Cyber Risk Manager

Location: GSK house UK / USA (Upper Providence)

We’re moving towards a more sustainable future with our new headquarters. With better public transport links and proximity to world-class science and technology institutions, we’re excited for our move to the vicinity of Earnshaw Street, London WC1A (“the New HQ”).by end H1 2024. Flexible working available (Office 2-3 days a week)

The primary purpose of this position is to partner with the business unit to embed the concept of “secure by design” by influencing projects and operations to implement proportionate cyber security coverage throughout the development Lifecyle.

This is achieved by acting as a cyber security focal point for the business, acting as a conduit to other security teams (such as Cyber Security Operations, Governance Risk and Compliance and Architecture and Engineering) as required to meet business needs.

CSO Cyber Risk Manager, will play a crucial role to build a cyber risk and resilience program for GSK. Leveraging technical expertise and business acumen to balance risk and communicate risks to key business leaders. This role will be responsible for identifying, analyzing, and influencing the management of security risks across the business functions. The role will report into the Cyber Risk & Assurance Director.

Your Key Responsibilities Will Include

• Thought leadership, Influence and Deliver Cyber Risk Assurance
• Responsible for holding to account operational areas, owners of risk and suppliers to deliver against the Cyber Security Office (CSO) strategy, programs and requirements as it is relevant to the assigned (aligned) business unit.
• To partner effectively with the business, GRC and the wider Tech Security/Risk teams to eliminate overlaps and provide a holistic and consistent cyber security position including key initiatives such as resilience.
• Responsible for supporting GSK Incident Response protocols within the aligned business unit at the direction of the line manager – Product Cyber Risk Directory
• To ensure consistent and continual alignment to the business and CSO strategy through oversight of the Cyber Risk Management framework, activities and processes including all aspects of the metrics/reporting.
• Monitor and drive rollout of the cyber governance, risk, and compliance program for information security, ensuring that operational controls, procedures, and resources are in place to effectively identify and manage risk
• To guide business owners and relevant stakeholders throughout the entire delivery lifecycle ensuring that information security is considered in a proportionate and tailored way
• Support program that developed metrics to measure, report, and enable decision making regarding organizational controls, compliance and policy effectiveness;
• Facilitate process and walkthrough discussions to document end-to-end business processes, functional requirements, identify key cyber risks and exposures, and advocate for control design.
• Perform risk assessments, business impact analyses, and continuously strengthen the corporate business continuity program and framework.
• Maintain current knowledge of cyber risk management requirements and accreditation standards and monitor changes in technology impacting security & risk posture.
• To serve as a coach and mentor to peers and engage in upskilling activities for the overall team
• Identify and implement areas of duplication and propose ways of eliminating duplication to bring cost effectiveness and efficiency
• Partner with outsourced third-party provider in effectively providing a cyber risk service reducing response times and improving on integration and automation
• To provide support to the Product Cyber Risk & Assurance Director

Why you?

Basic Qualifications:

General

• Deep experience and knowledge across different frameworks and standards such as ISO 27001, NIST, CIS etc.
• Demonstrated experience and understanding of cyber security principles, IT security controls, and related technologies and products
• Stakeholder/ internal business management experience
• Strong verbal/written communication in English, with the ability to effectively interact with professionals at all levels of responsibility and authority
• Ability to prioritize, delegate, and foster the development of high-performance teams to lead/support an environment driven by customer service and teamwork
• Working with virtual teams located in different countries around the world, aligning and adapting different work, culture and communication styles.
• Exposure to any GRC technologies to conduct cyber risk management

Preferred Qualifications:

• Experience with interfacing business functions and ensuring that security is built-in as part of the processes.

Why GSK?

GSK is a global biopharma company with a special purpose – to unite science, technology and talent to get ahead of disease together – so we can positively impact the health of billions of people and deliver stronger, more sustainable shareholder returns – as an organisation where people can thrive.

Getting ahead means preventing disease as well as treating it, and we aim to impact the health of 2.5 billion people around the world in the next 10 years. Our R&D focus is to deliver a new generation of vaccines and medicines using the science of the immune system, human genetics and advanced technologies to get ahead of infectious diseases, HIV, cancer and other immune-mediated and respiratory diseases. We do all this with a commitment to operate responsibly for all our stakeholders by prioritising Innovation, Performance and Trust.

Our bold ambitions for patients are reflected in new commitments to growth and a significant step-change in delivery over the next five years. This means more GSK vaccines and medicines, including innovative new products, will reach more people who need them than ever before.

We have long believed that building trust is key to stronger performance, helping to create value for shareholders, impact for patients and society and a reason outstanding people choose to work for and with us. That’s why being a responsible business is an integral part of our strategy. Taking action on environmental, social and governance issues is a key driver in our strategy.

Our success absolutely depends on our people. While getting ahead of disease together is about our ambition for patients and shareholders, it’s also about making GSK a place where people can thrive. We want GSK to be a place where people feel inspired, encouraged and challenged to be the best they can be. A place where they can be themselves – feeling welcome, valued and included. Where they can keep growing and look after their wellbeing. So, if you share our ambition, join us at this exciting moment in our journey to get Ahead Together.

GSK is a global biopharma company with a special purpose – to unite science, technology and talent to get ahead of disease together – so we can positively impact the health of billions of people and deliver stronger, more sustainable shareholder returns – as an organisation where people can thrive. Getting ahead means preventing disease as well as treating it, and we aim to positively impact the health of 2.5 billion people by the end of 2030.

Our success absolutely depends on our people. While getting ahead of disease together is about our ambition for patients and shareholders, it’s also about making GSK a place where people can thrive. We want GSK to be a workplace where everyone can feel a sense of belonging and thrive as set out in our Equal and Inclusive Treatment of Employees policy. We’re committed to being more proactive at all levels so that our workforce reflects the communities we work and hire in, and our GSK leadership reflects our GSK workforce.

As an Equal Opportunity Employer, we are open to all talent. In the US, we also adhere to Affirmative Action principles. This ensures that all qualified applicants will receive equal consideration for employment without regard to neurodiversity, race/ethnicity, colour, national origin, religion, gender, pregnancy, marital status, sexual orientation, gender identity/expression, age, disability, genetic information, military service, covered/protected veteran status or any other federal, state or local protected class*(*US only).

We believe in an agile working culture for all our roles. If flexibility is important to you, we encourage you to explore with our hiring team what the opportunities are.

Should you require any adjustments to our process to assist you in demonstrating your strengths and capabilities contact us on Ukdiversity.recruitment@gsk.com or 0808 234 4391. Please note should your enquiry not relate to adjustments, we will not be able to support you through these channels

As you apply, we will ask you to share some personal information which is entirely voluntary. We want to have an opportunity to consider a diverse pool of qualified candidates and this information will assist us in meeting that objective and in understanding how well we are doing against our inclusion and diversity ambitions. We would really appreciate it if you could take a few moments to complete it. Rest assured, Hiring Managers do not have access to this information and we will treat your information confidentially.

Important notice to Employment businesses/ Agencies

GSK does not accept referrals from employment businesses and/or employment agencies in respect of the vacancies posted on this site. All employment businesses/agencies are required to contact GSK's commercial and general procurement/human resources department to obtain prior written authorization before referring any candidates to GSK. The obtaining of prior written authorization is a condition precedent to any agreement (verbal or written) between the employment business/ agency and GSK. In the absence of such written authorization being obtained any actions undertaken by the employment business/agency shall be deemed to have been performed without the consent or contractual agreement of GSK. GSK shall therefore not be liable for any fees arising from such actions or any fees arising from any referrals by employment businesses/agencies in respect of the vacancies posted on this site.

Please note that if you are a US Licensed Healthcare Professional or Healthcare Professional as defined by the laws of the state issuing your license, GSK may be required to capture and report expenses GSK incurs, on your behalf, in the event you are afforded an interview for employment. This capture of applicable transfers of value is necessary to ensure GSK’s compliance to all federal and state US Transparency requirements. For more information, please visit GSK’s Transparency Reporting For the Record site.