• Provide strategic direction for the Enterprise Security Strategy at JLL by educating self and others in new security threats across the entire spectrum of JLL applicable technologies. • Provide strong technical leadership in all aspects of security including end point protection, network security, firewalls, application, and cloud security. • Provide guidance, governance, and oversight of multiple security efforts in parallel. • Analyze and communicate benefits and risks associated with IT investments and participates in Regional IT governance and decision making, adhering to standards. • Ensure applications, processes, and procedures of the Enterprise Application team comply with JLL standards including security policies, change management, SOC2 and other critical business requirements.

• Perform security risk assessments of potential new vendors and / or where vendor services have changed. • Monitor changes in business processes, information systems, management and operations, and accordingly maintain an assessment to risk. • Build and maintain productive relationships with process owners. • Ensure audits of control effectiveness and design and other projects are completed in an efficient manner, and within established deadlines. • Ensure that the assessments of internal control structure related to processes audited are supported through sufficient and adequately documented evidence. • Assist with internal investigations. • Promote good practice of Information Security Third Party Risk Management to staff and associated contractors. • Provide direct and specific guidance to the department internal control process owners’ as appropriate for each process owner of the department and the work being performed.

• Monitor changes in business processes, information systems, management and operations, and maintain ongoing risk assessments • Perform comprehensive cybersecurity risk assessments using established methodologies (FAIR, OCTAVE, etc.) • Develop and maintain cybersecurity risk registers and treatment plans aligned with business objectives • Monitor and report on key risk indicators (KRIs) and compliance metrics • Support vendor risk management programs, including security questionnaire reviews and on-site assessments • Lead audits of control effectiveness and design, ensuring completion within established deadlines • Collaborate with internal audit teams on cybersecurity-focused audit programs • Maintain relationships with external auditors, regulators, and cybersecurity assessment bodies • Ensure assessments of internal control structures are supported by sufficient and documented evidence • Conduct regular policy reviews and updates to address emerging threats and regulatory changes • Create and deliver cybersecurity policy awareness training and education programs • Build and maintain productive relationships with process owners across all business functions

• Assist in monitoring business process changes and maintaining risk assessment documentation • Support cybersecurity risk assessments using established methodologies and templates • Help maintain cybersecurity risk registers and update treatment plans under guidance • Track and compile key risk indicators (KRIs) and compliance metrics for reporting