We are seeking a motivated Information Security Specialist. This position will be located in St. Louis, MO and reporting to our Risk Management Lead. This position is responsible for assisting the business in evaluating risk associated with the use, ownership, operation, and adoption of IT systems within the enterprise by performing risk assessments.
Performs focused risks assessments of existing or new services and technologies (both internal and external) by utilizing questionnaires, surveys, interviews and observations and reviewing documentation to identify and evaluate risk scenarios
Communicates risk assessment findings to information security “customers,” or business partners
Provides consultative advice to information security customers that enables them to make informed risk management decisions
Identifies appropriate controls to effectively manage information risks as needed
Identifies opportunities to improve risk posture, developing solutions for remediating or mitigating risks and assessing the residual risk
Maintains strong working relationships with individuals and groups involved in managing information risks across the organization
BS in Business Computer Science, Information Security, or a related field or equivalent combination of education and years of experience.
3+ years of work experience in information security, especially in an Information Risk Analysis, Enterprise Risk Management (ERM), and/or IT Audit role
Knowledge of quantitative and qualitative risk evaluation methods
An ability to identify and assesses the severity and potential impact of risks and communicate risk assessment findings to risk owners outside Information Security in a way that consistently drives objective, fact-based decisions about risk that optimize the trade-off between risk mitigation and business performance
Strong decision-making capabilities, with a proven ability to weigh the relative costs and benefits of potential actions and identify the most appropriate one
An ability to effectively influence others to modify their opinions, plans, or behaviors
An understanding of business needs and commitment to delivering high-quality, prompt, and efficient service to the business
Excellent prioritization capabilities, with an aptitude for breaking down work into manageable parts, effectively assessing the priority and time required to complete each part
An ability to work on several tasks simultaneously and pay attention to sources of information from inside and outside one’s network within an organization
Open and able to apply original and innovative thinking to produce new ideas and create innovative products in an environment that embraces continuous improvement
BS or MA in Business, Computer Science, Information Security, or a related field
3+ years of experience with regulatory compliance and/or information security management frameworks (e.g., IS027000, COBIT, NIST 800, etc.)
Experience with Governance, Risk, and Compliance (GRC) tools and solutions, specifically RSA Archer
Knowledge and/or experience with Governance, Risk, and Compliance (GRC) Frameworks
Knowledge of domestic and global regulations related to privacy data
Security+, CEH, CISSP, CISM, CISA, SSCP or CRISC certifications
Background in agriculture, biotechnology, manufacturing or other industry specific experience a plus
Bayer successfully completed the acquisition of Monsanto in June 2018, bringing together Monsanto’s leadership in seeds and plant traits with Bayer’s leadership in chemical and biological crop protection. By joining forces, we will create even more extensive career opportunities for talent around the world. We’re a global team working to shape agriculture through breakthrough innovation that will benefit farmers, consumers, and our planet.
While we are now Bayer, we will continue to hire using separate career sites until we can integrate our career platforms. We invite you to explore the career opportunities available at the combined company by visiting advancingtogether.com/careers.