Sr. Cyber Security GRC Specialist

O projekcie: As a Sr. Cyber Security GRC Specialist, you will support the development, implementation, and ongoing operation of cyber security Governance, Risk, and Compliance (GRC) activities within Bayer. In this individual contributor role, you will partner with cyber security, IT, compliance, and business stakeholders to help measure adherence to Bayer policies and procedures aligned to industry standards; assess the effectiveness of security and compliance processes; track key IT security deliverables; and contribute to audit readiness. You will help manage IT security exceptions and support recommendations for risk treatment and control improvements through data-driven analysis and security risk assessments. You will also contribute to data security initiatives, with a focus on improving Data Classification, Crown Jewel Management, and Data Discovery & Inventory capabilities, helping safeguard sensitive information and support compliance with data protection regulations. Wymagania: - Minimum of a Bachelor’s degree in information technology, cybersecurity, computer science, or a related field (or equivalent combination of education and experience); - 4+ years of experience in cyber security or IT governance - Working knowledge of common security concepts, network fundamentals, and risk assessment techniques; - Working knowledge of information security standards and frameworks (e.g., ISO/IEC 27001, NIST CSF) and how to apply them in a corporate environment; - Experience supporting risk management frameworks and control assessment activities (e.g., NIST Cybersecurity Framework or ISO 27001); - Relevant certifications such as CISSP, CISM, CRISC, Security+, or similar are a plus; - Strong communication, analytical, and collaboration skills, with the ability to manage priorities across multiple initiatives and degrees of ambiguity Codzienne zadania: - Support cyber security risk management activities to identify, assess, and help mitigate risks, including contributing to the operation and continuous improvement of the cybersecurity framework; - Develop and maintain key performance indicators (KPIs), dashboards, and metrics to measure the effectiveness of initiatives; - Collaborate with cross-functional teams to help integrate cyber security assurance principles into business processes and systems; - Provide guidance and day-to-day support across the organization on cyber security assurance topics, following established standards and practices; - Monitor regulatory changes and industry trends and summarize impacts to policies, controls, and risk posture; - Coordinate evidence collection and respond to auditor inquiries in partnership with control owners and subject matter experts; - Contribute to strategic initiatives by supporting planning, tracking milestones, and producing high-quality deliverables; - Support continuous improvement of the data classification framework that categorizes data based on sensitivity and risk; - Partner with stakeholders at all levels of the organization to help ensure appropriate classification of data assets across the organization; - Assist with periodic reviews and updates to classification policies to align with regulatory changes and business needs; - Support identification and management of the organization’s critical data assets (“crown jewels”); - Help implement and maintain security requirements and protection measures for high-value data assets in partnership with relevant teams; - Participate in assessments and control reviews related to crown jewel data to support compliance with security standards; - Support data discovery and inventory activities to improve visibility of data assets across the organization; - Utilize data discovery tools and techniques to help identify sensitive data and its locations;