Sr. Cyber Security GRC Specialist

Sr. Cyber Security GRC Specialist

Responsible for developing, implementing, and managing cyber security Governance, Risk, and Compliance (GRC) initiatives within Bayer, measuring adherence to Bayer policies and procedures which are based on industry standards. Assessing compliance of Bayer processes, monitoring critical IT security deliverables, and providing audit support for cybersecurity teams. Also, managing IT security exceptions and recommending controls to address gaps through data and security risk assessments. Support preparation of alignment meetings with German workers councils to ensure that cybersecurity tools and processes are implemented in accordance with co-determination laws.

Key Tasks & Responsibilities:

• Perform risk management activities to identify, assess, and mitigate cyber security risks for Bayer. These include owning and management of the cybersecurity framework (in particular based on ISO/IEC 27001), measuring the effectiveness of this framework and driving for the maturity and to support business needs

• Develop and maintain key performance indicators (KPIs) and metrics to measure the effectiveness of GRC initiatives.

• Prepare regular reports for senior management on the status of GRC activities.

• Collaborate with cross-functional teams to integrate GRC principles into business processes and systems

• Provide consulting across the organization on matters of cybersecurity GRC

• Monitor regulatory changes and industry trends to ensure the organization remains compliant and proactive in addressing emerging risks

• Act as a liaison with external auditors, and stakeholders on GRC-related matters

• Work closely together with other cybersecurity teams to ensure that in case of process changes data privacy and workers council requirements are met and new approvals are obtained, if necessary

Focus on Governance topics:

• Develop and implement GRC strategies, policies, and procedures to ensure compliance with regulatory standards and industry best practices

• Ensure that the board and senior management receive accurate and timely information for decision-making.

• Establish and maintain policies and procedures to promote ethical behavior and accountability

• Develop and enforce GRC policies and strategies for IT Security compliance

• Report GRC status to management and liaise with stakeholders

Qualifications & Competencies (education, skills, experience):

• Educational Background: A Bachelor’s or Master’s degree in law, information technology, cybersecurity, computer science, or a related field is essential, though relevant working experience may be considered an equivalent.

• [3+] years of experience in cyber security, previous experience in a GRC role highly desired

• Proficiency in various cybersecurity tools and software, understanding of network infrastructure and security protocols, and knowledge of threat modeling and risk assessment techniques are helpful

• Profound knowledge of EU and German cybersecurity and data privacy legislation, such as NIS-2, KRITIS, DORA, GDPR, etc.

• Experience with policy writing

• Practical experience information security in a corporate or government setting is valuable, along with familiarity with information security standards and frameworks such as ISO/IEC 27001 and NIST

• Experience with risk management frameworks such as NIST Cybersecurity Framework or ISO 27001

• Certifications such as Certified Information Systems Security Professional (CISSP), Certified Information Security Manager (CISM), or Certified in Risk and Information Systems Control (CRISC) are desirable

• Dealing with high complexity and ability to think and act in a goal- and result-oriented manner

• English, fluent in written and spoken. German language skills would be a plus

What do We offer:

• A flexible, hybrid work model

• Great workplace in a new modern office in Warsaw

• Career development, 360° Feedback & Mentoring programme

• Wide access to professional development tools, trainings, & conferences

• Company Bonus & Reward Structure

• VIP Medical Care Package (including Dental & Mental health)

• Holiday allowance ("Wczasy pod gruszą")

• Life & Travel Insurance

• Pension plan

• Co-financed sport card - FitProfit

• Meals Subsidy in Office

• Additional days off

• Budget for Home Office Setup & Maintenance

• Dedicated working Zone with state-of-the art Lab available only for Cyber Security Team

• Access to Company Game Room equipped with table tennis, soccer table, Sony PlayStation 5 and Xbox Series X consoles setup with premium game passes, and massage chairs

• Tailored-made support in relocation to Warsaw when needed

• Please send your CV in English

You feel you do not meet all criteria we are looking for? That doesn't mean you aren't the right fit for the role. Apply with confidence, we value potential over perfection.

WORK LOCATION: WARSAW AL.JEROZOLIMSKIE 158