Senior Cyber Security GRC Specialist

At Bayer we’re visionaries, driven to solve the world’s toughest challenges and striving for a world where ,Health for all, Hunger for none’ is no longer a dream, but a real possibility. We’re doing it with energy, curiosity and sheer dedication, always learning from unique perspectives of those around us, expanding our thinking, growing our capabilities and redefining ‘impossible’. There are so many reasons to join us. If you’re hungry to build a varied and meaningful career in a community of brilliant and diverse minds to make a real difference, there’s only one choice.

Senior Cyber Security GRC Specialist

For Digital Hub Warsaw, we are looking for:

Sr. Cyber Security GRC Specialist

Responsible for developing and implementing, cyber security Governance, Risk, and Compliance (GRC) initiatives within Bayer by applying industry leading practice, measuring adherence to Bayer policies and procedures, assessing compliance of Bayer processes, monitoring critical IT security deliverables, and providing audit support for cyber security teams. Also responsible for delivering positive end-user experience in GRC matters and regularly engaging stakeholders to achieve desired outcomes.

Key Tasks & Responsibilities:

• Perform risk management activities to identify, assess, and mitigate cyber security risks for Bayer. These include owning and operating the cybersecurity framework, measuring the effectiveness of this framework and driving for the maturity and to support business needs
• Develop and maintain key performance indicators (KPIs) and metrics to measure the effectiveness of GRC initiatives
• Collaborate with cross-functional teams to integrate GRC principles into business processes and systems
• Provide consulting across the organization on matters of cyber security GRC
• Monitor regulatory changes and industry trends to ensure the organization remains compliant and proactive in addressing emerging risks
• Act as a liaison with external auditors, and stakeholders on GRC-related matters
• Support strategic initiatives and topics to align with Bayer’s cyber security strategy
• Demonstrate understanding of cyber security, strategic change management, and system implementation, among other disciplines, to drive the maturation of cyber security practices, specifically risk management
• Perform the assessment of cyber security risks, including conducting risk assessments, identifying gaps, and developing mitigation plans that have clear, actionable and effective controls
• Provide support to the organization in matters of assessing cyber security risks
• Provide analysis and recommendations to management related to cyber security exception requests
• Perform assessments and monitor third-parties’ cyber security risk management profiles
• Contribute to continuous improvement of the cyber security risk and exception management processes
• Provide support to the organization in cybersecurity risk management communications and training to enhance the organization’s security awareness
• Effectively communicate and report on risk assessments to stakeholders and management

Qualifications & Competencies (education, skills, experience):

• Educational Background: A Bachelor’s or Master’s degree in information technology, cybersecurity, computer science, or a related field is essential, though relevant working experience may be considered an equivalent
• 3+ years of experience in cyber security, previous experience in a GRC role highly desired
• Proficiency in various cybersecurity tools and software, understanding of network infrastructure and security protocols, corporate IT operations, and knowledge of threat modeling and risk assessment techniques are helpful
• Practical experience information security in a consulting, corporate or government setting is valuable, along with familiarity with information security standards and frameworks such as ISO/IEC 27001 and NIST
• Certifications such as Certified Information Systems Security Professional (CISSP), Certified Information Security Manager (CISM), or Certified in Risk and Information Systems Control (CRISC) are desirable
• Demonstrated ability to work independently, positively influence others, develop or acquire new skills, and consistently achieve desired outcomes

What do We offer:

• A flexible, hybrid work model
• Great workplace in a new modern office in Warsaw
• Career development, 360° Feedback & Mentoring programme
• Wide access to professional development tools, trainings, & conferences
• Company Bonus & Reward Structure
• VIP Medical Care Package (including Dental & Mental health)
• Holiday allowance (“Wczasy pod gruszą”)
• Life & Travel Insurance
• Pension plan
• Co-financed sport card - FitProfit
• Meals Subsidy in Office
• Additional days off
• Budget for Home Office Setup & Maintenance
• Access to Company Game Room equipped with table tennis, soccer table, Sony PlayStation 5 and Xbox Series X consoles setup with premium game passes, and massage chairs
• Tailored-made support in relocation to Warsaw when needed
• Please send your CV in English

You feel you do not meet all criteria we are looking for? That doesn’t mean you aren’t the right fit for the role. Apply with confidence, we value potential over perfection

WORK LOCATION: WARSAW AL.JEROZOLIMSKIE 158

Location:

Poland : Mazowieckie : Warszawa

Division:

CSF

Reference Code:

851676