Cybersecurity Risk & Compliance Analyst (TPRM) -2 (India)

JLL supports the Whole You, personally and professionally.

Our people at JLL are shaping the future of real estate for a better world by combining world class services, advisory and technology to our clients. We are committed to hiring the best, most talented people in our industry; and we support them through professional growth, flexibility, and personalized benefits to manage life in and outside of work. Whether you’ve got deep experience in commercial real estate, skilled trades, and technology, or you’re looking to apply your relevant experience to a new industry, we empower you to shape a brighter way forward so you can thrive professionally and personally.

Reporting directly to the Cybersecurity Third Party Risk Management, Senior Director, the role of Cybersecurity Risk & Compliance Analyst, TPRM will be involved with the planning, execution, and reporting of cybersecurity third-party due diligence for the company and work directly with the Senior Information Security Consultants within the team. The role will work closely with the Technology functional teams and internal business lines in the day-to-day operational delivery of Cybersecurity Third Party Risk Management program.

Teaming with the Cyber TPRM team, the Cybersecurity Risk & Compliance Analyst, TPRM will: Perform security risk assessments of potential new vendors and / or where vendor services have changed.

Monitor changes in business processes, information systems, management and operations, and accordingly maintain an assessment to risk.

Build and maintain productive relationships with process owners.

Through effective leadership, ensure audits of control effectiveness and design and other projects are completed in an efficient manner, and within established deadlines.

Through the effective review of department work, ensure that the assessments of internal control structure related to processes audited are supported through sufficient and adequately documented evidence.

Assist with internal investigations.

Promote good practice of Information Security Third Party Risk Management to staff and associated contractors.

Provide direct and specific guidance to the department internal control process owners’ as appropriate for each process owner of the department and the work being performed.

Responsibilities Maintain awareness of current compliance, audit professional standards and any associated legislation changes, and apply where appropriate to the internal IT controls and audit function.

Maintain awareness of current issues and significant changes within the business environment and business processes.

Periodically determine the need for revisions to control processes and work with senior information consultants to enhance.

Demonstrate effective interaction with all levels of management and Third party suppliers.

Review specific control risk assessments to ensure efficiency and effectiveness in addressing key risks associated with the respective auditable entity or entities.

Review vendor risk questionnaire submissions to identify key risks associated with the respective vendor /service and work with stakeholders to mitigate and advise.

Ensure that appropriate communication has been made in advance with Third party IT and internal process & service owners regarding the timing and logistics of each audit and review.

Through an understanding of internal controls, standards and applicable policies, procedures, and country regulations, review evidence to ensure the assessment of the effectiveness and efficiency of internal controls is adequate and sufficiently supported and documented, and the departmental and professional standards are adequately upheld.

Ensure issues and exceptions are fully identified and properly defined, and recommendations are adequately formulated to address the root cause of identified issues in a beneficial manner.

Ensure issues and recommendations are adequately and effectively communicated to owners on a proactive basis during the course of each audit or review.

Review final process owners’ responses for adequacy and completeness.

Ensure appropriate and timely follow-up audit work is performed to properly update the status of outstanding reported issues, and adequate communication is provided to management on a proactive basis.

Use the firm’s various methods of internal communication to direct colleagues and the wider organization to current, new policies and essential compliance information.

Experience & Education Experience in evaluating third parties for the presence of fundamental information security controls.

College diploma or university degree in the field of computer science, information systems, or computer engineering

Exposure to any GRC technologies to perform risk management.

Good understanding of compliance standards/framework like ISO 27001/27002, NIST, SOC1, SSAE16/SOC2, CIS.

Knowledge of technical domains such as network security , cloud security , application security and penetration test concepts.

Experience in conducting risk assessments and applying concept of inherent and residual risk in order to draw appropriate conclusion and articulate the same to non-technical audiences.

Minimum of 4 years IT experience; or equivalent combination of education and experience

Minimum of 4 years' experience of contributing to the success of a range of midsize-to-large multi-country initiatives.

Experience in designing and managing compliance and risk management controls and processes in day to day IT operations and projects.

Experience in undertaking and reporting on internal audits of IT operations, applications and projects.

Experience working in the corporate sectors (financial services, telecommunications or utilities)

Experience working in real estate services industry

Technical Skills & Competencies High level of written and oral English communication skills.

High level of analytical, conceptual, and problem-solving abilities.

Affable, credible and can communicate effectively with clients and colleagues.

Good research skills and the ability to manage details

Ability to present ideas in user-friendly language.

Ability to effectively prioritize and execute tasks in a high-pressure environment.

Team player with experience working in a team-oriented, collaborative environment

Quality focused and highly flexible

Thinks ahead and anticipate problems, issues and solutions

Certified Information Systems Auditor (CISA)

Information Technology Infrastructure Library (ITIL) Foundation

Why JLL At JLL, we are collectively shaping a brighter way — for our clients, ourselves, and our fellow employees. We choose to take the more inspiring, innovative, and optimistic path on our journey toward success. What sets JLL apart is our culture of collaboration, locally and across the globe, which allows us to create transformative solutions for the real estate industry. If this job description resonates with you, we encourage you to apply, even if you don’t meet all the requirements. We’re interested in getting to know you and what you bring to the table! If this job description resonates with you, we encourage you to apply even if you don’t meet all of the requirements below. We’re interested in getting to know you and what you bring to the table!

Personalized benefits that support personal well-being and growth:

JLL recognizes the impact that the workplace can have on your wellness, so we offer a supportive culture and comprehensive benefits package that prioritizes mental, physical and emotional health.

About JLL –

We’re JLL—a leading skilled services and investment management firm specializing in real estate. We have operations in over 80 countries and a workforce of over 102,000 individuals around the world who help real estate owners, occupiers and investors achieve their business ambitions. As a global Fortune 500 company, we also have an inherent responsibility to drive sustainability and corporate social responsibility. That’s why we’re committed to our purpose to shape the future of real estate for a better world. We’re using the most advanced technology to create rewarding opportunities, amazing spaces and sustainable real estate solutions for our clients, our people, and our communities.

Our core values of teamwork, ethics and excellence are also fundamental to everything we do and we’re honored to be recognized with awards for our success by organizations both globally and locally.

Creating a diverse and inclusive culture where we all feel welcomed, valued and empowered to achieve our full potential is important to who we are today and where we’re headed in the future. And we know that unique backgrounds, experiences and perspectives help us think bigger, spark innovation and succeed together.