Lead Cyber Security Governance Specialist

At Bayer, we're visionaries, driven to solve the world's toughest challenges and striving for a world where 'Health for all Hunger for none' is no longer a dream, but a real possibility. We're doing it with energy, curiosity and sheer dedication, always learning from unique perspectives of those around us, expanding our thinking, growing our capabilities and redefining 'impossible'. There are so many reasons to be part of this community.

Lead Cyber Security Governance Specialist

Your primary responsibilities in this role include:

• Developing, implementing, and managing cyber security Governance, Risk, and Compliance (GRC) initiatives within Bayer;
• Measuring adherence to Bayer policies and procedures based on industry standards;
• Assessing compliance of Bayer processes and monitoring critical IT security deliverables;
• Providing audit support for cybersecurity teams;
• Managing IT security exceptions and recommending controls to address gaps through data and security risk assessments.

Key duties also involve:

• Performing risk management activities to identify, assess, and mitigate cyber security risks for Bayer;
• Developing and maintaining key performance indicators (KPIs) and metrics to measure the effectiveness of GRC initiatives;
• Preparing regular reports for senior management on the status of GRC activities;
• Collaborating with cross-functional teams to integrate GRC principles into business processes and systems;
• Providing consulting across the organization on matters of cybersecurity GRC;
• Monitoring regulatory changes and industry trends to ensure the organization remains compliant and proactive in addressing emerging risks;
• Acting as a liaison with external auditors and stakeholders on GRC-related matters;
• Delivering strategic initiatives and topics to align with Bayer's Cyber Security Strategy.

In addition, you will:

• Develop and implement GRC strategies, policies, and procedures to ensure compliance with regulatory standards and industry best practices;
• Establish and maintain policies and procedures to promote ethical behavior and accountability;
• Develop and enforce GRC policies and strategies for IT Security compliance;
• Report GRC status to management and liaise with stakeholders;
• Build up and maintain an Information Security Management System (ISMS).

Who You Are

Bayer seeks an incumbent who possesses the following qualifications:

• Proficiency in various cybersecurity tools and software, understanding of network infrastructure and security protocols, and knowledge of threat modeling and risk assessment techniques are helpful;
• Practical experience in information security in a corporate or government setting is valuable, along with familiarity with information security standards and frameworks such as ISO/IEC 27001 and NIST;
• Experience with building up and maintaining an ISMS is desired;
• Profound knowledge of relevant cybersecurity and data privacy legislation;
• Experience with policy writing;
• Experience with risk management frameworks such as NIST Cybersecurity Framework or ISO 27001;
• Certifications such as Certified Information Systems Security Professional (CISSP), Certified Information Security Manager (CISM), or Certified in Risk and Information Systems Control (CRISC) are desirable.

The preferred candidate should have:

• [5 ] years of experience in cyber security, previous experience in a GRC role highly desired;
• A Bachelor's or Master's degree in information technology, cybersecurity, computer science, or a related field is essential, though relevant working experience may be considered an equivalent.

Location

The position is available in various locations within the United States, including New Jersey, Washington D.C., Missouri, Pennsylvania, and remotely.