Governance Risk and Compliance (GRC) Specialist

Overview:

The Specialist, Governance, Risk and Compliance demonstrates a high level of professionalism, prioritizing the effective management of cybersecurity governance, risk, and compliance activities. This role will perform, and continuously improve Risk Management assessments, risk registration, prioritized risk remediation, third party and application evaluations, and will maintain the risk register in Bunge’s Governance, Risk and Compliance automation to support the overall effectiveness of the BT organization in alignment with Risk Management standards (e.g., NIST 800-30, 800-37, NIST CSF 2.0). 

Essential Functions:

• Serve as liaison to coordinate Governance, Risk, and Compliance activities with key stakeholders to enable effective Cybersecurity, risk assessment, risk registering exceptions management, issue management and the alignment against applicable industry best practices (e.g. NIST, ISO, COBIT, PCI DSS) as needed.
• Define and identify control gaps, provide recommendations for control process improvements, and support control owners’ corrective action plans for remediation. 
• Conduct risk assessments, internal audits, and investigations to identify and address potential compliance issues.  
• Conduct end-to-end third-party risk assessments, including inherent risk, due diligence reviews, and ongoing monitoring of vendors and service providers.
• Perform risk analysis and document findings, including identification of control gaps, risk ratings, and recommended remediation actions aligned with organizational risk appetite.
• Track and follow up on remediation activities for identified vendor risks, ensuring timely closure and proper documentation of risk treatment or acceptance.
• Stay informed on evolving regulatory requirements, cybersecurity threats, and industry best practices related to third-party and supply chain risk.
• Participate in continuous improvement initiatives, including automation, process optimization, and integration of TPRM within broader enterprise risk management frameworks.
• Provide subject matter expertise on third-party risk management concepts and advise stakeholders on risk-based decision-making.
• Effectively utilize process automation and reporting through Bunge’s Governance, Risk and Compliance (GRC) automation – Optro Infosec. 
• Actively collaborate and support partner functions across Bunge’s Governance, Risk and Compliance functions, and with stakeholders throughout BT and Cybersecurity. 
• Executes short to mid-term strategic initiatives driven by the department, including collaboration with partner Governance, Risk and Compliance functions. 
• Recognized as an expert, both internally & external to Bunge in the design, performance and continuous improvement of governance, risk and compliance related services and capabilities.   
• Supports the evaluation, prioritization, registration, monitoring, and mitigation of of risks and compliance and control deficiencies through collaboration with various functions within BT and across various Bunge business stakeholder groups (e.g., Internal Audit, Legal, Compliance, Privacy). 
• Leverage industry experience and knowledge of applicable best practices, frameworks, and guidance to define effective programs, monitor and strengthen internal controls, risk-prioritize requisite remediation, and to improve the overall posture of Bunge’s BT and Cybersecurity internal control environment. 
• Solve highly complex, multidimensional problems that require extensive investigation and advanced application of expertise to determine root cause, to advise leadership on appropriate remediation methods, and to mitigate or remediate internal controls to an acceptable level of residual risk, across various functional areas of Business Technology and Cybersecurity, including longstanding or unprecedented improvements without a historical precedent. 
• Leverage both a measured reactive and a deliberate proactive approach to the assurance and continuous improvement of BT and Cybersecurity internal controls, staying informed of emerging industry trends and techniques and changes in regulations to ensure continuous compliance. 
• Effectively partner with colleagues within Bunge’s Governance, Risk and Compliance function, across BT and Cybersecurity, and with various business stakeholders to ensure the adequacy and sufficiency of internal controls and supporting capabilities.  
• Actively contribute to large global projects that include governance, risk and compliance related capabilities and scope to ensure adherence to applicable policies, assurance of control performance, and the achievement of team and program goals.  
• Educate BT leadership and functional areas about design adequacy, operating effectiveness, and techniques to ensure continuous compliance and improvement over their internal controls.  

Qualifications:

• Bachelor's degree in computer science or information systems, risk management, accounting, finance, or equivalent combination of education and work experience. 
• 7+ years of experience in compliance and controls assurance, internal audit, or a related field. 
• Extensive knowledge of IT/Cyber Risk Management practices and frameworks required.  
• Demonstrated experience in the monitoring and improvement of Information Technology general controls, Cybersecurity controls, and/or compliance programs required. 
• Solid understanding of Governance, Risk and Compliance methodologies and effective automation through GRC tooling.
• Nice to have: Experience with Optro InfoSec preferred (i.e., Cyber Risk Management and Third-Party Risk Management modules). 
• Proven experience implementing Information Technology and Cybersecurity frameworks required.  Possible examples include, but not limited to: COBIT, NIST CSF 2.0, ISO 27k, NIST 800-30, NIST 800-37, NIST 800-161, NIST 800-53. 
• Certifications such as CISA, CRISC, CGEIT or CISSP preferred.  
• Ability to manage and execute numerous parallel activities in a fast-paced, dynamic environment. 
• Ability to build and maintain constructive and collaborative working relationships with a diverse community throughout the organization. 
• Ability to effectively communicate and articulate risk management in both written and verbal manner to influence both technical and non-technical audiences at all levels of the company including executives. 
• Excellent analytical and problem-solving skills. 
• Actively shapes our company culture (e.g., supporting employee resource groups, mentoring employees, volunteering, joining cross-functional projects). 
• Champions our cultural norms (e.g., willing to have cameras when it matters, helping onboard new team members, building relationships, etc.). 
• Demonstrate a company ownership mindset, thinking beyond boundaries of their own area and responsibilities. 
• Ability to work with limited direct management to participate in governance, risk and compliance related efforts, improve practices, coordinate cross functional activities and to successfully deliver strategic outcomes. 
• Recognized as an expert in risk management and third-party risk management. 
• Can apply both a measured reactive and a deliberate proactive approach to the assurance and continuous improvement of BT and Cybersecurity internal controls, staying informed of emerging industry trends, risks and techniques and changes in regulations to ensure continuous compliance. 
• Leverage industry experience and knowledge of applicable best practices (e.g., COBIT, NIST CSF, ISO 27k, NIST 800-30, NIST 800-37, NIST 800-161, NIST 800-53) frameworks, and guidance to establish effective governance, strengthen internal controls, risk-prioritize requisite remediation, and to improve the overall posture of Bunge’s BT and Cybersecurity programs. 
• Apply expertise to determine root cause, to advise leadership on appropriate remediation methods, and to mitigate or remediate internal controls to an acceptable level of residual risk, across various functional areas of Business Technology and Cybersecurity, including longstanding or unprecedented improvements without a historical precedent.  
• Ability to work independently and as part of a cross functional team. 

#LI-MŚ1

At Bunge (NYSE: BG), our purpose is to connect farmers to consumers to deliver essential food, feed and fuel to the world. As a premier agribusiness solutions provider, our team of ~34,000 dedicated employees partner with farmers across the globe to move agricultural commodities from where they’re grown to where they’re needed—in faster, smarter, and more efficient ways. We are a world leader in grain origination, storage, distribution, oilseed processing and refining, offering a broad portfolio of plant-based oils, fats, and proteins. We work alongside our customers at both ends of the value chain to deliver quality products and develop tailored, innovative solutions that address evolving consumer needs. With 200+ years of experience and presence in over 50 countries, we are committed to strengthening global food security, advancing sustainability, and helping communities prosper where we operate. Bunge has its registered office in Geneva, Switzerland and its corporate headquarters in St. Louis, Missouri. Learn more at Bunge.com.

Every day our people exemplify these values, which represent Bunge at its core:

•    We Are One Team – Collaborative, Respectful, Inclusive
•    We Lead The Way – Agile, Empowered, Innovative
•    We Do What’s Right – Safety, Sustainability, With Integrity

If this sounds like you, join us!  We value and invest in people who believe in our purpose and are excited to live it every day – people who are #ProudtoBeBunge