Our Cyber Security organisation enables GSK to take on some of the biggest healthcare challenges in the world by protecting our business, customers, and patients from cyber risks. We are investing in growing our Cyber Security teams because they play a pivotal role as the nature and types of threats get more sophisticated. In this ever-evolving digital and technology landscape, it is critical to stay on top of issues that could cause us harm. This requires a deep understanding of cybersecurity concepts, techniques, and trends along with critical thinking. Our Cyber Security teams are continuously learning and developing their skills to protect against bad actors, allowing GSK to stay focused on what matters most – getting ahead of disease together. Job Purpose: - The primary purpose of this position is to partner with the business and global support functions to embed the concept of “secure by design” by influencing projects and operations to implement proportionate cyber security coverage throughout the development Lifecyle. This is achieved by acting as a cyber security focal point for the business, acting as a conduit to other security teams (such as Cyber Security Operations, Governance Risk and Compliance and Architecture and Engineering) as required to meet business needs. Key Responsibilities: - To identify, document and report business cyber risks to senior stakeholders and positively influence the cyber security posture Provide high level SME support and guidance in identifying and managing risks in all cores of cyber security like data, application, cloud, IAM etc. Formally assess and evaluate cyber security risks related to business projects, determine the potential impact of those risks, and conduct follow-up on any necessary remediation efforts. Ensure that IT solutions and business processes comply with GSK’s policies, controls and applicable legal and regulatory requirements whilst also ensuring that business objectives are met Collaborate with internal third-party relationship owners and third-party representatives to recommend necessary security and privacy controls to effectively mitigate risks to GSK Evangelize third-party risk management processes across business lines to help influence a strong culture of proactive awareness for third-party security risks To guide business owners and relevant stakeholders throughout the entire delivery lifecycle ensuring that information security is considered in a proportionate and tailored way To carry out expert security assessments in supporting the business and global support functions utilising a thorough understanding of pharma and effectively create/monitor delivery of the remediation plans on identified risks and support on all levels within the business. To partner effectively with the business, GRC and the wider Tech Security/Risk teams to eliminate overlaps and provide a holistic and consistent cyber security position including key initiatives such as cyber incidents and resilience. To ensure consistent and continual alignment to the business and TSR strategy through oversight of the Cyber Risk Management framework, activities and processes including all aspects of the metrics/reporting. To contribute to the development of global cyber security baselines, guidelines, standards, policies and procedures Ability to support multiple teams to conduct threat modelling exercises for applications on an ongoing basis and embed strong cyber controls around data governance within business processes Maintain current knowledge of cyber risk management requirements and accreditation standards and monitor changes in technology impacting security risk posture. To serve as a coach and mentor to peers and engage in upskilling activities for the overall team Identifying and implementing automation initiatives like control testing to enhance the delivery time and improve efficiency Identify and implement areas of duplication and propose ways of eliminating duplication to bring cost effectiveness and efficiency Partner with outsourced third-party provider in effectively providing a cyber risk service reducing response times and improving on integration and automation Job-Related Experience sections above that are required for the job: - Experience and knowledge across different frameworks and standards such as ISO 27001, NIST, CIS etc. CISSP, CISM Demonstrated experience and understanding of cyber security principles, IT security controls, and related technologies and products Experience in working with outsourced providers and bringing positive changes to the organisation by working in partnership Prior experience in conducting cyber Security risk assessments and 3rd party security and data privacy assessments Stakeholder/ internal business management experience Strong verbal/written communication in English, with the ability to effectively interact with professionals at all levels of responsibility and authority Ability to prioritize, delegate, and foster the development of high-performance teams to lead/support an environment driven by customer service and teamwork Work with virtual teams located in different countries around the world, aligning and adapting different work, culture and communication styles. Exposure to any GRC technologies to conduct cyber risk management At GSK we value diversity (Gender, LGBTQ +, PwD etc.) and treat all candidates equally. We aim to create an inclusive workplace where all employees feel engaged, supportive of one another, and know their work makes an important contribution. #GSKcso Why Us? GSK is a global biopharma company with a special purpose – to unite science, technology and talent to get ahead of disease together – so we can positively impact the health of billions of people and deliver stronger, more sustainable shareholder returns – as an organization where people can thrive. Getting ahead means preventing disease as well as treating it, and we aim to positively impact the health of 2.5 billion people by the end of 2030. Our success absolutely depends on our people. While getting ahead of disease together is about our ambition for patients and shareholders, it’s also about making GSK a place where people can thrive. We want GSK to be a workplace where everyone can feel a sense of belonging and thrive as set out in our Equal and Inclusive Treatment of Employees policy. We’re committed to being more proactive at all levels so that our workforce reflects the communities we work and hire in, and our GSK leadership reflects our GSK workforce. Important notice to Employment businesses/ Agencies GSK does not accept referrals from employment businesses and/or employment agencies in respect of the vacancies posted on this site. All employment businesses/agencies are required to contact GSK's commercial and general procurement/human resources department to obtain prior written authorization before referring any candidates to GSK. The obtaining of prior written authorization is a condition precedent to any agreement (verbal or written) between the employment business/ agency and GSK. In the absence of such written authorization being obtained any actions undertaken by the employment business/agency shall be deemed to have been performed without the consent or contractual agreement of GSK. GSK shall therefore not be liable for any fees arising from such actions or any fees arising from any referrals by employment businesses/agencies in respect of the vacancies posted on this site. It has come to our attention that the names of GlaxoSmithKline or GSK or our group companies are being used in connection with bogus job advertisements or through unsolicited emails asking candidates to make some payments for recruitment opportunities and interview. Please be advised that such advertisements and emails are not connected with the GlaxoSmithKline group in any way. GlaxoSmithKline does not charge any fee whatsoever for recruitment process. Please do not make payments to any individuals / entities in connection with recruitment with any GlaxoSmithKline (or GSK) group company at any worldwide location. Even if they claim that the money is refundable. If you come across unsolicited email from email addresses not ending in gsk.com or job advertisements which state that you should contact an email address that does not end in “gsk.com”, you should disregard the same and inform us by emailing *****@******.com, so that we can confirm to you if the job is genuine. We are a global biopharma company with a special purpose – to unite science, technology and talent to get ahead of disease together – so we can positively impact the health of billions of people and deliver stronger, more sustainable shareholder returns – as an organisation where people can thrive. Getting ahead means preventing disease as well as treating it, and we aim to impact the health of 2.5 billion people around the world in the next 10 years. Our success absolutely depends on our people. While getting ahead of disease together is about our ambition for patients and shareholders, it’s also about making GSK a place where people can thrive. We want GSK to be a place where people feel inspired, encouraged and challenged to be the best they can be. A place where they can be themselves – feeling welcome, valued and included. Where they can keep growing and look after their wellbeing. So, if you share our ambition, join us at this exciting moment in our journey to get Ahead Together. Find out more on our career site.