top of page

Product Cyber Risk & Assurance Director


Job Type

Job Function




On-Site or Remote

Job Type


Competitive salary and benefits

About the Role

*Job description* *Site Name:* UK - London - Brentford, Home Worker - USA, USA - Pennsylvania - Upper Providence *Posted Date:* Jan 23 2024 *Product Cyber Risk & Assurance Director* *Location: GSK House, London (UK) / USA - Homebased (EST time zone)* The primary purpose of this position is to partner with the business and global support functions to embed the concept of “secure by design” by influencing projects and operations to implement proportionate cyber security coverage throughout the development Lifecyle. This is achieved by acting as a cyber security focal point for the business, acting as a conduit to other security teams (such as Cyber Security Operations, Governance Risk and Compliance and Architecture and Engineering) as required to meet business needs. Director, Cyber Risk and Assurance will play a crucial role to build a cyber risk and resilience program for GSK. Leveraging technical expertise and business acumen to balance risk and communicate risks to key business leaders. This role will be responsible for identifying, analyzing, and influencing the management of security risks across the business functions. Role will inform the ROCC and ARC risk reporting, Tech RMCB and the Information Security Governance Board. *Key Responsibilities include, but are not limited to: * - Thought leadership, Influence and Deliver Cyber Risk Assurance - Establish strategic, comprehensive enterprise cyber risk program for business units, and drive security training efforts to ensure that the confidentiality, integrity, and availability of information is understood, owned, controlled, or processed - To partner effectively with the business, GRC and the wider Tech Security/Risk teams to eliminate overlaps and provide a holistic and consistent cyber security position including key initiatives such as cyber incidents and resilience. - To ensure consistent and continual alignment to the business and Cyber Risk & Assurance strategy through oversight of the Cyber Risk Management framework, activities and processes including all aspects of the metrics/reporting. - Build up new capabilities to enable better control testing and validation - Monitor and drive rollout of the cyber governance, risk, and compliance program for information security, ensuring that operational controls, procedures, and resources are in place to effectively identify and manage risk - Establish strategic, comprehensive enterprise cyber risk program, including any and drive security training efforts to ensure that the confidentiality, integrity, and availability of information is understood, owned, controlled, or processed - Create/manage the technology information security risk assessment strategy, including strategy design, assessment execution, and coordination with audit and compliance teams on key infrastructure and information security related controls that are tested within a variety of different audit projects - Evaluate information security key risk indicators and changes in risk profile driven by incidents, internal and external loss events, independent control evaluations (e.g., audits, assessments, SOX, GDPR and compliance testing), and self-identified issues. - To guide business owners and relevant stakeholders throughout the entire delivery lifecycle ensuring that information security is considered in a proportionate and tailored way - Enhance and/or transform existing capabilities to drive efficiencies across Business Functions - Create program that develop metrics to measure, report, and enable decision making regarding organizational controls, compliance, and policy effectiveness. - Contribute to the innovation and automation of cyber risk management, including identification of areas for process improvement using data and analytics and intelligent automation technologies and defining strategic planning of implementation. - Facilitate process and walkthrough discussions to document end-to-end business processes, functional requirements, identify key cyber risks and exposures, and advocate for control design. - Consider the application of legal and regulatory requirements to company’s risk management practices. - Perform risk assessments, business impact analyses, and tests of business continuity plans and continuously strengthen the corporate business continuity program and framework. - Partner with management to ensure that business continuity is ensured both internally and with third-party vendors and partners. - Maintain current knowledge of cyber risk management requirements and accreditation standards and monitor changes in technology impacting security & risk posture. - To serve as a coach and mentor to peers and engage in upskilling activities for the overall team - Identifying and implementing automation initiatives like control testing to enhance the delivery time and improve efficiency - Identify and implement areas of duplication and propose ways of eliminating duplication to bring cost effectiveness and efficiency - Single point accountability for all Cyber Risk Activities with BU: Accountable for impeccable delivery and support for types of cyber risks with the business functions - No Trust Breaches: Accountable for ensuring that business functions have visibility on the cyber risks, and they manage and mitigate in a timely fashion. This includes ensuring they compliant with internal GSK security, risk management policies and practices, external regulatory and statutory requirements other local regulations applicable in the market we operate in. Ensure business continuity for all critical technology products. - Partner with outsourced third-party providers in effectively providing a cyber risk service reducing response times and improving on integration and automation *Why you? **Basic Qualifications:* We are looking for professionals with these required skills to achieve our goals: - Bachelors or master’s in computer science, or Technology disciplines preferred. - Strong cyber security experience - Experience and Track record in successful development and execution of Cyber Risk Function - Experience and Track record in using digital, data & analytics to drive better automation and efficiencies. - Senior stakeholder relationship experience is crucial. *Preferred Qualifications:* If you have the following characteristics, it would be a plus: - Work experience in Healthcare/Pharma or similar driving big transformation programs - Proven line management experience in prior roles, potentially leading staff and Managed service resources - Awareness of the regulatory trends within the pharmaceutical industry - Understanding of how Technology control frameworks operate (e.g., ITMS, Smart Controls) and how these are deployed. - Experience of operating in a Global environment with tact, diplomacy, and cultural sensitivity, including experience of leading a diverse team - Experience in interpreting policies, procedures and processes for ensuring compliance with risk management programs. - Knowledge of Tech Support processes, such as ITIL - Good knowledge of Secure by design - Knowledge of a combination of the following: - Deep experience and knowledge across different frameworks and standards such as - ISO 27001, NIST, CIS - Experience in driving significant changes across the organisation and partner with key business leaders to embed security culture - Ability to manage a large team and drive positive impact to people directly and indirectly - Demonstrated experience and understanding of cyber security principles, IT security controls, and related technologies and products - Deep expertise knowledge on third party risk to drive changes across various business functions *Interested in Joining the Team?* Please apply via our online portal providing your CV and Cover Letter. (Please take a personal copy of the Job Description, as this will not be available online post closure of the advert) *#GSKcso* *Closing Date: 3rd February 2024* We create a place where people can grow, be their best, be safe, and feel welcome, valued and included. We offer a competitive salary, an annual bonus based on company performance, healthcare and wellbeing programmes, pension plan membership, and shares and savings programme. We embrace modern work practises; our Performance with Choice programme offers a hybrid working model, empowering you to find the optimal balance between remote and in-office work. Discover more about our company wide benefits and life at GSK on our webpage *Life at GSK | GSK* *Why Us?* GSK is a global biopharma company with a special purpose – to unite science, technology and talent to get ahead of disease together – so we can positively impact the health of billions of people and deliver stronger, more sustainable shareholder returns – as an organization where people can thrive. Getting ahead means preventing disease as well as treating it, and we aim to positively impact the health of 2.5 billion people by the end of 2030. Our success absolutely depends on our people. While getting ahead of disease together is about our ambition for patients and shareholders, it’s also about making GSK a place where people can thrive. We want GSK to be a workplace where everyone can feel a sense of belonging and thrive as set out in our Equal and Inclusive Treatment of Employees policy. We’re committed to being more proactive at all levels so that our workforce reflects the communities we work and hire in, and our GSK leadership reflects our GSK workforce. As an Equal Opportunity Employer, we are open to all talent. In the US, we also adhere to Affirmative Action principles. This ensures that all qualified applicants will receive equal consideration for employment without regard to neurodiversity, race/ethnicity, colour, national origin, religion, gender, pregnancy, marital status, sexual orientation, gender identity/expression, age, disability, genetic information, military service, covered/protected veteran status or any other federal, state or local protected class*(*US only). We believe in an agile working culture for all our roles. If flexibility is important to you, we encourage you to explore with our hiring team what the opportunities are. Should you require any adjustments to our process to assist you in demonstrating your strengths and capabilities contact us on or 0808 234 4391. Please note should your enquiry not relate to adjustments, we will not be able to support you through these channels. However, we have created a UK Recruitment FAQ guide. Click the link and scroll to the Careers Section where you will find answers to multiple questions we receive . As you apply, we will ask you to share some personal information which is entirely voluntary. We want to have an opportunity to consider a diverse pool of qualified candidates and this information will assist us in meeting that objective and in understanding how well we are doing against our inclusion and diversity ambitions. We would really appreciate it if you could take a few moments to complete it. Rest assured, Hiring Managers do not have access to this information and we will treat your information confidentially. *Important notice to Employment businesses/ Agencies* GSK does not accept referrals from employment businesses and/or employment agencies in respect of the vacancies posted on this site. All employment businesses/agencies are required to contact GSK's commercial and general procurement/human resources department to obtain prior written authorization before referring any candidates to GSK. The obtaining of prior written authorization is a condition precedent to any agreement (verbal or written) between the employment business/ agency and GSK. In the absence of such written authorization being obtained any actions undertaken by the employment business/agency shall be deemed to have been performed without the consent or contractual agreement of GSK. GSK shall therefore not be liable for any fees arising from such actions or any fees arising from any referrals by employment businesses/agencies in respect of the vacancies posted on this site. Please note that if you are a US Licensed Healthcare Professional or Healthcare Professional as defined by the laws of the state issuing your license, GSK may be required to capture and report expenses GSK incurs, on your behalf, in the event you are afforded an interview for employment. This capture of applicable transfers of value is necessary to ensure GSK’s compliance to all federal and state US Transparency requirements. For more information, please visit GSK’s Transparency Reporting For the Record site. We’re moving towards a more sustainable future with our new headquarters. With better public transport links and proximity to world-class science and technology institutions, we’re excited for our move to the vicinity of Earnshaw Street, London WC1A (“the New HQ”) by end H1 2024.


About the Company

How to Apply

Closing Date

Heading 1

bottom of page