Requirements

Operating system

Windows

Our requirements

• Educational Background: A Bachelor’s or Master’s degree in law, information technology, cybersecurity, computer science, or a related field is essential, though relevant working experience may be considered an equivalent.
• [3+] years of experience in cyber security, previous experience in a GRC role highly desired
• Proficiency in various cybersecurity tools and software, understanding of network infrastructure and security protocols, and knowledge of threat modeling and risk assessment techniques are helpful
• Profound knowledge of EU and German cybersecurity and data privacy legislation, such as NIS-2, KRITIS, DORA, GDPR, etc.
• Experience with policy writing
• Practical experience information security in a corporate or government setting is valuable, along with familiarity with information security standards and frameworks such as ISO/IEC 27001 and NIST
• Experience with risk management frameworks such as NIST Cybersecurity Framework or ISO 27001
• Certifications such as Certified Information Systems Security Professional (CISSP), Certified Information Security Manager (CISM), or Certified in Risk and Information Systems Control (CRISC) are desirable
• Dealing with high complexity and ability to think and act in a goal- and result-oriented manner
• English, fluent in written and spoken. German language skills would be a plus

Your responsibilities

• Perform risk management activities to identify, assess, and mitigate cyber security risks for Bayer. These include owning and management of the cybersecurity framework (in particular based on ISO/IEC 27001), measuring the effectiveness of this framework and driving for the maturity and to support business needs
• Develop and maintain key performance indicators (KPIs) and metrics to measure the effectiveness of GRC initiatives.
• Prepare regular reports for senior management on the status of GRC activities.
• Collaborate with cross-functional teams to integrate GRC principles into business processes and systems
• Provide consulting across the organization on matters of cybersecurity GRC
• Monitor regulatory changes and industry trends to ensure the organization remains compliant and proactive in addressing emerging risks
• Act as a liaison with external auditors, and stakeholders on GRC-related matters
• Work closely together with other cybersecurity teams to ensure that in case of process changes data privacy and workers council requirements are met and new approvals are obtained, if necessary
• Focus on Governance topics:
• Develop and implement GRC strategies, policies, and procedures to ensure compliance with regulatory standards and industry best practices
• Ensure that the board and senior management receive accurate and timely information for decision-making.
• Establish and maintain policies and procedures to promote ethical behavior and accountability
• Develop and enforce GRC policies and strategies for IT Security compliance
• Report GRC status to management and liaise with stakeholders