Job Description

The primary purpose of this position is to support the Director of Cyber Risk and Assurance and operationalise cyber risk assurance management practices within the business unit by embedding the concept of 'secure by design', driving Cyber Security Officer (CSO) initiatives within the business unit (BU) to reduce cyber security risk, improve the BU risk profile, and ensure effective risk management and reporting.


The role is accountable for embedding a culture of security within the business, ensuring cyber risks are understood, assessed, and effectively managed in alignment with enterprise policies and regulatory requirements. The Senior Principle - Cyber Risk & Assurance provides expert guidance, translates technical security risks into business terms ensuring effective risk-informed decision-making to protect critical assets, patients, and GSK intellectual property.


This demands effective stakeholder management and engagement, the Senior Principle - Cyber Risk & Assurance will focus on influencing key stakeholders, delivering CSO projects, programs, and initiatives that enhance cyber security resilience and ensure proportionate cyber security coverage throughout the BU operations.


Acting as a central point of contact for cyber security within the business unit, this position will coordinate with a range of cross-functional teams such as Training and Awareness, Third-Party Risk Management, Governance Risk and Compliance (GRC), Legal, Tech, Architecture and Engineering, and the full suite of CSO disciplines to meet business and security needs effectively.


Leveraging technical expertise and business acumen to balance and communicate security risks to key business leaders and stakeholders, this role will be responsible for identifying, analysing, prioritising and influencing the management and remediation of security risks across the BU, working with BU stakeholders to understand their objectives, key projects, and initiatives to ensure cyber security is considered at the outset to embed secure by design principles reducing likelihood of cyber risk and improve resilience.


The Senior Principle - Cyber Risk & Assurance shall support the Director of Cyber Risk and Assurance in the collation and delivery of Information Security Governance Meeting (ISGM) materials to Senior Business Unit Risk Owners (SBURO), ensuring all data is collected, checking for accuracy, and presented in the desired format to support effective and timely risk decision-making.


They shall further assist in ensuring all BU issues and risks are raised and comprehensively reviewed and approved within the integrated risk management platforms as applicable and perform high-level risk assessments, data gathering, analysis as necessary and presenting the results back to the BU, influencing key stakeholders to ensure effective remediation plans are developed and implemented.

Key Responsibilities

:


Leadership and Operational Delivery


Support the Director of Cyber Risk and Assurance in driving an effective cyber risk and assurance culture and strategy across the BU. Execute CSO projects and initiatives resulting from CSO strategy that impact the BU and report progress back to BU and Director of Cyber Risk and Assurance. Partner with the BU, GRC, Legal, and the wider CSO teams to eliminate overlaps and provide a holistic and consistent cyber security posture. Act as focal point for cyber security matters within the BU, ensuring alignment with the cyber risk framework, standards, and policies.
Risk Management and Reporting


Oversee and support Key Risk Indicator (KRI) metrics and risk profile reporting. Monitor and oversee the execution of risk assessments, exceptions/issues approvals, remediation plans, and general cyber risk management activities whilst monitoring adherence to SLAs and KPIs. Facilitate the development of metrics to measure, report, and enable effective risk decision making. Ensure the right stakeholders are engaged and notified at appropriate stages of risk identification, remediation and reporting.
Perform/assist risk assessments, business impact analyses, and tests of business continuity plans, and continuously strengthen the corporate business continuity program and framework Stakeholder Engagement and Cross-Functional Collaboration


Guide business owners and relevant stakeholders throughout the entire delivery lifecycle ensuring that information security is considered in a proportionate and tailored way Facilitate process and walkthrough discussions to document end-to-end business processes, functional requirements, identify key cyber risks and exposures, and advocate for control design.
Knowledge and Upskilling


Maintain current knowledge of cyber security and cyber risk management requirements and accreditation standards and monitor changes in technology impacting security & risk posture.


Engage in upskilling activities as necessary to maintain a high level of cyber security risk understanding. Propose ways of eliminating duplication and or automating tasks to ensure cost effectiveness and operational efficiency.
Third-Party Collaboration


Partner with outsourced third-party provider in effectively providing a cyber risk service reducing response times and improving on integration and automation. Part with BU stakeholder to negotiate with third-party representatives to ensure appropriate remediation of security gaps and protection of GKS information.

Minimum Level of Job-Related Experience Required

10+ years of cyber security experience Business engagement Interfacing with key business functions, senior leadership and ensuring that security and cyber risk management 'secure by design' is built-in as part of business unit operations.

General

Deep experience and knowledge across different frameworks and standards such as ISO 27001, NIST,CSF, CIS etc. Demonstrated experience and understanding of cyber security principles, cyber risk management, IT security controls, and related technologies and products Internal business and stakeholder management experience Strong verbal/written communication in English, with the ability to effectively interact with professionals at all levels of responsibility and authority Building and working with teams located in different countries around the world, aligning and adapting different work, culture and communication styles. Exposure to any technologies to conduct cyber risk management activities

Technical/Functional (Line) Expertise

Experience conducting risk assessments and applying concepts of inherent and residual risk to draw appropriate conclusions and articulate the same to non-technical audiences. Ability to effectively negotiate appropriate remediation of security gaps with third party representatives to ensure protection of GSK information.

Leadership

Influencing action across various business lines and geographies to achieve program objectives. Ability to effectively manage conflicting priorities in alignment with overall business and departmental strategies.

Decision-making and Autonomy

Serves as central point-of-contact for evaluating security risks across business units. Recommends and agrees with Line Manager the need for shifts in program strategy.

Interaction

Excellent people and program management skills to effectively balance unexpected and conflicting priorities as they arise Experience operating effectively across matrixed organizations Intercultural sensitivity

Innovation

Understand innovations and evolving best practices amongst industry practitioners to continually mature GSK's program. Ability to apply innovative approaches to balancing business constraints with program goals to identify win-win solutions.

Complexity

Global manager role with high stakeholder management requirement
Operate across geographies and across business lines. Collaborate effectively with relevant third parties and managed service provider.

Problem Solving & Innovation

This is a global manager role and will require the ability to understand business strategy and influence senior stakeholders to embed cyber risk management and mitigation into those strategies and into operations. Analyse methodically to examine the problem from all angles. This may include recreating the problem to understand the steps that caused it and reviewing data or error logs that may provide additional details about the problem to help gain a thorough understanding of the symptoms, cause and impact to better identify a solution. Trouble shooting identified problems about the possible cause and solution Strong decision-making abilities to ensure that the solution is the right fit for the business Identify and implement practical and innovative solutions to ensure business requirements are met and appropriate level of security is met Identify and implement automation techniques to ensure that problems are identified and mitigated effectively

Why GSK?

Uniting science, technology and talent to get ahead of disease together.

GSK is a global biopharma company with a purpose to unite science, technology and talent to get ahead of disease together. We aim to positively impact the health of 2.5 billion people by the end of the decade, as a successful, growing company where people can thrive. We get ahead of disease by preventing and treating it with innovation in specialty medicines and vaccines. We focus on four therapeutic areas: respiratory, immunology and inflammation; oncology; HIV; and infectious diseases - to impact health at scale.


People and patients around the world count on the medicines and vaccines we make, so we're committed to creating an environment where our people can thrive and focus on what matters most. Our culture of being ambitious for patients, accountable for impact and doing the right thing is the foundation for how, together, we deliver for patients, shareholders and our people.

Inclusion at GSK:

As an employer committed to Inclusion, we encourage you to reach out if you need any adjustments during the recruitment process.


Please contact our Recruitment Team at IN.recruitment-adjustments@gsk.com to discuss your needs.

Important notice to Employment businesses/ Agencies

GSK does not accept referrals from employment businesses and/or employment agencies in respect of the vacancies posted on this site. All employment businesses/agencies are required to contact GSK's commercial and general procurement/human resources department to obtain prior written authorization before referring any candidates to GSK. The obtaining of prior written authorization is a condition precedent to any agreement (verbal or written) between the employment business/ agency and GSK. In the absence of such written authorization being obtained any actions undertaken by the employment business/agency shall be deemed to have been performed without the consent or contractual agreement of GSK. GSK shall therefore not be liable for any fees arising from such actions or any fees arising from any referrals by employment businesses/agencies in respect of the vacancies posted on this site.


It has come to our attention that the names of GlaxoSmithKline or GSK or our group companies are being used in connection with bogus job advertisements or through unsolicited emails asking candidates to make some payments for recruitment opportunities and interview. Please be advised that such advertisements and emails are not connected with the GlaxoSmithKline group in any way.

GlaxoSmithKline does not charge any fee whatsoever for recruitment process. Please do not make payments to any individuals / entities in connection with recruitment with any GlaxoSmithKline (or GSK) group company at any worldwide location. Even if they claim that the money is refundable.

If you come across unsolicited email from email addresses not ending in gsk.com or job advertisements which state that you should contact an email address that does not end in "gsk.com", you should disregard the same and inform us by emailing askus@gsk.com , so that we can confirm to you if the job is genuine.