At Bayer we’re visionaries, driven to solve the world’s toughest challenges and striving for a world where 'Health for all Hunger for none’ is no longer a dream, but a real possibility. We’re doing it with energy, curiosity and sheer dedication, always learning from unique perspectives of those around us, expanding our thinking, growing our capabilities and redefining ‘impossible’. There are so many reasons to join us. If you’re hungry to build a varied and meaningful career in a community of brilliant and diverse minds to make a real difference, there’s only one choice.

Principal Cyber Security GRC Specialist

YOUR TASKS AND RESPONSIBILITIES

The primary responsibilities of this role, Principal Cyber Security GRC Specialist are to:

Responsible for developing, implementing, and managing cyber security Governance, Risk, and Compliance (GRC) initiatives within Bayer, measuring adherence to Bayer policies and procedures which are based on industry standards.

Assessing compliance of Bayer processes, monitoring critical IT security deliverables, and providing audit support for cybersecurity teams. Also, managing IT security exceptions and recommending controls to address gaps through data and security risk assessments.

• Perform risk management activities to identify, assess, and mitigate cyber security risks for Bayer;

• These include owning and management of the cybersecurity framework, measuring the effectiveness of this framework and driving for the maturity and to support business needs;

• Develop and maintain key performance indicators (KPIs) and metrics to measure the effectiveness of GRC initiatives;

• Prepare regular reports for senior management on the status of GRC activities. Collaborate with cross-functional teams to integrate GRC principles into business processes and systems;

• Provide consulting across the organization on matters of cybersecurity GRC Monitor regulatory changes and industry trends to ensure the organization remains compliant and proactive in addressing emerging risks;

• Act as a liaison with external auditors, and stakeholders on GRC-related matters.

WHO YOU ARE

Bayer seeks an incumbent who possesses the following:

Required Qualifications:

• A Bachelor’s or Master’s degree in information technology, cybersecurity, computer science, or a related field is essential, though relevant working experience may be considered an equivalent;

• Proficiency in various cybersecurity tools and software, understanding of network infrastructure and security protocols, and knowledge of threat modeling and risk assessment techniques are helpful;

• Extensive experience in managing information security in a corporate or government setting is valuable, along with familiarity with information security standards and frameworks such as ISO/IEC 27001 and NIS;

• Proven experience with risk management frameworks such as NIST Cybersecurity Framework or ISO 27001;

• VACC Leadership Skills.

Preferred Qualifications:

• [7+] years of experience in cyber security, previous experience in a GRC role highly desired;

• Certifications such as Certified Information Systems Security Professional (CISSP), Certified Information Security Manager (CISM), or Certified in Risk and Information Systems Control (CRISC) are desirable.

This posting will be available for application until at least 2/28/2025.

YOUR APPLICATION

Bayer offers a wide variety of competitive compensation and benefits programs. If you meet the requirements of this unique opportunity, and want to impact our mission Science for a better life, we encourage you to apply now. Be part of something bigger. Be you. Be Bayer.

To all recruitment agencies: Bayer does not accept unsolicited third party resumes.

Bayer is an Equal Opportunity Employer/Disabled/Veterans

Bayer is committed to providing access and reasonable accommodations in its application process for individuals with disabilities and encourages applicants with disabilities to request any needed accommodation(s) using the contact information below.

Bayer is an E-Verify Employer.

It is unlawful in Massachusetts to require or administer a lie detector test as a condition of employment or continued employment. An employer who violates this law shall be subject to criminal penalties and civil liability.

Location: United States : Missouri : Creve Coeur || United States : Missouri : St. Louis || United States : New Jersey : Whippany

Division: Enabling Functions

Reference Code: 835910

Contact Us

Email: hrop_usa@bayer.com

Job Segment: Cyber Security, Compliance, Information Security, Information Systems, Risk Management, Security, Legal, Technology, Finance