Principal - Cyber Risk and Assurance

**Site Name**: Bengaluru Luxor North Tower
**Posted Date**: Sep 3 2025

**Job Title**: Principal - Cyber Risk and Assurance

**Team Introduction**:
*(Placeholder section)*

**Position Summary**:
**Responsibilities**:
1. Identify, document, and report business cyber risks to senior stakeholders, positively influencing the cyber security posture.
3. Conduct formal cyber security risk assessments for business projects, ensuring compliance with GSK policies, controls, and regulatory requirements while meeting business objectives.
4. Collaborate with internal and external stakeholders to recommend security and privacy controls that mitigate risks effectively.
5. Guide business owners and stakeholders throughout the delivery lifecycle, ensuring tailored and proportionate information security measures.
6. Partner with global teams to align cyber risk management frameworks, metrics, and reporting with GSK’s strategy and initiatives.

**Qualifications/Skills**:
**Basic Qualifications**:
10+ years of cyber security risk assessments experience.
1. Bachelor’s degree in Cyber Security, Information Technology, Computer Science, or a related field.
2. Demonstrated experience in cyber security principles, IT security controls, and related technologies.
3. Experience conducting cyber security risk assessments and third-party security and data privacy evaluations.
4. Strong verbal and written communication skills in English, with the ability to interact effectively with professionals at all levels.
5. Knowledge of frameworks and standards such as ISO 27001, NIST, and CIS.
6. Ability to work with virtual teams across different countries, adapting to diverse work cultures and communication styles.

**Preferred Qualifications**:
1. Professional certifications such as CISSP, CISM, or equivalent.
2. Experience with Governance, Risk, and Compliance (GRC) technologies for cyber risk management.
3. Proven ability to prioritize, delegate, and foster high-performance teams in a customer-focused environment.
4. Experience working with outsourced providers to drive positive organizational changes.
5. Familiarity with automation initiatives to enhance efficiency in cyber risk management processes.

**Work Arrangement**:
This role is based in India and follows a hybrid work model, combining on-site and remote work flexibility.*This Position Description is to provide a framework for job understanding between employee and manager. It may not cover or contain the full listing of activities, duties or responsibilities that are required of the employee for this job. Duties, responsibilities and activities may change at any time with or without notice and at the discretion of the management of the Company. The position description is not used in the assignment or assessment of any GSK level or grade used in the Job Evaluation Process.*

**Why GSK?**
**Uniting science, technology and talent to get ahead of disease together.**

GSK is a global biopharma company with a purpose to unite science, technology and talent to get ahead of disease together. We aim to positively impact the health of 2.5 billion people by the end of the decade, as a successful, growing company where people can thrive. We get ahead of disease by preventing and treating it with innovation in specialty medicines and vaccines. We focus on four therapeutic areas: respiratory, immunology and inflammation; oncology; HIV; and infectious diseases - to impact health at scale.

People and patients around the world count on the medicines and vaccines we make, so we’re committed to creating an environment where our people can thrive and focus on what matters most. Our culture of being ambitious for patients, accountable for impact and doing the right thing is the foundation for how, together, we deliver for patients, shareholders and our people.

**Important notice to Employment businesses/ Agencies**

**GlaxoSmithKline does not charge any fee whatsoever for recruitment process. Please do not make payments to any individuals / entities in connection with recruitment with any GlaxoSmithKline (or GSK) group company at any worldwide location. Even if they claim that the money is refundable.