Senior Director, Cyber Security Strategy Office, Open to flexible working
4 days left
- Contract Type
This role is to support the planning and preparation for Consumer Separation.
The Cyber Security Strategy Office will lead GSK Consumer effort in the formulation of overall strategic direction for the cybersecurity and Information Protect program for the organization and company.
It will be critical to develop security and information sharing relationships with industry peers in addition to governmental agencies in the US/UK (and other geo's) to allow GSK to consume real time security data enhancing our internal capabilities.
Develop and sustain of an effective and efficient strategic view GSK's risk posture with appropriate performance metrics supporting the CISO organization that ensure we are taking a risk-based approach to managing investments to combat a dynamic threat landscape.
This role will provide YOU the opportunity to lead key activities to progress YOUR career. These responsibilities include some of the following:
- Develop and maintain the GSK Cybersecurity Strategy to address risk to all GSK IT and Data assets. Build key information sharing partnerships with National Security organizations in the US/UK governments
- Collaborate with other key strategic stakeholders in the Chief Digital Organization (CDO) and Global Ethics and Compliance (GEC) organization, along with Data Privacy and Legal teams. Formally collaborate with industry peers and cloud service providers for insights and security intelligence
- Advise the GSK CISO on emerging risks and trends in the security arena. Identify new and emerging threats and work with CISO to identify solutions. Continually review the resource allocation across the CISO organization to ensure proper targeting
- Leadership across all aspects of information security portfolio ensuring strategic alignment, proper investment prioritization, and governance. Represent GSK at critical industry events
- Ensure strategy includes the protection of both connected and non-connected corporate IT/OT assets and data. Interface with IP LT members and work with CISO on addressing BoD and CET concerns
- Ensure that product owner and delivery teams follow methodologies and tools consistent with information protection project management policy and procedures.
- Responsible for the overall decomposition of work across all sub-streams and delivery commitments on schedule according to plan, cost and quality;
- Development and reporting of specified performance metrics as set out in yearly CISO and business plans
- Manage risks, issues and dependencies, ensuring appropriate escalations. Ensure cross workstream dependencies are coordinated and visible. Lead appropriate communication, escalation and reporting to ensure alignment and progress across teams and stakeholders.
- Chair monthly meetings as required. Ensure outcomes are accurately documented and published. Create a clear communication plan, leveraging our corporate comms. Provision of regular reporting to the CISO, Program Sponsor and other identified executive leadership teams as required.
- Third Party supplier cyber security strategy
We are looking for professionals with these required skills to achieve our goals:
- Bachelor's degree in Computer Science, Business Management or related field; equivalent work experience accepted
- CISSP, CISA, CISM or equivalent certification
- Comprehensive knowledge about vulnerability and security policies such as ISO standards, control and abuse policies, regulations, monitoring, evaluation, review, and reports associated with auditing
- Experience interacting with all levels across an organization in both IT and business areas
- Government Agency relationships or working cyber experience with DoD, CIA, FBI, Homeland Security, etc
- Knowledge of information security risk management frameworks and compliance practices as well as regulatory compliance frameworks that will be adhered to
- Knowledge of securing network technologies, client, and server operating systems
- Working Knowledge with NIST Framework, GxP Manufacturing processes, PCI Tier 1
- Excellent interpersonal, communication, and presentation skills, including formal report writing experience
- Excellent analytical and problem-solving skills
- Ability to influence and negotiate with internal and external stakeholders
- Demonstrated ability to effectively manage multiple simultaneous projects and deliverables
- Strong track record of demonstrating inspiring leadership and attracting/ retaining the right talents
Our values and expectations are at the heart of everything we do and form an important part of our culture.
These include Patient focus, Transparency, Respect, Integrity along with Courage, Accountability, Development, and Teamwork. As GSK focuses on our values and expectations and a culture of innovation, performance, and trust, the successful candidate will demonstrate the following capabilities:
- Agile and distributed decision-making - using evidence and applying judgement to balance pace, rigour and risk, governance and control, managing ambiguity and paradox.
- Managing individual performance.
- Creating a performance culture and driving results, prioritisation, execution, delivering performance.
- Setting strategic direction and leading on-going organisational transformation.
- Building a resilient organisation.
- Building strong relationships and collaboration in service of common goals, engaging the organisation and building trusted external networks for mutual benefit.
- Managing P&L and capital allocation.
GSK is an Equal Opportunity Employer and, in the US, we adhere to Affirmative Action principles. This ensures that all qualified applicants will receive equal consideration for employment without regard to race, colour, national origin, religion, sex, pregnancy, marital status, sexual orientation, gender identity/expression, age, disability, genetic information, military service, covered/protected veteran status or any other federal, state or local protected class.
Important notice to Employment businesses/ Agencies
GSK does not accept referrals from employment businesses and/or employment agencies in respect of the vacancies posted on this site. All employment businesses/agencies are required to contact GSK's commercial and general procurement/human resources department to obtain prior written authorization before referring any candidates to GSK. The obtaining of prior written authorization is a condition precedent to any agreement (verbal or written) between the employment business/ agency and GSK. In the absence of such written authorization being obtained any actions undertaken by the employment business/agency shall be deemed to have been performed without the consent or contractual agreement of GSK. GSK shall therefore not be liable for any fees arising from such actions or any fees arising from any referrals by employment businesses/agencies in respect of the vacancies posted on this site.