
• Certified in Risk and Information Systems Control (CRISC)
• ISO 27001 Lead Auditor/Implementer certification
• Information Technology Infrastructure Library (ITIL) Foundation
  
  

Success Metrics

• Successful completion of regulatory audits with minimal findings
• Timely completion of risk assessments and remediation tracking
• Stakeholder satisfaction scores for GRC guidance and support
• Reduction in cybersecurity-related compliance gaps
• Effective policy adoption and awareness metrics
• Quality and timeliness of compliance reporting and documentation
  
  

This role offers the opportunity to work with cutting-edge cybersecurity technologies and frameworks while supporting JLL's global operations and digital transformation initiatives. The successful candidate will play a critical role in strengthening JLL's cybersecurity posture and ensuring regulatory compliance across diverse markets and business functions.

Why JLL

At JLL, we are collectively shaping a brighter way for our clients, ourselves, and our fellow employees. We choose to take the more inspiring, innovative, and optimistic path on our journey toward success. What sets JLL apart is our culture of collaboration, locally and across the globe, which allows us to create transformative solutions for the real estate industry.

If this job description resonates with you, we encourage you to apply, even if you don't meet all the requirements. We're interested in getting to know you and what you bring to the table!