Sr. Cyber Security GRC Specialist

At Bayer we're visionaries, driven to solve the world's toughest challenges and striving for a world where 'Health for all Hunger for none' is no longer a dream, but a real possibility. We're doing it with energy, curiosity and sheer dedication, always learning from unique perspectives of those around us, expanding our thinking, growing our capabilities and redefining 'impossible'. There are so many reasons to join us. If you're hungry to build a varied and meaningful career in a community of brilliant and diverse minds to make a real difference, there's only one choice.

Sr. Cyber Security GRC Specialist

PURPOSE:

As a Sr. Cyber Security GRC Specialist, you will support the development, implementation, and ongoing operation of Cyber Security Governance, Risk, and Compliance (GRC) activities within Bayer. In this individual contributor role, you will partner with Cyber Security, IT, compliance, and business stakeholders to help measure adherence to Bayer policies and procedures aligned to industry standards; assess the effectiveness of security and compliance processes; track key IT security deliverables; and contribute to audit readiness. You will help manage IT security exceptions and support recommendations for risk treatment and control improvements through data-driven analysis and security risk assessments. You will also contribute to data security initiatives, with a focus on improving Data Classification, Crown Jewel Management, and Data Discovery & Inventory capabilities, helping safeguard sensitive information and support compliance with data protection regulations.

YOUR TASKS AND RESPONSIBILITIES:

• Support Cyber Security risk management activities to identify, assess, and help mitigate risks, including contributing to the operation and continuous improvement of the Cyber Security framework;
• Develop and maintain key performance indicators (KPIs), dashboards, and metrics to measure the effectiveness of initiatives;
• Collaborate with cross-functional teams to help integrate Cyber Security assurance principles into business processes and systems;
• Provide guidance and day-to-day support across the organization on Cyber Security assurance topics, following established standards and practices;
• Monitor regulatory changes and industry trends and summarize impacts to policies, controls, and risk posture;
• Coordinate evidence collection and respond to auditor inquiries in partnership with control owners and subject matter experts;
• Contribute to strategic initiatives by supporting planning, tracking milestones, and producing high-quality deliverables;
• Support continuous improvement of the data classification framework that categorizes data based on sensitivity and risk;
• Partner with stakeholders at all levels of the organization to help ensure appropriate classification of data assets across the organization;
• Assist with periodic reviews and updates to classification policies to align with regulatory changes and business needs;
• Support identification and management of the organization's critical data assets ("crown jewels");
• Help implement and maintain security requirements and protection measures for high-value data assets in partnership with relevant teams;
• Participate in assessments and control reviews related to crown jewel data to support compliance with security standards;
• Support data discovery and inventory activities to improve visibility of data assets across the organization;
• Utilize data discovery tools and techniques to help identify sensitive data and its locations;
• Maintain an up-to-date inventory of data assets, including classification and documented protection measures;
• Work closely with IT, compliance, and legal teams to help ensure alignment on data protection requirements and implementation plans;
• Serve as a point of contact for data security inquiries by triaging requests and connecting teams with the right standards, processes, and subject matter experts;
• Promote strong collaboration and alignment with broader GRC capabilities and ways of working.
• The primary location for this role will be Creve Coeur, MO (St. Louis, MO metro area).

WHO YOU ARE:

Bayer seeks an incumbent who possesses the following:

Required Qualifications:

• Minimum of a Bachelor's Degree in Information Technology, Cyber Security, Computer Science, or a related field (or 5 years of relevant experience in lieu of a Bachelor's Degree);

• 4+ years of experience in Cyber Security or IT governance;

• Working knowledge of common security concepts, network fundamentals, and risk assessment techniques;

• Working knowledge of information security standards and frameworks (e.g., ISO/IEC 27001, NIST CSF) and how to apply them in a corporate environment;

• Experience supporting risk management frameworks and control assessment activities (e.g., NIST Cyber Security Framework or ISO 27001);
• Strong communication, analytical, and collaboration skills, with the ability to manage priorities across multiple initiatives and degrees of ambiguity.

Preferred Qualifications:

• Relevant certifications such as CISSP, CISM, CRISC, Security+, or similar are a plus.

This posting will be available for application until at least 4/28/2026.

Employees can expect to be paid a salary between $114,400 - $171,600. Additional compensation may include a bonus or commission (if relevant).

Other benefits include health care, vision, dental, retirement, PTO, sick leave, etc. If selected for this role, the offer may vary based on market data/ranges, an applicant's skills and prior relevant experience, certain degrees and certifications, and other relevant factors.
YOUR APPLICATION
Bayer offers a wide variety of competitive compensation and benefits programs. If you meet the requirements of this unique opportunity, and want to impact our mission Health for all, Hunger for none, we encourage you to apply now. Be part of something bigger. Be you. Be Bayer.
To all recruitment agencies: Bayer does not accept unsolicited third party resumes.

Bayer is an Equal Opportunity Employer/Disabled/Veterans

Bayer is committed to providing access and reasonable accommodations in its application process for individuals with disabilities and encourages applicants with disabilities to request any needed accommodation(s) using the contact information below.
Equal Opportunity Employer Statement: Notice for U.S. Visitors: All information on this site is subject to compliance with local rule and regulations as they may vary from time to time and across different geographies, including, without limitation, U.S. Executive Orders. Bayer is an E-Verify Employer. Location:United States : Missouri : Creve Coeur Division:Enabling Functions Reference Code:866319 Contact Us Email: