Information Security Audit Manager, Open to flexible working
Audit & Assurance Background
A&A is responsible for providing an objective view of risk management at a point in time. By raising awareness, we inspire meaningful action before potential issues become real issues. We collaborate and partner on the shared goal of reducing risk to GSK - protecting the interests of our patients. We are in the unique position to view across the GSK enterprise, connecting insights and sharing findings in the risk space through our advisory and assurance product portfolio.
This position will build both risk management and leadership capabilities and you can expect to:
- Gain GSK knowledge and cultural awareness
- Develop broader perspectives and a "One GSK" global mentality
- Engage with leaders at every level of the organisation
- Grow multi-functional networks
- Enhance leadership capabilities in communication, collaboration, challenge and influencing
This role covers the enterprise risks of Information Security and Data Privacy. For Information Security, this covers threats to Data Confidentiality, Integrity and Availability; for data privacy, it covers legal requirements relating to the collection, usage, sharing and retention of personal information. Specific areas of focus are:
- Application software security
- Network security
- Vulnerability management
- Security of Cloud Services
- Access management, including controlled use of administrative privileges
- Malware defences
- Data recovery, continuity and availability
- Protection and Governance of Personal Information
- Compliance with applicable laws and regulations (e.g. GDPR)
What you'll be doing...
To deliver objective and insightful assurance that inspires meaningful action in reducing risk to GSK. The role is critical to illuminating the current state of risk management, giving credit for good practices, identifying issues, understanding root cause, and connecting dots across disparate activities to deliver insights that mobilise the organisation to improve.
This position would be suitable for someone who has worked in a cyber security role and has experience as a team leader. Superb communication skills and the ability to build trusting relationships with senior leaders is expected.
- Engage auditees and other business leaders in a way that inspires and builds trust, mutual understanding, and respect
- Design and execute Audits, which utilise a range of risk-based assurance techniques
- Identify technical issues & vulnerabilities, assessing control gaps, and translate these into meaningful business risks.
- Deliver timely and meaningful audit outputs in alignment with the Core Audit Process (or other assurance products as required)
- Connect auditees and other business leaders to insights and resources that will deepen their understanding of risk and the internal control framework.
- Anticipate and effectively manage potential obstacles to audit delivery and risk reduction; ensure timely escalation. Demonstrate a flexible approach to work, rebalancing priorities where necessary and solving problems creatively.
- Lead by example to challenge the status quo and create a vibrant, values-based work environment. Develop self and others through giving and receiving feedback to promote excellence and continuous improvement. Engage in peer to peer coaching, teaching, and mentoring.
- Actively contribute to the evolution of A&A assurance strategies and related audit universe entries.
- Expand the knowledge base of the A&A team through proactive knowledge sharing and collaboration. Share your experience actively for relevant audits. Build your own knowledge of new areas and actively participate in audits of new areas to increase your audit experience and flexibility as required by A&A.
- Champion A&A strategic projects and initiatives.
We are looking for individuals with these required skills to achieve our goals!
- Solid experience in cyber security, or a security discipline (e.g. Security Auditor, Penetration Tester, SOC Analyst / Manager, Software Engineer, Network Engineer)
- Strong awareness of an industry recognised security framework (e.g. CIS Critical Security Controls, PCI-DSS, NIST Cyber security framework, ISF Standard of Good Practice)
- Good technical knowledge across Technology Stacks and computer system architectures
- Experience in conducting IT Audits or Security Assessments
- Knowledge of Data Privacy principles, Data Privacy Laws and the relationship between Privacy and Security
- Good problem solving, analytical and project management experience and proven track record of managing complex initiatives and delivering with agreed timelines.
- Strong interpersonal skills with excellent written and oral communication skills.
- Strong leadership and influencing skills.
- Self-starter, results-oriented.
- Bachelor's degree in a relevant discipline (e.g., Computer Science or IT related) preferred.
- Security or Privacy Related Certification (e.g. CISSP, CISA, CRISC, CIPT, CIPP)
- Proficient in English, essential. Foreign language skills, preferred.
Interested in Joining the Team?
Please apply via our online portal providing your CV and Cover Letter.
Please ensure you apply before the 9th May 2021 to ensure you're in the running! (Please take a personal copy of the Job Description, as this will not be available online post closure of the advert)
At GSK, we're a company with a special purpose, to help people do more feel better and live longer. Realising our purpose starts with us. When we feel at our best, we perform at our best.
When you set out on your adventure at GSK, we make a deal. You commit to living GSK's values and expectations and performing against our Innovation, Performance and Trust priorities. And in return, GSK commits to providing the right environment for you to thrive. Put simply, it's about you being motivated to do your best work, in a place where you can be you, feel good and keep growing.
Together we build an environment where we can all thrive and focus on what matters most to each of us. It is only through the energy, dedication, drive and passion of all of us that we can be the very best for GSK, and importantly, for our patients and consumers.
As a company driven by our values of Patient focus, Transparency, Respect and Integrity, we know inclusion and diversity are essential for us to be able to succeed. We want all our colleagues to thrive at GSK bringing their unique experiences, ensuring they feel good and to keep growing their careers. As a candidate for a role, we want you to feel the same way.
As an Equal Opportunity Employer, we are open to all talent. In the US, we also adhere to Affirmative Action principles. This ensures that all qualified applicants will receive equal consideration for employment without regard to race/ethnicity, colour, national origin, religion, gender, pregnancy, marital status, sexual orientation, gender identity/expression, age, disability, genetic information, military service, covered/protected veteran status or any other federal, state or local protected class*(*US only).
We believe in an agile working culture for all our roles. If flexibility is important to you, we encourage you to explore with our hiring team what the opportunities are.
As you apply, we will ask you to share some personal information which is entirely voluntary. We want to have an opportunity to consider a diverse pool of qualified candidates and this information will assist us in meeting that objective and in understanding how well we are doing against our inclusion and diversity ambitions. We would really appreciate it if you could take a few moments to complete it. Rest assured, Hiring Managers do not have access to this information and we will treat your information confidentially.
Important notice to Employment businesses/ Agencies
GSK does not accept referrals from employment businesses and/or employment agencies in respect of the vacancies posted on this site. All employment businesses/agencies are required to contact GSK's commercial and general procurement/human resources department to obtain prior written authorization before referring any candidates to GSK. The obtaining of prior written authorization is a condition precedent to any agreement (verbal or written) between the employment business/ agency and GSK. In the absence of such written authorization being obtained any actions undertaken by the employment business/agency shall be deemed to have been performed without the consent or contractual agreement of GSK. GSK shall therefore not be liable for any fees arising from such actions or any fees arising from any referrals by employment businesses/agencies in respect of the vacancies posted on this site.