As a Sr. Cyber Security GRC Specialist, you will partner with Cyber Security, IT, compliance, and business stakeholders to help measure adherence to Bayer policies and procedures aligned to industry standards; assess the effectiveness of security and compliance processes; track key IT security deliverables; and contribute to audit readiness.

Your tasks and responsibilities will include:

• Supporting Cyber Security risk management activities to identify, assess, and help mitigate risks, including contributing to the operation and continuous improvement of the Cyber Security framework;
• Developing and maintaining key performance indicators (KPIs), dashboards, and metrics to measure the effectiveness of initiatives;
• Collaborating with cross-functional teams to help integrate Cyber Security assurance principles into business processes and systems;
• Providing guidance and day-to-day support across the organisation on Cyber Security assurance topics, following established standards and practices;
• Monitoring regulatory changes and industry trends and summarising impacts to policies, controls, and risk posture;
• Coordinating evidence collection and responding to auditor inquiries in partnership with control owners and subject matter experts;
• Contributing to strategic initiatives by supporting planning, tracking milestones, and producing high-quality deliverables;
• Supporting continuous improvement of the data classification framework that categorises data based on sensitivity and risk;
• Partnering with stakeholders at all levels of the organisation to help ensure appropriate classification of data assets across the organisation;
• Assisting with periodic reviews and updates to classification policies to align with regulatory changes and business needs;
• Supporting identification and management of the organisation's critical data assets ('crown jewels');
• Helping implement and maintain security requirements and protection measures for high-value data assets in partnership with relevant teams;
• Participating in assessments and control reviews related to crown jewel data to support compliance with security standards;
• Supporting data discovery and inventory activities to improve visibility of data assets across the organisation;
• Utilising data discovery tools and techniques to help identify sensitive data and its locations;
• Maintaining an up-to-date inventory of data assets, including classification and documented protection measures;
• Working closely with IT, compliance, and legal teams to help ensure alignment on data protection requirements and implementation plans;
• Serving as a point of contact for data security inquiries by triaging requests and connecting teams with the right standards, processes, and subject matter experts;
• Promoting strong collaboration and alignment with broader GRC capabilities and ways of working.

The primary location for this role will be Creve Coeur, MO (St. Louis, MO metro area).

If you're interested in this opportunity, please submit your application.

XML job scraping automation by YubHub

At Cloudflare, we are on a mission to help build a better Internet. Today the company runs one of the world's largest networks that powers millions of websites and other Internet properties for customers ranging from individual bloggers to SMBs to Fortune 500 companies.

We protect and accelerate any Internet application online without adding hardware, installing software, or changing a line of code. Internet properties powered by Cloudflare all have web traffic routed through its intelligent global network, which gets smarter with every request. As a result, they see significant improvement in performance and a decrease in spam and other attacks.

Key Responsibilities

Public Sector & Compliance Governance

• Serve as the Subject Matter Expert (SME) on NIST 800-53 control families and FedRAMP requirements.
• Manage Cloudflare's continuous monitoring program, inclusive of annual assessments and significant change requests.
• Collect, validate, and organize FedRAMP evidence and artifacts to present to auditors, FedRAMP customers, and the FedRAMP PMO.
• Help guide our overall security policy and governance architecture to ensure alignment with evolving government regulations.

Audit Lifecycle Management

• Orchestrate end-to-end audit activities for standards such as PCI, SOC2, ISO, NIST, and FedRAMP.
• Coordinate with auditors to manage data center access, compliance certificate collection, and evidence defense.
• Work cross-functionally with Engineering, Legal, Product, and Operational teams to maintain management and technical controls.
• Support compliance and regulatory projects, including implementation of new legislation / regulation.

Identity & Access Management (IAM) Operations

• Execute monthly Periodic Access Reviews (PARs): Compare portal user lists against ACLs to ensure least-privilege access is maintained across all data centers.
• Manage the lifecycle of portal access: Auditing access, provisioning/deprovisioning users, and maintaining accurate documentation.
• Oversee physical access requests to data centers and ensure strict adherence to security policies.
• Drive the resolution of daily DCSC Jira tickets for portal access, physical access, audits, and site decommissioning.
• Automate and streamline access review processes where possible, utilizing standard communication templates to site managers.

Partner Relations & Reporting

• Own, influence, and orchestrate relationships within the partner Offering teams that can help drive Cloudflare offerings and strategic positioning.
• Monitor and implement changes to individual accountability regime requirements (such as UK, Ireland, Singapore and Australia).
• Maintain centralized documentation, databases, dashboards, and reporting mechanisms to track compliance health.

Requirements

• 3-6 years working in Security Compliance, Information Security, or Risk Management.
• Deep familiarity with all NIST 800-53 control families and FedRAMP requirements.
• Ability to work closely with auditors and articulate technical concepts.
• Experience in auditing of network, operating system, and application security.
• Proven experience managing an audit throughout the full audit lifecycle (from readiness to final report).
• Familiarity with additional security standards and frameworks such as ISO 27000, SOC 2, PCI DSS, ISMAP and IRAP.
• Ability to work cross-functionally with internal stakeholders and strong communications skills.
• High tolerance for ambiguity and ability to work efficiently and independently in a fast-paced, high-volume environment.
• Some travel may be required to engage with regulators and auditors.
• Certifications: CISSP, CIPP, CIPM, CIPT, CISA, or CRISC.
• A relevant professional experience working with technology partners, alliances, or third-party vendors, ideally in the following disciplines: Data center Security Compliance, Access Management, audit administration at a leading high-tech company; offering management.
• Technical skills including the ability to understand (1) product roadmaps; (2) market trends and factors; and (3) complex partner requirements.
• Strong technical proficiency with spreadsheet software (Excel/Google Sheets) including pivot tables and VLOOKUPs for data reconciliation.
• Organized & Disciplined, with a strong focus on driving outcomes.

Preferred

• Prior experience with Data Centre Security Compliance disciplines and audit programs and past history working at a hyperscaler or high-growth tech company.
• Superb organizational skills and demonstrated history managing complex processes including audit cycles, Facts gathering and analytical skills.

XML job scraping automation by YubHub

Responsibilities:

• Certifications like CISA, CRISC, CGEIT, Security+, CASP+, or similar are preferred.
• Drive continual improvement in processes, procedures, and automations to improve the quality and effectiveness of the team.
• Participate in a 24/7 on-call rotation performing security incident response.
• Commandeering security incidents and updating stakeholders.
• Identify and develop new detection use cases and optimize existing detections.
• Collaborate on technical directions and solutions with other teams.
• Research and analyze patterns in security events across X's global infrastructure.
• Identify, design, and lead threat hunting missions to quantify and reduce threats.
• Manage and support the log collection, security scanning, intrusion detection, and other security-related systems.
• Design and assist in the development of automation to reduce false positives and handle events automatically.
• Analyze the security posture of systems via testing and vulnerability impact analysis.

Basic Qualifications:

• 2+ years of relevant information security experience.
• Self-starter, can receive a task and execute with minimal supervision.
• Strong Python scripting skills for implementing security automation.
• Knowledge of networking and macOS, Windows, or Linux operating systems.
• Knowledge of cloud security fundamentals and practices (vendor agnostic).
• Experience managing and/or deploying security technology.
• Experience with building queries and dashboards for security monitoring.
• Knowledge of current threats and techniques and a desire to research and learn more.
• Experience with malware analysis, forensics, or penetration testing.
• Problem-solving skills or experience with troubleshooting.

ITAR Requirements:

To conform to U.S. Government export regulations, applicant must be a (i) U.S. citizen or national, (ii) U.S. lawful, permanent resident (aka green card holder), (iii) Refugee under 8 U.S.C. § 1157, or (iv) Asylee under 8 U.S.C. § 1158, or be eligible to obtain the required authorizations from the U.S. Department of State. Learn more about the ITAR here.

Preferred Skills and Experience:

• Elastic / OpenSearch or similar platforms.
• Open Source security automation tooling.

Compensation and Benefits:

$180,000 - $440,000 USD. Base salary is just one part of our total rewards package at xAI, which also includes equity, comprehensive medical, vision, and dental coverage, access to a 401(k) retirement plan, short & long-term disability insurance, life insurance, and various other discounts and perks.

XML job scraping automation by YubHub

As an IAM / PAM Subject Matter Expert, you will lead and deliver enterprise-wide IAM and PAM initiatives within large, complex organisations. You will own PAM BAU operations, ensuring SLAs, KPIs, and service quality standards are consistently met. You will design privileged access controls such as session management, password vaulting, access monitoring, and self-service.

You will analyse enterprise and custom applications with PAM platforms, including required client-specific customisations. You will partner with business, IT, and security teams to gather requirements and deliver effective solutions. You will identify security gaps, recommend process improvements, and drive continuous enhancement. You will stay current with emerging cybersecurity threats, IAM/PAM trends, and technologies.

You will have experience in use of Jira and Confluence to manage delivery, documentation, and governance. You will be a clear, confident communicator with experience presenting to senior stakeholders. You will be comfortable working in fast-paced, security-critical environments.

You will have proven experience delivering enterprise-scale IAM and/or PAM solutions. You will have hands-on experience across one or more cybersecurity domains, with strong PAM expertise. You will have proven experience integrating applications with PAM platforms. You will have knowledge of security and compliance frameworks including SOX, ISAE 3402 / SOC 1 & 2, ISO, NIST, and PCI-DSS. Security certifications such as CISSP, CISM, CRISC, CCSP, SSCP, or Security+ are desirable.

Given that this is just a short snapshot of the role we encourage you to apply even if you don't meet all the requirements listed above. We are looking for team members who strive to make an impact and are eager to learn. If this sounds like you and you feel you have the skills and experience required, then please apply now.

XML job scraping automation by YubHub

We are seeking an experienced Principal Third Party Risk Management (TPRM) Consultant to lead and shape our Third Party Risk and GRC services within the cyber security consultancy. This is a senior leadership role responsible for driving strategy, managing complex client engagements, and delivering enterprise-scale TPRM and GRC programmes across multiple industries. As a subject matter expert in Third Party Risk Management, Governance, Risk & Compliance (GRC) and vendor risk frameworks, you will design, implement, and operate robust third-party risk management frameworks that align with regulatory, security, and business requirements. You will act as a trusted advisor to clients, lead large transformation initiatives, manage teams, and ensure high-quality delivery of risk, compliance, and assurance services.

Key Responsibilities:

·       TPRM Proposals & Strategy: Lead the development of TPRM and GRC proposals, defining scope, delivery models, governance structures, and operating models and design enterprise-level Third Party Risk Management strategies aligned with regulatory, operational, and cyber risk requirements.

·       Client Engagement Leadership: Lead and manage complex client engagements in Third Party Risk Management, vendor risk, and GRC and act as engagement lead and trusted advisor for executive stakeholders (CISO, CRO, Risk, Compliance, Procurement, Legal). In addition to that ensure successful delivery of TPRM services including assessments, frameworks, tooling, and operationalisation.

·       Security Assessment & Audit Leadership: Lead third-party security assessments, audits, and assurance activities and define assessment methodologies, risk scoring models, control frameworks, and reporting structures as well as oversee supplier due diligence, onboarding risk processes, and continuous monitoring programmes.

·       Technical & Methodological Authority: Serve as subject matter expert for TPRM, GRC platforms, and vendor risk methodologies and provide leadership in the use of GRC and TPRM tooling (e.g. OneTrust, Archer, ServiceNow GRC, similar platforms).

·       Project, Delivery & Programme Leadership: Act as Project Manager, Delivery Lead, and Programme Lead for large-scale TPRM initiatives and manage multi-stream delivery, dependencies, risks, and stakeholder alignment.

·       Team Leadership & Management: Lead, mentor, and develop a team of consultants (up to 5 direct reports) and build high-performing delivery teams and ensure capability development in TPRM and GRC.

·       Risk & Compliance Management: Identify, assess, and manage third-party risks across cyber, operational, regulatory, and reputational domains and advise clients on risk treatment strategies, remediation plans, and control improvements.

·       Continuous Improvement & Innovation: Drive continuous improvement in TPRM methodologies, delivery models, and service offerings and stay current with regulatory developments, emerging risks, and industry best practices in third-party risk and supply chain security.

Requirements

Essential Skills and Experience:

·       Extensive experience in Third Party Risk Management (TPRM) and Governance, Risk & Compliance (GRC) at enterprise level.

·       Strong background as Security Assessor, Auditor, and Risk Consultant.

·       Proven experience leading TPRM, vendor risk, and supplier assurance programmes.

·       Experience acting as Project Manager, Delivery Lead, and Programme Lead for complex engagements.

·       Hands-on experience with GRC / TPRM platforms, ideally including OneTrust.

·       Ability to design and implement third-party risk frameworks, policies, and governance models.

·       Strong stakeholder management skills at executive and board level.

·       Proven people management experience, including team leadership and mentoring.

·       Ability to balance security, risk, compliance, and business enablement.

Qualifications:

·       Minimum 10 years of experience in cyber security, risk management, GRC, audit, or related domains.

·       CISA (Certified Information Systems Auditor) strongly preferred.

·       Lead Auditor certification (e.g. ISO 27001 Lead Auditor) highly desirable.

·       Additional certifications such as CISM, CRISC, CISSP are an advantage.

·       Experience working across multiple industries (e.g. Financial Services, Healthcare, Critical Infrastructure, Government, Technology).

·       Experience with regulatory-driven environments and compliance-led transformation programmes.

_Given that this is just a short snapshot of the role we encourage you to apply even if you don't meet all the requirements listed above. We are looking for team members who strive to make an impact and are eager to learn. If this sounds like you and you feel you have the skills and experience required, then please_ _apply now._

Benefits

About Infosys Consulting

Be part of a globally renowned management consulting firm on the front-line of industry disruption and at the cutting edge of technology.  We work with market leading brands across sectors. Our culture is inclusive and entrepreneurial. Being a mid-size consultancy within the scale of Infosys gives us the global reach to partner with our clients throughout their transformation journey.

Our core values, IC-LIFE, form a common code that helps us move forward. IC-LIFE stands for Inclusion, Equity and Diversity, Client, Leadership, Integrity, Fairness, and Excellence. To learn more about Infosys Consulting and our values, please visit our careers page.

Within Europe, we are recognized as one of the UK’s top firms by the Financial Times and Forbes due to our client innovations, our cultural diversity and dedicated training and career paths. Infosys is on the Germany’s top employers list for 2023. Management Consulting Magazine named us on their list of Best Firms to Work for. Furthermore, Infosys has been recognized by the Top Employers Institute, a global certification company, for its exceptional standards in employee conditions across Europe for five years in a row.

We offer industry-leading compensation and benefits, along with top training and development opportunities so that you can grow your career and achieve your personal ambitions. Curious to learn more? We’d love to hear from you.... Apply today!

XML job scraping automation by YubHub