At Bayer we’re visionaries, driven to solve the world’s toughest challenges and striving for a world where ,Health for all, Hunger for none’ is no longer a dream, but a real possibility. We’re doing it with energy, curiosity and sheer dedication, always learning from unique perspectives of those around us, expanding our thinking, growing our capabilities and redefining ‘impossible’. There are so many reasons to join us. If you’re hungry to build a varied and meaningful career in a community of brilliant and diverse minds to make a real difference, there’s only one choice.

 

Sr. Cyber Security GRC Specialist 

 

For Digital Hub Warsaw, we are looking for:

 

Sr. Cyber Security GRC Specialist

Responsible for developing, implementing, and managing cyber security Governance, Risk, and Compliance (GRC) initiatives within Bayer, measuring adherence to Bayer policies and procedures which are based on industry standards. Assessing compliance of Bayer processes, monitoring critical IT security deliverables, and providing audit support for cybersecurity teams. Also, managing IT security exceptions and recommending controls to address gaps through data and security risk assessments. Support preparation of alignment meetings with German workers councils to ensure that cybersecurity tools and processes are implemented in accordance with co-determination laws.

 

Key Tasks & Responsibilities:

 

Perform risk management activities to identify, assess, and mitigate cyber security risks for Bayer. These include owning and management of the cybersecurity framework (in particular based on ISO/IEC 27001), measuring the effectiveness of this framework and driving for the maturity and to support business needsDevelop and maintain key performance indicators (KPIs) and metrics to measure the effectiveness of GRC initiatives.Prepare regular reports for senior management on the status of GRC activities.Collaborate with cross-functional teams to integrate GRC principles into business processes and systemsProvide consulting across the organization on matters of cybersecurity GRCMonitor regulatory changes and industry trends to ensure the organization remains compliant and proactive in addressing emerging risksAct as a liaison with external auditors, and stakeholders on GRC-related mattersWork closely together with other cybersecurity teams to ensure that in case of process changes data privacy and workers council requirements are met and new approvals are obtained, if necessary

 

Focus on Governance topics:

 

Develop and implement GRC strategies, policies, and procedures to ensure compliance with regulatory standards and industry best practicesEnsure that the board and senior management receive accurate and timely information for decision-making.Establish and maintain policies and procedures to promote ethical behavior and accountabilityDevelop and enforce GRC policies and strategies for IT Security complianceReport GRC status to management and liaise with stakeholders

 

Qualifications & Competencies (education, skills, experience):

 

Educational Background: A Bachelor’s or Master’s degree in law, information technology, cybersecurity, computer science, or a related field is essential, though relevant working experience may be considered an equivalent.[3+] years of experience in cyber security, previous experience in a GRC role highly desiredProficiency in various cybersecurity tools and software, understanding of network infrastructure and security protocols, and knowledge of threat modeling and risk assessment techniques are helpfulProfound knowledge of EU and German cybersecurity and data privacy legislation, such as NIS-2, KRITIS, DORA, GDPR, etc.Experience with policy writingPractical experience information security in a corporate or government setting is valuable, along with familiarity with information security standards and frameworks such as ISO/IEC 27001 and NISTExperience with risk management frameworks such as NIST Cybersecurity Framework or ISO 27001Certifications such as Certified Information Systems Security Professional (CISSP), Certified Information Security Manager (CISM), or Certified in Risk and Information Systems Control (CRISC) are desirableDealing with high complexity and ability to think and act in a goal- and result-oriented mannerEnglish, fluent in written and spoken. German language skills would be a plus

 

What do We offer:

 

A flexible, hybrid work modelGreat workplace in a new modern office in WarsawCareer development, 360° Feedback & Mentoring programmeWide access to professional development tools, trainings, & conferencesCompany Bonus & Reward StructureVIP Medical Care Package (including Dental & Mental health)Holiday allowance ("Wczasy pod gruszą")Life & Travel InsurancePension planCo-financed sport card - FitProfitMeals Subsidy in OfficeAdditional days offBudget for Home Office Setup & MaintenanceDedicated working Zone with state-of-the art Lab available only for Cyber Security TeamAccess to Company Game Room equipped with table tennis, soccer table, Sony PlayStation 5 and Xbox Series X consoles setup with premium game passes, and massage chairsTailored-made support in relocation to Warsaw when neededPlease send your CV in English

You feel you do not meet all criteria we are looking for? That doesn't mean you aren't the right fit for the role. Apply with confidence, we value potential over perfection.

 

WORK LOCATION: WARSAW AL.JEROZOLIMSKIE 158

  YOUR APPLICATION   

Bayer welcomes applications from all individuals, regardless of race, national origin, gender, age, physical characteristics, social origin, disability, union membership, religion, family status, pregnancy, sexual orientation, gender identity, gender expression or any unlawful criterion under applicable law. We are committed to treating all applicants fairly and avoiding discrimination.

Bayer is committed to providing access and reasonable accommodations in its application process for individuals with disabilities and encourages applicants with disabilities to request any needed accommodation(s) using the contact information below. 

Bayer offers the possibility of working in a hybrid model. We know how important work-life balance is, so our employees can work from home, from the office or combine both work environments. The possibilities of using the hybrid model are each time discussed with the manager.
Bayer respects and applies the Whistleblower Act in Poland.

     Location:Poland : Mazowieckie : Warszawa    Division: CSF Reference Code:851380   

 

 

Location:

Poland : Mazowieckie : Warszawa  

 

Division:
CSF

 

 

Reference Code:

851380