Lead Cyber Security Governance Specialist

Lead Cyber Security Governance Specialist

YOUR TASKS AND RESPONSIBILITIES

1. Responsible for developing, implementing, and managing cyber security Governance, Risk, and Compliance (GRC) initiatives within Bayer, measuring adherence to Bayer policies and procedures based on industry standards. Assess compliance of Bayer processes, monitor critical IT security deliverables, and provide audit support for cybersecurity teams. Manage IT security exceptions and recommend controls to address gaps through data and security risk assessments.
2. Perform risk management activities to identify, assess, and mitigate cyber security risks for Bayer, including ownership and management of the cybersecurity framework, measuring its effectiveness, and driving for maturity to support business needs. Develop and maintain key performance indicators (KPIs) and metrics to measure the effectiveness of GRC initiatives.
3. Prepare regular reports for senior management on the status of GRC activities.
4. Collaborate with cross-functional teams to integrate GRC principles into business processes and systems.
5. Provide consulting across the organization on matters of cybersecurity GRC. Monitor regulatory changes and industry trends to ensure compliance and proactively address emerging risks. Act as a liaison with external auditors and stakeholders on GRC-related matters.
6. Deliver strategic initiatives and topics to align with Bayer’s Cyber Security Strategy.
7. Develop and implement GRC strategies, policies, and procedures to ensure compliance with regulatory standards and industry best practices.
8. Establish and maintain policies and procedures to promote ethical behavior and accountability.
9. Develop and enforce GRC policies and strategies for IT Security compliance. Report GRC status to management and liaise with stakeholders. Build and maintain an ISMS.

WHO YOU ARE

Bayer seeks an incumbent who possesses the following:

Required Qualifications:

1. Proficiency in various cybersecurity tools and software, understanding of network infrastructure and security protocols, and knowledge of threat modeling and risk assessment techniques.
2. Practical experience in information security in a corporate or government setting, along with familiarity with information security standards and frameworks such as ISO/IEC 27001 and NIST. Experience with building and maintaining an ISMS is desired.
3. Profound knowledge of relevant cybersecurity and data privacy legislation. Experience with policy writing.
4. Experience with risk management frameworks such as NIST Cybersecurity Framework or ISO 27001. Certifications such as Certified Information Systems Security Professional (CISSP), Certified Information Security Manager (CISM), or Certified in Risk and Information Systems Control (CRISC) are desirable.

Preferred Qualifications:

1. [5+] years of experience in cyber security, with previous experience in a GRC role highly desired.
2. Bachelor’s or Master’s degree in information technology, cybersecurity, computer science, or a related field is essential, though relevant working experience may be considered equivalent.

Location: United States: New Jersey: Whippany || United States: District of Columbia: Washington || United States: Missouri: Creve Coeur || United States: Missouri: St. Louis || United States: Pennsylvania: Indianola || United States: Residence Based.