At Bayer we’re visionaries, driven to solve the world’s toughest challenges and striving for a world where ,Health for all, Hunger for none’ is no longer a dream, but a real possibility. We’re doing it with energy, curiosity and sheer dedication, always learning from unique perspectives of those around us, expanding our thinking, growing our capabilities and redefining ‘impossible’. There are so many reasons to join us. If you’re hungry to build a varied and meaningful career in a community of brilliant and diverse minds to make a real difference, there’s only one choice.

Senior Cyber Security GRC Specialist 

For Digital Hub Warsaw, we are looking for:
 

Senior Cyber Security GRC Specialist
 

This role is critical to ensuring Bayer’s cybersecurity governance, risk, and compliance strategies align with business objectives while mitigating risks and maintaining regulatory adherence.

Key Tasks & Responsibilities:
 

• Perform risk management activities to identify, assess, and mitigate cyber security risks for Bayer. These include owning and managing the cybersecurity framework, measuring its effectiveness, and driving maturity to support business needs.
• Develop and maintain key performance indicators (KPIs) and metrics to evaluate the effectiveness of GRC initiatives, directly linking them to Bayer’s license to operate.
• Collaborate with cross-functional teams to integrate GRC principles into business processes and systems.
• Maintain a structured framework to monitor regulatory changes and compliance effectiveness through regular audits, ensuring proactive adaptation to emerging risks and adherence to relevant cybersecurity laws for Bayer's license to operate.
• Consult across the organization on cybersecurity GRC matters to reinforce our license to operate, while serving as a liaison between external auditors and internal stakeholders.
• Create policies that are aligned with business outcomes and address identified regulatory risks.
   

Governance:

• Develop and implement GRC strategies, policies, and procedures to ensure compliance with regulatory standards and industry best practices.
• Ensure that the board and senior management receive accurate and timely information for decision-making.
• Establish and maintain policies and procedures to promote ethical behavior and accountability.
• Develop and enforce GRC policies and strategies for IT Security compliance.
• Report GRC status to management and liaise with stakeholders.
   

Risk Management:

• Perform the assessment of cybersecurity risks, including conducting risk assessments, identifying gaps, and developing mitigation plans that have clear, actionable, and effective controls.
• Provide support to the organization in matters of assessing cybersecurity risks.
• Manage the IT Security exception process.
• Contribute to the continuous improvement of the cybersecurity risk and exception management processes.
• Effectively communicate and report on risk assessments to stakeholders and management.
   

Compliance:

• Ensure compliance with all relevant cybersecurity regulations and standards by supporting the country security officers with global standard solutions.
• Conduct regular reviews to assess compliance with internal policies and external requirements.
• Provide audit support for the CSRM team.
• Monitor and report on the effectiveness of risk management processes, adapting as necessary to address new and emerging risks.
• Monitor IT security deliverables from major service providers.
• Work with Cybersecurity Governance to ensure our policies and procedures meet requirements.
• Implement audit remediation in response to internal audit findings.
• Respond to compliance questionnaires from stakeholders as needed.

Qualifications & Competencies (education, skills, experience):

• ​A Bachelor’s or Master’s degree in information technology, cybersecurity, computer science, or a related field is essential. Alternatively, [3+] years of experience in cybersecurity, with previous experience in a GRC role highly desired, though relevant working experience may be considered an equivalent.
• Proficiency in various cybersecurity tools and software.
• Understanding of network infrastructure and security principles.
• Strong analytical and problem-solving skills.
• Excellent communication and collaboration abilities to work across teams and with stakeholders.
• Knowledge of industry frameworks such as NIST, ISO 27001, and regulatory compliance requirements.
• Experience with risk assessment methodologies and IT security compliance processes.
• Ability to adapt to changing cybersecurity landscapes and emerging threats.

What do We offer:

• A flexible, hybrid work model
• Great workplace in a new modern office in Warsaw
• Career development, 360° Feedback & Mentoring programme
• Wide access to professional development tools, trainings, & conferences
• Company Bonus & Reward Structure
• VIP Medical Care Package (including Dental & Mental health)
• Holiday allowance (“Wczasy pod gruszą”)
• Life & Travel Insurance
• Pension plan

• Co-financed sport card - FitProfit
• Meals Subsidy in Office
• Additional days off
• Budget for Home Office Setup & Maintenance
• Dedicated working Zone with state-of-the art Lab available only for Cyber Security Team
• Access to Company Game Room equipped with table tennis, soccer table, Sony PlayStation 5 and Xbox Series X consoles setup with premium game passes, and massage chairs
• Tailored-made support in relocation to Warsaw when needed
• Please send your CV in English

You feel you do not meet all criteria we are looking for? That doesn’t mean you aren’t the right fit for the role. Apply with confidence, we value potential over perfection

WORK LOCATION: WARSAW AL.JEROZOLIMSKIE 158

YOUR APPLICATION

If your background and personal experience fit this profile, please send us your complete application at www.career.bayer.cn If you have any recommendations, please kindly send mail to cnreferral@bayer.com
 

Location:                   

Poland : Mazowieckie : Warszawa 

Division:

CSF 

Reference Code:

841106