Sr. Cyber Security GRC Specialist
20 240 - 25 300 PLN/ mies.Umowa o pracę (brutto)
SeniorFull-time·Umowa o pracę
#324592·Dodano 21 dni temu·36
Źródło: nofluffjobs.comTech Stack / Keywords
ISO/IEC 27001,
Wymagania
- Minimum of a Bachelor’s degree in information technology, cybersecurity, computer science, or a related field (or equivalent combination of education and experience)
- 4+ years of experience in cyber security or IT governance
- Working knowledge of common security concepts, network fundamentals, and risk assessment techniques
- Working knowledge of information security standards and frameworks (e.g., ISO/IEC 27001, NIST CSF) and how to apply them in a corporate environment
- Experience supporting risk management frameworks and control assessment activities (e.g., NIST Cybersecurity Framework or ISO 27001)
- Relevant certifications such as CISSP, CISM, CRISC, Security+, or similar are a plus
- Strong communication, analytical, and collaboration skills, with the ability to manage priorities across multiple initiatives and degrees of ambiguity
Obowiązki
- Support cyber security risk management activities to identify, assess, and help mitigate risks, including contributing to the operation and continuous improvement of the cybersecurity framework
- Develop and maintain key performance indicators (KPIs), dashboards, and metrics to measure the effectiveness of initiatives
- Collaborate with cross-functional teams to help integrate cyber security assurance principles into business processes and systems
- Provide guidance and day-to-day support across the organization on cyber security assurance topics, following established standards and practices
- Monitor regulatory changes and industry trends and summarize impacts to policies, controls, and risk posture
- Coordinate evidence collection and respond to auditor inquiries in partnership with control owners and subject matter experts
- Contribute to strategic initiatives by supporting planning, tracking milestones, and producing high-quality deliverables
- Support continuous improvement of the data classification framework that categorizes data based on sensitivity and risk
- Partner with stakeholders at all levels of the organization to help ensure appropriate classification of data assets across the organization
- Assist with periodic reviews and updates to classification policies to align with regulatory changes and business needs
- Support identification and management of the organization’s critical data assets (“crown jewels”)
- Help implement and maintain security requirements and protection measures for high-value data assets in partnership with relevant teams
- Participate in assessments and control reviews related to crown jewel data to support compliance with security standards
- Support data discovery and inventory activities to improve visibility of data assets across the organization
- Utilize data discovery tools and techniques to help identify sensitive data and its locations
Oferta
- Sport subscription
- Private healthcare
- International projects
Karta sportowa
Opieka zdrowotna
Bayer Sp. z o.o.
59 aktywnych ofert