Job Description

Ready to help shape the future of healthcare?

At GSK, we have already delivered unprecedented change over the past four years, improving R&D, becoming a leader in Consumer Healthcare, strengthening our leadership, and transforming our commercial execution. Now, we\xe2\x80\x99re making the most significant changes we\xe2\x80\x99ve made to our business in over 20 years. We\xe2\x80\x99re on track to separate and create two new companies in 2022: New GSK with a leading portfolio of vaccines and specialty medicines as well as R&D based on immune system and genetics science; and a new world-leading consumer healthcare company of loved and trusted brands.

With new ambition comes new purpose. For New GSK, this is to unite science, talent, and technology to get ahead of disease together \xe2\x80\x93 all with the clear ambition of delivering human health impact; stronger and more sustainable shareholder returns; and as a new GSK where outstanding people thrive.

Getting ahead means preventing disease as well as treating it. How we do all this is through our people and our culture. A culture that is ambitious for patients \xe2\x80\x93 so we deliver what matters better and faster; accountable for impact \xe2\x80\x93 with clear ownership of goals and support to succeed; and where we do the right thing. So, if you\xe2\x80\x99re ready to improve the lives of billions, join us at this exciting moment in our journey. Join our challenge to get Ahead Together.

We have an exciting opportunity for an experienced cloud security manager to join a growing cloud security team in GSKs Cyber Security Office (CSO). You will work closely with senior stakeholders and cross-functional product teams to embed and enhance GSKs cloud security governance and capabilities, accelerating delivery of our business objectives, cloud migration and digital transformation initiative.

You will need to be comfortable working in a fast-paced agile environment and have experience working with multiple security and governance groups, central IT, developer, and system integrator teams, based across multiple geographies and in different organisations.

This role offers the opportunity to use a wide range of skills to deliver an enterprise cloud security program supporting modern architecture patterns and technologies.

The ideal candidate will combine excellent technical skills and communication expertise with a collaborative approach to ensure optimal stakeholder alignment with our cloud security strategy.

Key Responsibilities

• Build and maintain cloud security governance framework for multi-cloud environment including Microsoft Azure, GCP and AWS.
• Build and maintain a network of key stakeholders across security teams, central IT teams, business tech and developer groups to understand future state cloud requirements and roadmaps.
• Define and align cloud security standards, frameworks and policies with overall business and technology strategy and drive implementation of processes and tools to monitor and enforce compliance.
• Define and periodically review cloud service security controls and guidance documentation for all IaaS & PaaS services, balancing business objectives with information and cyber security requirements.
• Define security guidance and best practice for all IaaS & PaaS services to supplement security controls.
• Define and periodically review cloud service security controls and governance for sanctioned and unsanctioned SaaS platforms.
• Drive the cloud security conversation within cyber security office, central team and business unit senior stakeholders and workload owners.
• Provide cloud security architecture review for large scale cloud projects and platforms providing recommended changes or enhancements to ensure alignment with secure by design principles.
• Provide cloud security consultancy to cyber risk assurance and governance risk and compliance teams for solution architecture reviews.
• Identify and communicate current and emerging security threats.
• Maintain technical skills and knowledge, keeping up to date with market trends and competitive insights.

Basic qualifications:

• Total 16+ years of experience and minimum of 8 years working as an information security professional and at least 3 years working as a cloud security professional.
• Graduate level or equivalent education.
• Expert level security knowledge of Azure, GCP and AWS.
• Proven experience in security architecture and security by design reviews of cloud native solutions, leveraging containers, micro-services, APIs, PaaS capabilities such as data storage, databases and data processing technologies, and identity & access management suites on Azure, GCP and AWS.
• Proven experience of security reviews and threat modelling for cloud hosted solutions leveraging Generative AI cloud services.
• Demonstrated experience and understanding of cyber security principles, IT security controls, and related technologies and products.
• Demonstrated experience of network security related to cloud network virtualisation and associated security controls.
• Demonstrated experience of identity and access management related to securing cloud platforms and workloads.
• Strong stakeholder management skills.
• Strong verbal/written communication in English, with the ability to effectively interact with professionals at all levels of responsibility and authority, both technical and non-technical.
• Ability to work with virtual teams located in different countries around the world, aligning and adapting different work, culture, and communication styles.

Desirable qualifications:

• Security based industry certification such as ISC2 CISSP
• Pharmaceutical industry experience would be a benefit but not essential.
• Cloud agnostic industry certification in cloud security such as ISC2 CCSP and/or CSA CCSK
• Cloud Service Provider security certifications such as Microsoft AZ-500, Google Security Engineer, AWS Security Engineer
• Experience with SABSA and Archimate

At GSK we value diversity (Gender, LGBTQ +, PwD etc.) and treat all candidates equally. We aim to create an inclusive workplace where all employees feel engaged, supportive of one another, and know their work makes an important contribution.

#LI-GSK

Why Us?

GSK is a global biopharma company with a special purpose \xe2\x80\x93 to unite science, technology and talent to get ahead of disease together \xe2\x80\x93 so we can positively impact the health of billions of people and deliver stronger, more sustainable shareholder returns \xe2\x80\x93 as an organization where people can thrive. Getting ahead means preventing disease as well as treating it, and we aim to positively impact the health of 2.5 billion people by the end of 2030.

Our success absolutely depends on our people. While getting ahead of disease together is about our ambition for patients and shareholders, it\xe2\x80\x99s also about making GSK a place where people can thrive. We want GSK to be a workplace where everyone can feel a sense of belonging and thrive as set out in our Equal and Inclusive Treatment of Employees policy. We\xe2\x80\x99re committed to being more proactive at all levels so that our workforce reflects the communities we work and hire in, and our GSK leadership reflects our GSK workforce.

Important notice to Employment businesses/ Agencies

GSK does not accept referrals from employment businesses and/or employment agencies in respect of the vacancies posted on this site. All employment businesses/agencies are required to contact GSK\'s commercial and general procurement/human resources department to obtain prior written authorization before referring any candidates to GSK. The obtaining of prior written authorization is a condition precedent to any agreement (verbal or written) between the employment business/ agency and GSK. In the absence of such written authorization being obtained any actions undertaken by the employment business/agency shall be deemed to have been performed without the consent or contractual agreement of GSK. GSK shall therefore not be liable for any fees arising from such actions or any fees arising from any referrals by employment businesses/agencies in respect of the vacancies posted on this site.

It has come to our attention that the names of GlaxoSmithKline or GSK or our group companies are being used in connection with bogus job advertisements or through unsolicited emails asking candidates to make some payments for recruitment opportunities and interview. Please be advised that such advertisements and emails are not connected with the GlaxoSmithKline group in any way.

GlaxoSmithKline does not charge any fee whatsoever for recruitment process. Please do not make payments to any individuals / entities in connection with recruitment with any GlaxoSmithKline (or GSK) group company at any worldwide location. Even if they claim that the money is refundable.

If you come across unsolicited email from email addresses not ending in gsk.com or job advertisements which state that you should contact an email address that does not end in \xe2\x80\x9cgsk.com\xe2\x80\x9d, you should disregard the same and inform us by emailing askus@gsk.com, so that we can confirm to you if the job is genuine.

GlaxoSmithKline