Sr. Cyber Security GRC Specialist

As a Sr. Cyber Security GRC Specialist, you will support the development, implementation, and ongoing operation of cyber security Governance, Risk, and Compliance (GRC) activities within Bayer. In this individual contributor role, you will partner with cyber security, IT, compliance, and business stakeholders to help measure adherence to Bayer policies and procedures aligned to industry standards; assess the effectiveness of security and compliance processes; track key IT security deliverables; and contribute to audit readiness. You will help manage IT security exceptions and support recommendations for risk treatment and control improvements through data-driven analysis and security risk assessments. You will also contribute to data security initiatives, with a focus on improving Data Classification, Crown Jewel Management, and Data Discovery & Inventory capabilities, helping safeguard sensitive information and support compliance with data protection regulations.

Your Tasks & Responsibilities:

• Support cyber security risk management activities to identify, assess, and help mitigate risks, including contributing to the operation and continuous improvement of the cybersecurity framework;

• Develop and maintain key performance indicators (KPIs), dashboards, and metrics to measure the effectiveness of initiatives;

• Collaborate with cross-functional teams to help integrate cyber security assurance principles into business processes and systems;

• Provide guidance and day-to-day support across the organization on cyber security assurance topics, following established standards and practices;

• Monitor regulatory changes and industry trends and summarize impacts to policies, controls, and risk posture;

• Coordinate evidence collection and respond to auditor inquiries in partnership with control owners and subject matter experts;

• Contribute to strategic initiatives by supporting planning, tracking milestones, and producing high-quality deliverables;

• Support continuous improvement of the data classification framework that categorizes data based on sensitivity and risk;

• Partner with stakeholders at all levels of the organization to help ensure appropriate classification of data assets across the organization;

• Assist with periodic reviews and updates to classification policies to align with regulatory changes and business needs;

• Support identification and management of the organization’s critical data assets (“crown jewels”);

• Help implement and maintain security requirements and protection measures for high-value data assets in partnership with relevant teams;

• Participate in assessments and control reviews related to crown jewel data to support compliance with security standards;

• Support data discovery and inventory activities to improve visibility of data assets across the organization;

• Utilize data discovery tools and techniques to help identify sensitive data and its locations;

• Maintain an up-to-date inventory of data assets, including classification and documented protection measures;

• Work closely with IT, compliance, and legal teams to help ensure alignment on data protection requirements and implementation plans;

• Serve as a point of contact for data security inquiries by triaging requests and connecting teams with the right standards, processes, and subject matter experts;

• Promote strong collaboration and alignment with broader GRC capabilities and ways of working.

• The primary location for this role will be Warsaw, Poland.

Qualifications & Competencies (education, skills, experience):

• Minimum of a Bachelor’s degree in information technology, cybersecurity, computer science, or a related field (or equivalent combination of education and experience);

• 4+ years of experience in cyber security or IT governance

• Working knowledge of common security concepts, network fundamentals, and risk assessment techniques;

• Working knowledge of information security standards and frameworks (e.g., ISO/IEC 27001, NIST CSF) and how to apply them in a corporate environment;

• Experience supporting risk management frameworks and control assessment activities (e.g., NIST Cybersecurity Framework or ISO 27001);

• Relevant certifications such as CISSP, CISM, CRISC, Security+, or similar are a plus;

• Strong communication, analytical, and collaboration skills, with the ability to manage priorities across multiple initiatives and degrees of ambiguity

What do We offer:

• A flexible, hybrid work model

• Great workplace in a new modern office in Warsaw

• Career development, 360° Feedback & Mentoring programme

• Wide access to professional development tools, trainings, & conferences

• Company Bonus & Reward Structure

• VIP Medical Care Package (including Dental & Mental health)

• Holiday allowance ("Wczasy pod gruszą")

• Life & Travel Insurance

• Pension plan

• Co-financed sport card - FitProfit

• Meals Subsidy in Office

• Additional days off

• Budget for Home Office Setup & Maintenance

• Access to Company Game Room equipped with table tennis, soccer table, Sony PlayStation 5 and Xbox Series X consoles setup with premium game passes, and massage chairs

• Tailored-made support in relocation to Warsaw when needed

• Please send your CV in English

• You feel you do not meet all criteria we are looking for? That doesn't mean you aren't the right fit for the role. Apply with confidence, we value potential over perfection.

WORK LOCATION: WARSAW AL.JEROZOLIMSKIE 158