Senior Cybersecurity Risk & Compliance Specialist

JLL -
Bengaluru, Karnataka

Apply Now

Job details

Benefits

Health insurance

Qualifications

BCS
Penetration testing
ITIL Certification
Azure
Computer Science
Internet of things
Spark
Disaster recovery
English
Information Systems
Research
Information security
CISM
AWS
Cloud security
Bachelor's degree
Continuous improvement
NIST standards
Risk management
Technical writing
ServiceNow
ISO 27001
Threat intelligence
Cybersecurity
Communication skills
Internal audits
Network security

Full job description

JLL supports the Whole You, personally and professionally.

Our people at JLL are shaping the future of real estate for a better world by combining world class services, advisory and technology to our clients. We are committed to hiring the best, most talented people in our industry; and we support them through professional growth, flexibility, and personalized benefits to manage life in and outside of work. Whether you’ve got deep experience in commercial real estate, skilled trades, and technology, or you’re looking to apply your relevant experience to a new industry, we empower you to shape a brighter way forward so you can thrive professionally and personally.

Senior Cybersecurity Risk & Compliance Specialist

Reporting to the Cybersecurity Compliance Manager, the Cybersecurity Risk & Compliance Specialist serves as a subject matter expert for cybersecurity risk assessments and regulatory compliance across JLL's global operations. This role supports cybersecurity program maturity initiatives, policy governance, and continuous improvement efforts while ensuring alignment with business objectives and regulatory requirements.

Key Responsibilities
Risk Management & Assessment

Monitor changes in business processes, information systems, management and operations, and maintain ongoing risk assessments
Perform comprehensive cybersecurity risk assessments using established methodologies (FAIR, OCTAVE, etc.)
Develop and maintain cybersecurity risk registers and treatment plans aligned with business objectives
Monitor and report on key risk indicators (KRIs) and compliance metrics
Support vendor risk management programs, including security questionnaire reviews and on-site assessments
Evaluate third parties for the presence of fundamental information security controls

Compliance & Audit Management

Lead audits of control effectiveness and design, ensuring completion within established deadlines
Collaborate with internal audit teams on cybersecurity-focused audit programs
Support regulatory examinations and coordinate with external auditors and regulatory bodies
Maintain relationships with external auditors, regulators, and cybersecurity assessment bodies
Ensure assessments of internal control structures are supported by sufficient and documented evidence
Anticipate and resolve obstacles to timely completion of audits and compliance reviews

Policy & Standards Governance

Develop, review, and maintain cybersecurity policies, standards, and procedures to ensure regulatory alignment
Establish and maintain a cybersecurity policy governance framework, including lifecycle management processes
Conduct regular policy reviews and updates to address emerging threats and regulatory changes
Maintain cybersecurity policy and standards repositories with proper version control and accessibility
Create and deliver cybersecurity policy awareness training and education programs
Coordinate with legal, HR, and business units to integrate cybersecurity policies into organizational processes

Stakeholder Management & Communication

Build and maintain productive relationships with process owners across all business functions
Provide direct guidance to internal control process owners and departments
Coordinate cybersecurity compliance reporting for executive leadership and board-level communications
Demonstrate effective interaction with all levels of management and business partners
Ensure proactive communication regarding audit timing, logistics, and findings
Use various internal communication methods to disseminate policies and compliance information

Incident Response & Investigation Support

Assist with internal cybersecurity investigations and incident response activities • Participate in post-incident compliance reviews and lessons learned processes • Support crisis management and business continuity planning initiatives • Conduct root cause analysis for identified security and compliance issues

Strategic & Business Support

Support cybersecurity due diligence activities for mergers, acquisitions, and strategic partnerships
Collaborate with cross-functional teams to embed cybersecurity requirements in business processes
Continually evaluate efficiency and effectiveness of internal controls and identify improvement areas
Support cybersecurity program maturity initiatives and continuous improvement efforts

Required Experience & Education
Education

Bachelor's degree in Computer Science, Information Systems, Cybersecurity, or Computer Engineering
Equivalent combination of education and professional experience will be considered

Professional Experience

Minimum 4 years of IT/cybersecurity experience with focus on risk and compliance
Minimum 4 years contributing to midsize-to-large multi-country initiatives
Experience designing and managing compliance and risk management controls in IT operations and projects
Experience conducting internal audits of IT operations, applications, and projects
Experience in cybersecurity policy development, implementation, and management across enterprise environments
Experience with cybersecurity risk quantification methodologies and control testing techniques

Industry & Regulatory Knowledge

Strong understanding of compliance frameworks: ISO 27001/27002, NIST Cybersecurity Framework, SOC1/SOC2, CIS Controls • Knowledge of data privacy regulations (GDPR, CCPA, etc.) and their intersection with cybersecurity controls • Experience supporting regulatory examinations and external audits • Understanding of business continuity and disaster recovery principles • Familiarity with cybersecurity insurance requirements and claims processes

Technical Expertise

Exposure to GRC technologies and policy management platforms (ServiceNow GRC, Archer, MetricStream)
Knowledge of network security, cloud security, application security, and penetration testing concepts
Understanding of threat intelligence and its application to risk assessments
Familiarity with cybersecurity maturity models (C2M2, NIST CSF, etc.)
Experience with security control testing and validation techniques

Required Skills & Competencies
Communication & Leadership

Exceptional written and oral English communication skills
Strong technical writing skills for policy and standards documentation
Ability to present complex technical concepts in user-friendly language to non-technical audiences
Credible and effective communication with clients, colleagues, and senior management

Analytical & Problem-Solving

High-level analytical, conceptual, and problem-solving abilities
Strong research skills and attention to detail management
Forward-thinking approach to anticipate problems, issues, and solutions
Ability to draw appropriate conclusions from risk assessments and articulate findings

Professional Qualities

Quality-focused with high flexibility and adaptability
Ability to effectively prioritize and execute tasks in high-pressure environments
Team player with experience in collaborative, cross-functional environments
Proactive approach to stakeholder management and issue resolution

Preferred Qualifications
Industry Experience

Experience in corporate sectors (financial services, telecommunications, utilities)
Real estate services industry experience
Real estate technology environment exposure (PropTech, smart buildings, IoT)
Multi-jurisdictional regulatory compliance experience

Advanced Technical Knowledge

Experience with cloud security compliance (AWS, Azure, GCP)
Knowledge of cybersecurity metrics and reporting dashboards
Crisis management and business continuity planning involvement

Professional Certifications

Certified Information Systems Auditor (CISA)
Certified Information Security Manager (CISM) • Certified in Risk and Information Systems Control (CRISC)
ISO 27001 Lead Auditor/Implementer certification
Information Technology Infrastructure Library (ITIL) Foundation

Success Metrics

Successful completion of regulatory audits with minimal findings
Timely completion of risk assessments and remediation tracking
Stakeholder satisfaction scores for GRC guidance and support
Reduction in cybersecurity-related compliance gaps
Effective policy adoption and awareness metrics
Quality and timeliness of compliance reporting and documentation

This role offers the opportunity to work with cutting-edge cybersecurity technologies and frameworks while supporting JLL's global operations and digital transformation initiatives. The successful candidate will play a critical role in strengthening JLL's cybersecurity posture and ensuring regulatory compliance across diverse markets and business functions.

Why JLL
At JLL, we are collectively shaping a brighter way — for our clients, ourselves, and our fellow employees. We choose to take the more inspiring, innovative, and optimistic path on our journey toward success. What sets JLL apart is our culture of collaboration, locally and across the globe, which allows us to create transformative solutions for the real estate industry.
If this job description resonates with you, we encourage you to apply, even if you don’t meet all the requirements. We’re interested in getting to know you and what you bring to the table!
If this job description resonates with you, we encourage you to apply even if you don’t meet all of the requirements below. We’re interested in getting to know you and what you bring to the table!

Personalized benefits that support personal well-being and growth:

JLL recognizes the impact that the workplace can have on your wellness, so we offer a supportive culture and comprehensive benefits package that prioritizes mental, physical and emotional health.

About JLL –

We’re JLL—a leading professional services and investment management firm specializing in real estate. We have operations in over 80 countries and a workforce of over 102,000 individuals around the world who help real estate owners, occupiers and investors achieve their business ambitions. As a global Fortune 500 company, we also have an inherent responsibility to drive sustainability and corporate social responsibility. That’s why we’re committed to our purpose to shape the future of real estate for a better world. We’re using the most advanced technology to create rewarding opportunities, amazing spaces and sustainable real estate solutions for our clients, our people, and our communities.

Our core values of teamwork, ethics and excellence are also fundamental to everything we do and we’re honored to be recognized with awards for our success by organizations both globally and locally.

Creating a diverse and inclusive culture where we all feel welcomed, valued and empowered to achieve our full potential is important to who we are today and where we’re headed in the future. And we know that unique backgrounds, experiences and perspectives help us think bigger, spark innovation and succeed together.

Apply Now

Jobseeker tools

Employer Tools

Browse

Stay Connected