Principal - Cyber Risk and Assurance

**Site Name**: Bengaluru Luxor North Tower
**Posted Date**: Sep 13 2024

Our Cyber Security organisation enables GSK to take on some of the biggest healthcare challenges in the world by protecting our business, customers, and patients from cyber risks. We are investing in growing our Cyber Security teams because they play a pivotal role as the nature and types of threats get more sophisticated.

In this ever-evolving digital and technology landscape, it is critical to stay on top of issues that could cause us harm. This requires a deep understanding of cybersecurity concepts, techniques, and trends along with critical thinking. Our Cyber Security teams are continuously learning and developing their skills to protect against bad actors, allowing GSK to stay focused on what matters most - getting ahead of disease together.

**Job Purpose: -**

The primary purpose of this position is to partner with the business and global support functions to embed the concept of “secure by design” by influencing projects and operations to implement proportionate cyber security coverage throughout the development Lifecyle.

This is achieved by acting as a cyber security focal point for the business, acting as a conduit to other security teams (such as Cyber Security Operations, Governance Risk and Compliance and Architecture and Engineering) as required to meet business needs.

**Key Responsibilities**:
- To identify, document and report business cyber risks to senior stakeholders and positively influence the cyber security posture
- Formally assess and evaluate cyber security risks related to business projects, determine the potential impact of those risks, and conduct follow-up on any necessary remediation efforts. Ensure that IT solutions and business processes comply with GSK’s policies, controls and applicable legal and regulatory requirements whilst also ensuring that business objectives are met
- Collaborate with internal third-party relationship owners and third-party representatives to recommend necessary security and privacy controls to effectively mitigate risks to GSK
- Evangelize third-party risk management processes across business lines to help influence a strong culture of proactive awareness for third-party security risks
- To guide business owners and relevant stakeholders throughout the entire delivery lifecycle ensuring that information security is considered in a proportionate and tailored way
- To carry out expert security assessments in supporting the business and global support functions utilising a thorough understanding of pharma and effectively create/monitor delivery of the remediation plans on identified risks and support on all levels within the business.
- To partner effectively with the business, GRC and the wider Tech Security/Risk teams to eliminate overlaps and provide a holistic and consistent cyber security position including key initiatives such as cyber incidents and resilience.
- To ensure consistent and continual alignment to the business and TSR strategy through oversight of the Cyber Risk Management framework, activities and processes including all aspects of the metrics/reporting.
- To contribute to the development of global cyber security baselines, guidelines, standards, policies and procedures
- Maintain current knowledge of cyber risk management requirements and accreditation standards and monitor changes in technology impacting security & risk posture.
- To serve as a coach and mentor to peers and engage in upskilling activities for the overall team
- Identifying and implementing automation initiatives like control testing to enhance the delivery time and improve efficiency
- Identify and implement areas of duplication and propose ways of eliminating duplication to bring cost effectiveness and efficiency
- Partner with outsourced third-party provider in effectively providing a cyber risk service reducing response times and improving on integration and automation

**Job-Related Experience sections above that are required for the job: -**
- Experience and knowledge across different frameworks and standards such as ISO 27001, NIST, CIS etc.
- CISSP, CISM
- Demonstrated experience and understanding of cyber security principles, IT security controls, and related technologies and products
- Experience in working with outsourced providers and bringing positive changes to the organisation by working in partnership
- Prior experience in conducting cyber Security risk assessments and 3rd party security and data privacy assessments
- Stakeholder/ internal business management experience
- Strong verbal/written communication in English, with the ability to effectively interact with professionals at all levels of responsibility and authority
- Ability to prioritize, delegate, and foster the development of high-performance teams to lead/support an environment driven by customer service and teamwork
- Work with virtual teams located in different countries around the world, aligning and a