CISO Director - Consumer Healthcare, Open to flexibility

Brentford (City/Town), London (Greater)
07 Oct 2018
14 Oct 2018
Contract Type

CISO Director - Consumer Healthcare, Open to flexibility

As our Chief Information Security Officer - Consumer Healthcare you are accountable for overseeing the identification, assessment, reporting and mitigation of information security risks for their designated business Units(s) in a manner that meets compliance and regulatory requirements.

This role is responsible for assisting the business area in ensure their information, applications and systems are design, handled and maintained to ensure the right balance of risk and opportunity. This role will assist the business area on it journey towards digital enablement by partnering to ensure the information and systems are protected in a manner that ensures both compliance and improves our overall enterprise security posture in alignment with the business units defined risk appetite.

Key Responsibilities

  • Strategy: Ensure alignment between the business unit strategy and the enterprise Information Security Strategy.
  • Enterprise Risk Management: Partner with the business area to define the appropriate adopt/adapt strategy for implementation of the information security enterprise risk plan.
  • Independent Business Monitoring: Provide timely input into the key risk indicators and aggregate risk metrics to provide transparency of business area risk and issues related to information.
  • Advisory Group: Actively participate and lead where appropriate the Business Area Advisory Group, provide recommendations to the Enterprise Information Security on opportunities/issue to focus the investment to optimize the risk reduction change program (InfoProtect)
  • Information Security Risk Remediation: Serve as business are representative on key enterprise-wide remediation activities to ensure key deliverables and targets are met by the business area, that the business are constraints and use cases are incorporated into the design and planning, and champion the risk justification behind the initiative to ensure effective deliver.
  • Independent Business Monitoring: Collate and rationalise business unit specific metrics associated with IBM. Ensure the business unit understand the output and actions related to IBM. Leverage IBM to support prioritisation of the business unit risk treatment plan.
  • Risk Remediation: Coordinate the remediation associated with Key Risk Indicator e.g. chase the remediation of critical vulnerabilities.
  • Enterprise Risk Plan: Ensure the implementation of the business units adopt/adapt strategy - track status, coordinate campaigns to ensure progression, communicate the importance
  • Training and communications: Define the business unit's training plan related to information security. Supporting the business localisation of information security awareness programmes.
  • Risk Consultancy: Provide Security Subject Matter Expertise on High Risk Projects or initiatives
  • IS Project/Program Business Area Coordination: the deliver within the business unit of security projects/programs - e.g. OT, IDAM
  • Governance: Act as gatekeeper ensuring that significant information protection risk decisions are made in accordance with the agreed risk appetite/limits or are being escalated to the appropriate level of authority for agreement of any risk acceptance or tolerance.


At GSK we are all inspired by the difference we make and challenge ourselves every day to improve the lives of patients and consumers. That's why we have created an environment where everyone feels valued, able to develop, contribute to our mission and be proud of what we achieve.

To support you in achieving your role and career ambitions you'll be given the opportunity to:

  • Play an important role in delivering our mission
  • Be an essential part of diverse, global team
  • Develop others as part of your own professional growth

Our reward package includes:

  • A competitive base salary
  • An annual bonus that rewards you for your individual contribution to our strategy, as well as business targets
  • Benefit programs designed to support you and your family, including access to healthcare and well-being programs, pension plan membership, savings programs, time off and
  • childcare support
  • Employee recognition programs which reward exceptional achievements
  • Share ownership schemes which link your reward to GSK's longer term performance
  • A performance and development program that helps you identify what you need to do, and the behaviours you need to demonstrate, to achieve success

Interested in Joining the Team?

During the course of your application you will be requested to complete voluntary information which will be used in monitoring the effectiveness of our equality and diversity policies. Your information will be treated as confidential and will not be used in any part of the selection process.

If you require a reasonable adjustment to the application / selection process to enable you to demonstrate your ability to perform the job requirements please contact 0808 234 4391. This will help us to understand any modifications we may need to make to support you throughout our selection process.

Thank you for your interest in this opportunity.
Closing Date: COP 14th October 2018


Why You?

Basic qualifications:

  • Educated to degree level (Information Security or related security discipline) or Industry standard qualifications (in good standing) minimum requirements are CISSP/CISM.
  • Proven track record at directing and leading information security teams in highly diverse organisations with a deep understanding of security as a business enabler.
  • Domain authority in multiple areas of information and cyber security (governance, compliance, security operations, application security, resilience, risk management, incident management, cryptography, network security architecture)
  • Deep understanding of frameworks such as ISO 27001, PCI-DSS
  • Confirmed technical background and experience in leading and delivering security capability to large scale IT and business change activities within a regulated environment.
  • Ability to drive change and improvement working to strict deadlines. A strong influencer; confident, persuasive, determined.
  • Excellent communication skills with experience of leading behavioural change.

Preferred qualifications:

  • Deep understanding of current and emerging E-commerce Information Systems and Security technologies, and digital enterprises.

Why GSK?:

GSK has a 150-year legacy of helping to transform the health, lives and futures of millions of people around the world. We're a science-led healthcare company with more than 100,000 people working in 115 countries. Each year we produce around 4 billion packs of medicine, nearly 900 million doses of vaccine and more than 18 billion packs of consumer healthcare products. Our focus of helping people do more, feel better and live longer is at the centre of all that we aim to do.

Contact information:
You may apply for this position online by selecting the Apply now button.

If you require an accommodation or other assistance to apply for a job at GSK, please contact the GSK HR Service Centre at 1-877-694-7547 (US Toll Free) or +1 801 567 5155 (outside US).GSK is an Equal Opportunity/Affirmative Action Employer. All qualified applicants will receive equal consideration for employment without regard to race, color, national origin, religion, sex, pregnancy, marital status, sexual orientation, gender identity/expression, age, disability, genetic information, military service, covered/protected veteran status or any other federal, state or local protected class.

Important notice to Employment businesses/ Agencies

GSK does not accept referrals from employment businesses and/or employment agencies in respect of the vacancies posted on this site. All employment businesses/agencies are required to contact GSK's commercial and general procurement/human resources department to obtain prior written authorisation before referring any candidates to GSK. The obtaining of prior written authorisation is a condition precedent to any agreement (verbal or written) between the employment business/ agency and GSK. In the absence of such written authorisation being obtained any actions undertaken by the employment business/agency shall be deemed to have been performed without the consent or contractual agreement of GSK. GSK shall therefore not be liable for any fees arising from such actions or any fees arising from any referrals by employment businesses/agencies in respect of the vacancies posted on this site.

Similar jobs

Similar jobs