Senior Principle

The primary purpose of this position is to support the Director of Cyber Risk and Assurance and operationalise cyber risk assurance management practices within the business unit by embedding the concept of 'secure by design', driving Cyber Security Officer (CSO) initiatives within the business unit (BU) to reduce cyber security risk, improve the BU risk profile, and ensure effective risk management and reporting.

The role is accountable for embedding a culture of security within the business, ensuring cyber risks are understood, assessed, and effectively managed in alignment with enterprise policies and regulatory requirements. The Senior Principle - Cyber Risk & Assurance provides expert guidance, translates technical security risks into business terms ensuring effective risk-informed decision-making to protect critical assets, patients, and GSK intellectual property.

This demands effective stakeholder management and engagement, the Senior Principle - Cyber Risk & Assurance will focus on influencing key stakeholders, delivering CSO projects, programs, and initiatives that enhance cyber security resilience and ensure proportionate cyber security coverage throughout the BU operations.

Acting as a central point of contact for cyber security within the business unit, this position will coordinate with a range of cross-functional teams such as Training and Awareness, Third-Party Risk Management, Governance Risk and Compliance (GRC), Legal, Tech, Architecture and Engineering, and the full suite of CSO disciplines to meet business and security needs effectively.

Leveraging technical expertise and business acumen to balance and communicate security risks to key business leaders and stakeholders, this role will be responsible for identifying, analysing, prioritising and influencing the management and remediation of security risks across the BU, working with BU stakeholders to understand their objectives, key projects, and initiatives to ensure cyber security is considered at the outset to embed secure by design principles reducing likelihood of cyber risk and improve resilience. 

The Senior Principle - Cyber Risk & Assurance shall support the Director of Cyber Risk and Assurance in the collation and delivery of Information Security Governance Meeting (ISGM) materials to Senior Business Unit Risk Owners (SBURO), ensuring all data is collected, checking for accuracy, and presented in the desired format to support effective and timely risk decision-making.

They shall further assist in ensuring all BU issues and risks are raised and comprehensively reviewed and approved within the integrated risk management platforms as applicable and perform high-level risk assessments, data gathering, analysis as necessary and presenting the results back to the BU, influencing key stakeholders to ensure effective remediation plans are developed and implemented.

Key Responsibilities:

Leadership and Operational Delivery

• Support the Director of Cyber Risk and Assurance in driving an effective cyber risk and assurance culture and strategy across the BU.

• Execute CSO projects and initiatives resulting from CSO strategy that impact the BU and report progress back to BU and Director of Cyber Risk and Assurance.

• Partner with the BU, GRC, Legal, and the wider CSO teams to eliminate overlaps and provide a holistic and consistent cyber security posture.

• Act as focal point for cyber security matters within the BU, ensuring alignment with the cyber risk framework, standards, and policies.

Risk Management and Reporting

• Oversee and support Key Risk Indicator (KRI) metrics and risk profile reporting.

• Monitor and oversee the execution of risk assessments, exceptions/issues approvals, remediation plans, and general cyber risk management activities whilst monitoring adherence to SLAs and KPIs.

• Facilitate the development of metrics to measure, report, and enable effective risk decision making.

• Ensure the right stakeholders are engaged and notified at appropriate stages of risk identification, remediation and reporting.

Perform/assist risk assessments, business impact analyses, and tests of business continuity plans, and continuously strengthen the corporate business continuity program and framework Stakeholder Engagement and Cross-Functional Collaboration

• Guide business owners and relevant stakeholders throughout the entire delivery lifecycle ensuring that information security is considered in a proportionate and tailored way

• Facilitate process and walkthrough discussions to document end-to-end business processes, functional requirements, identify key cyber risks and exposures, and advocate for control design.

Knowledge and Upskilling

Maintain current knowledge of cyber security and cyber risk management requirements and accreditation standards and monitor changes in technology impacting security & risk posture.

• Engage in upskilling activities as necessary to maintain a high level of cyber security risk understanding.

• Propose ways of eliminating duplication and or automating tasks to ensure cost effectiveness and operational efficiency.

Third-Party Collaboration

• Partner with outsourced third-party provider in effectively providing a cyber risk service reducing response times and improving on integration and automation.

• Part with BU stakeholder to negotiate with third-party representatives to ensure appropriate remediation of security gaps and protection of GKS information.

Minimum Level of Job-Related Experience Required

• 10+ years of cyber security experience Business engagement

• Interfacing with key business functions, senior leadership and ensuring that security and cyber risk management 'secure by design' is built-in as part of business unit operations.

General

• Deep experience and knowledge across different frameworks and standards such as ISO 27001, NIST,CSF, CIS etc.

• Demonstrated experience and understanding of cyber security principles, cyber risk management, IT security controls, and related technologies and products

• Internal business and stakeholder management experience

• Strong verbal/written communication in English, with the ability to effectively interact with professionals at all levels of responsibility and authority

• Building and working with teams located in different countries around the world, aligning and adapting different work, culture and communication styles.

• Exposure to any technologies to conduct cyber risk management activities

Technical/Functional (Line) Expertise

• Experience conducting risk assessments and applying concepts of inherent and residual risk to draw appropriate conclusions and articulate the same to non-technical audiences.

• Ability to effectively negotiate appropriate remediation of security gaps with third party representatives to ensure protection of GSK information.

Leadership  

• Influencing action across various business lines and geographies to achieve program objectives.

• Ability to effectively manage conflicting priorities in alignment with overall business and departmental strategies.

Decision-making and Autonomy

• Serves as central point-of-contact for evaluating security risks across business units.

• Recommends and agrees with Line Manager the need for shifts in program strategy.

Interaction

• Excellent people and program management skills to effectively balance unexpected and conflicting priorities as they arise

• Experience operating effectively across matrixed organizations

• Intercultural sensitivity

Innovation

• Understand innovations and evolving best practices amongst industry practitioners to continually mature GSK's program.

• Ability to apply innovative approaches to balancing business constraints with program goals to identify win-win solutions.

Complexity

• Global manager role with high stakeholder management requirement

Operate across geographies and across business lines. Collaborate effectively with relevant third parties and managed service provider.

Problem Solving & Innovation

• This is a global manager role and will require the ability to understand business strategy and influence senior stakeholders to embed cyber risk management and mitigation into those strategies and into operations.

• Analyse methodically to examine the problem from all angles. This may include recreating the problem to understand the steps that caused it and reviewing data or error logs that may provide additional details about the problem to help gain a thorough understanding of the symptoms, cause and impact to better identify a solution.

• Trouble shooting identified problems about the possible cause and solution

• Strong decision-making abilities to ensure that the solution is the right fit for the business

• Identify and implement practical and innovative solutions to ensure business requirements are met and appropriate level of security is met

• Identify and implement automation techniques to ensure that problems are identified and mitigated effectively

Neden GSK?

Hastalıkların önüne geçmek için bilimi, teknolojiyi ve yeteneği bir araya getiriyoruz.

GSK, bilimi, teknolojiyi ve yeteneği birleştirerek hastalıkların önüne geçmeyi amaçlayan global bir biyofarma şirketidir. Çalışanlarının gelişimini destekleyen, başarılı ve büyüyen bir şirket olarak önümüzdeki beş yıl içinde 2,5 milyar insanın sağlığını olumlu yönde etkilemeyi hedefliyoruz. Uzmanlık ilaçları ve aşılarda sunduğumuz inovatif koruma ve tedavi yöntemleriyle hastalıkların önüne geçiyoruz. Sağlığı geniş ölçekte etkilemek için solunum, immünoloji ve inflamasyon; onkoloji; HIV ve enfeksiyon hastalıkları olmak üzere dört terapötik alana odaklanıyoruz.

Dünyanın her köşesinde ürettiğimiz ilaç ve aşılara güvenildiğini biliyor, bu yüzden çalışanlarımıza gelişebilecekleri ve etki yaratacak noktalara odaklanabilecekleri bir çalışma ortamı sağlıyoruz. Hastalar için tutkulu olma, etkimiz için özsorumlu olma ve her koşulda doğru olanı yapma kültürümüz; hastalar, paydaşlarımız ve çalışanlarımız için attığımız her adımın temelinde yer alıyor.

GSK'da Kapsayıcılık:

Kapsayıcılığa kendini adamış bir işveren olarak, işe alım süreci boyunca herhangi bir desteğe ihtiyacınız olursa bize ulaşmanızı öneririz. Lütfen ihtiyaçlarınızı görüşmek için IN.recruitment- adresinden İşe Alım Ekibimizle iletişime geçin.

İstihdam işletmelerine/Ajanslarına Önemli Duyuru

GSK, bu sitede yayınlanan boş pozisyonlar için istihdam işletmeleri veya işe alım danışmanlıklarından yönlendirmeleri kabul etmemektedir. Tüm istihdam işlemleri ve işe alım danışmanlıklarının, herhangi bir adayı GSK'ya yönlendirmeden önce yazılı ön izin almak için GSK'nın ticari birimleri ve Satınalma/İnsan Kaynakları departmanıyla iletişime geçmeleri gerekmektedir. Önceden yazılı izin alınması, istihdam işletmeleri/işe alım danışmanlıkları ile GSK arasındaki herhangi bir anlaşmanın (sözlü veya yazılı) ön koşuludur. Böyle bir yazılı izin alınmaması durumunda, istihdam işletmesi/danışmanlık tarafından gerçekleştirilen herhangi bir eylemin GSK'nin onayı veya sözleşmesi olmadan gerçekleştirildiği kabul edilir. Bu nedenle GSK, bu tür eylemlerden kaynaklanan herhangi bir ücretten veya istihdam işletmeleri/danışmanlıklar tarafından bu sitede yayınlanan boş pozisyonlar ile ilgili olarak yapılan herhangi bir yönlendirmeden kaynaklanan herhangi bir ücretten sorumlu tutulamaz.

GlaxoSmithKline, GSK veya grup şirketlerimizin isimlerinin, sahte iş ilanlarında veya adaylardan işe alım fırsatları ve mülakatlar için ödeme talep eden istenmeyen e-postalar yoluyla kullanıldığını fark etmiş bulunmaktayız. Lütfen bu tür ilanların ve e-postaların GlaxoSmithKline grubu ile hiçbir şekilde bağlantılı olmadığını unutmayın.

GlaxoSmithKline (veya GSK) grup şirketlerinden herhangi birinin dünya genelindeki herhangi bir lokasyonunda, işe alım süreci ile ilgili olarak hiçbir bireye veya kuruluşa – iade edileceği iddia edilse bile – kesinlikle ödeme yapmayınız.

Eğer ile bitmeyen bir e-posta adresinden gelen istenmeyen bir e-posta alırsanız veya böyle bir adrese ulaşmanızı isteyen iş ilanlarıyla karşılaşırsanız, lütfen bu iletileri dikkate almayınız ve ilan/mesajın gerçekliğini doğrulayabilmemiz adına adresi üzerinden bizimle iletişime geçiniz.