Cyber Risk & Assurance- Dev Sec Ops Senior Manager, Open to flexible working
2 days left
- Contract Type
At GSK, we have already delivered unprecedented change over the past four years, improving R&D, becoming a leader in Consumer Health, strengthening our leadership, and transforming our commercial execution. Now, we’re making the biggest changes we’ve made to our business in over 20 years. We’re on track to separate and create two new companies in 2022: New GSK with a leading portfolio of vaccines and specialty medicines as well as R&D based on immune system and genetics science; and a new world-leading consumer healthcare company of loved and trusted brands.
With new ambition comes new purpose. For New GSK, this is to unite science, talent and technology to get ahead of disease together – all with the clear ambition of delivering human health impact; stronger and more sustainable shareholder returns; and as a new GSK where outstanding people thrive.
Getting ahead means preventing disease as well as treating it. How we do all this is through our people and our culture. A culture that is ambitious for patients – so we deliver what matters better and faster; accountable for impact – with clear ownership of goals and support to succeed; and where we do the right thing. So, if you’re ready to improve the lives of billions, join us at this exciting moment in our journey. Join our challenge to get Ahead Together.
Cyber Risk & Assurance – Cloud/DevSecOps Senior Manager
The Cyber Risk & Assurance– Cloud/DevSecOps Senior Manager will work within GSK’s Cyber Risk & Assurance team, interacting directly with stakeholders and technical teams to drive and support the Cloud, Application Security program and DevSecOps operations. This includes managing and supporting activities that are focused on improving overall cloud & application security program and managing the entire DevSecOps risk posture, in turn improving the delivery of secure product/application.
- Support the Development, Implementation and Operation of Cyber Risk Solutions to enable Security in DevOps as part of Agile solution delivery:
- Ability to develop and execute strategies and roadmaps to provide GSK with need-based, value-adding, and cost-effective Cyber risk solutions
- Develop assessment frameworks, methodologies to identify and remediate risks
- Ability to analyse the GSK’s cyber security infrastructures to enable targeted and data-driven enhancements
- Ensure that GSK’s business needs are met when developing assessment frameworks to ensure effective, targeted, and actionable analyses
- Apply multiple security testing methodologies and techniques to assess GSK’s security infrastructures and identify / evaluate vulnerabilities
- Gather data and determine priority criteria to build an integrated roadmap that addresses all facets of a Cyber Assessment or implementation
- Assess cyber security policies and procedures to analyse compliance with regulatory requirements and evaluate overall operational efficiency; provides GSK business owners with mitigating solutions
- Proficient with multiple domain-specific cyber security technology solutions and can effectively integrate them to meet and exceed GSK’s requirements
- Enable sustainability and continuous improvement of cyber security solutions by assessing and enhancing GSK’s cyber security governance infrastructures
- Understand and apply cyber threat intelligence and profiling to the design and assessment of GSK’s systems
- Test the effectiveness of GSK’s cyber security technologies to identify and articulate opportunities for improvement across the digital, physical, and social elements of GSK
- Conduct complex business process assessments to help GSK identify, analyse, and prioritize gaps and risks; applies findings to make recommended upgrades aligned to the overall strategy
- Develop effective and sustainable technology/tools and Cyber risk management strategies by tailoring leading Cyber frameworks on GSK’s business and technology needs
- Understands the interaction of business and technology processes / risks and can explain it in business terms to both technical and non-technical audiences
- Provide advice on security best practices, and guide GSK in developing and implementing security policies aligned to the cloud platforms and that specifically direct secure development and deployment pipelines
- Evaluate and recommend emerging security products that enable and optimise secure DevOps on-premises and in-cloud.
- Be able to support Dynamic Application Security Testing (DAST) and or Static Application Security Testing (SAST) scans in addition to defining, implementing and reviewing the security configuration of DevOps environments
- Understanding and ability to operate successfully in the context of IT processes for configuration, change and release management.
- Work very closely with product managers, architects/developers and business application owners to define technical product requirements and collaborate within team to drive user story/tasks creation along with design, development and security testing activities.
- Build automation in control testing to ensure effectiveness of control testing
- A bachelor's degree in a related field and approximately
- Good progressive experience with minimum years of Cloud specific experience, with role(s) in public and/or private sector organizations is required. Demonstrate strong understanding and experience in delivery of Cyber engagements across key industries
- Familiar with Agile project delivery
- Be able to build, run and review automated tests along the development lifecycle (Test driven development)
- Security standards and governance frameworks
- Security testing methods for various CI/CD pipelines and target technology deployment, containers (e.g. Kubernetes), microservices, in-cloud and on-premises
- Infrastructure and network as code
- Deployment pipeline as code
- Experience in translating organisation’s risk, security, and compliance requirements into specific Cloud security solutions and design patterns.
- Applying Cloud Security Reference Architecture to deliver consistent, standardized solutions.
- Experience delivering complex security solutions,
- Collaborating and coordinating solution design work with other Cyber Solution Architects in Infrastructure, IT Strategy, Service Delivery, etc.
- Managing/operating public, private and hybrid cloud solutions.
- Utilising and applying knowledge of Cloud solutions across IaaS, PaaS & SaaS into projects, such as AWS or Azure, OpenStack or Cloud Foundry, Salesforce, Microsoft Office 365 etc.
- Utilizing and applying knowledge of enterprise security and Cloud security specific solutions into projects such as: IAM/IDaaS, CASB, Identity Governance, Cloud SOC/SIEM, Key Management & Encryption.
- Utilising and applying security testing knowledge
- Utilising and applying knowledge of DevOps technologies, Azure DevOps, Atlassian, Jira, etc.,
- Solutions Architecture experience and/or Security Architecture experience; and
- Experience designing and/or delivering complex security solutions, such as Identity & Access Management, Data Protection and DLP, SIEM, and network segmentation and defence.
- Have experience with conducting vulnerability assessments/scans
- Advanced certifications, diplomas, professional certifications, advanced degrees in Cyber or information security - examples include:
- CISSP, CISM, CISA, CIPT, CIPM, CRISC or other relevant certification desired
- Microsoft certified Solutions Architect.
- ITIL (IT Infrastructure Library)
As a company driven by our values of Patient focus, Transparency, Respect and Integrity, we know inclusion and diversity are essential for us to be able to succeed. We want all our colleagues to thrive at GSK bringing their unique experiences, ensuring they feel good and to keep growing their careers. As a candidate for a role, we want you to feel the same way.
As an Equal Opportunity Employer, we are open to all talent. In the US, we also adhere to Affirmative Action principles. This ensures that all qualified applicants will receive equal consideration for employment without regard to race/ethnicity, colour, national origin, religion, gender, pregnancy, marital status, sexual orientation, gender identity/expression, age, disability, genetic information, military service, covered/protected veteran status or any other federal, state or local protected class*(*US only).
We believe in an agile working culture for all our roles. If flexibility is important to you, we encourage you to explore with our hiring team what the opportunities are.
As you apply, we will ask you to share some personal information which is entirely voluntary. We want to have an opportunity to consider a diverse pool of qualified candidates and this information will assist us in meeting that objective and in understanding how well we are doing against our inclusion and diversity ambitions. We would really appreciate it if you could take a few moments to complete it. Rest assured, Hiring Managers do not have access to this information and we will treat your information confidentially.
Important notice to Employment businesses/ Agencies
GSK does not accept referrals from employment businesses and/or employment agencies in respect of the vacancies posted on this site. All employment businesses/agencies are required to contact GSK's commercial and general procurement/human resources department to obtain prior written authorization before referring any candidates to GSK. The obtaining of prior written authorization is a condition precedent to any agreement (verbal or written) between the employment business/ agency and GSK. In the absence of such written authorization being obtained any actions undertaken by the employment business/agency shall be deemed to have been performed without the consent or contractual agreement of GSK. GSK shall therefore not be liable for any fees arising from such actions or any fees arising from any referrals by employment businesses/agencies in respect of the vacancies posted on this site.