Information Security – Audit Manager - Full-time Flexible
Audit & Assurance is responsible for providing an objective view of risk management at a point in time. By raising awareness, we inspire meaningful action before potential issues become real issues. We collaborate and partner on the shared goal of reducing risk to GSK - protecting the interests of our patients. We are in the unique position to view across the GSK enterprise, connecting insights and sharing learnings in the risk space through our advisory and assurance product portfolio.
A role in Audit & Assurance will build both risk management and leadership capabilities and you can expect to:
Gain GSK knowledge and cultural awareness
Develop broader perspectives and a "One GSK" global mindset
Engage with leaders at every level of the organisation
Grow cross-functional networks
Enhance leadership capabilities in communication, collaboration, challenge and influencing
This role covers the enterprise risks of Information Security and Data Privacy. For Information Security, this covers threats to Data Confidentiality, Integrity and Availability; for data privacy, it covers legal requirements relating to the collection, usage, sharing and retention of personal information. Specific areas of focus are:
• Application software security
• Network security
• Security and Configuration of Cloud Services
• Vulnerability management
• Access management, including controlled use of administrative privileges
• Malware defences
• Data recovery, continuity and availability
• Protection and Governance of Personal Information
• Compliance with applicable laws and regulations (e.g. GDPR)
To deliver objective and insightful assurance that inspires meaningful action in reducing risk to GSK. The role is critical to illuminating the current state of risk management, giving credit for good practices, identifying issues, understanding root cause, and connecting dots across disparate activities to deliver insights that mobilize the organisation to improve.
This position would be suitable for someone who has worked in a technical role with a strong cyber security focus. This may be software engineering, network engineering, penetration testing, system administration, etc. Experience as a team leader is advantageous. The ability to perform risk assessments and translate technical issues into business risks is a key requirement. Excellent communication skills and the ability to build trusting relationships with senior stakeholders is expected. An enthusiasm for continuous learning and the ability to adapt to the changing demands of the cyber threat landscape is an expected attribute.
• Engage auditees and other business stakeholders in a way that inspires and builds trust, mutual understanding, and respect
• Design and execute Audits, which utilize a range of risk-based assurance techniques
• Identify technical issues & vulnerabilities, assess control gaps, and translate these into meaningful business risks.
• Deliver timely and meaningful audit outputs in alignment with the Core Audit Process (or other assurance products as required)
• Connect auditees and other business stakeholders to insights and resources that will deepen their understanding of risk and the internal control framework.
• Anticipate and effectively manage potential obstacles to audit delivery and risk reduction; ensure timely escalation. Demonstrate a flexible approach to work, rebalancing priorities where necessary and solving problems creatively.
• Lead by example to challenge the status quo and create a vibrant, values-based work environment.Develop self and others through giving and receiving feedback to promote excellence and continuous improvement.Engage in peer to peer coaching, teaching, and mentoring.
• Actively contribute to the evolution of A&A assurance strategies and related audit universe entries.
• Expand the knowledge base of the A&A team through proactive knowledge sharing and collaboration.Share your experience actively for relevant audits.Build your own knowledge of new areas and actively participate in audits of new areas to increase your audit experience and flexibility as required by A&A.
• Champion A&A strategic projects and initiatives.
The role has no permanent line management responsibilities, but you will periodically act as an Audit Engagement Lead, with accountability for managing the audit end-to-end, and leading the team of 3 - 6 Auditors.
Why You?Basic qualifications:
We are looking for professionals with these required skills to achieve our goals:
• Strong experience in cyber security, or a security relevant discipline (e.g. Security Auditor, Penetration Tester, SOC Analyst / Manager, Software Engineer, Network Engineer)
• Strong awareness of an industry recognised security framework (e.g. CIS Critical Security Controls, PCI-DSS, NIST Cyber security framework, ISF Standard of Good Practice)
• Good technical knowledge across Technology Stacks and computer system architectures
• Experience in conducting IT Audits or Security Assessments
• Knowledge of Data Privacy principles, Data Privacy Laws and the relationship between Privacy and Security
• Good problem solving, analytical and project management experience and proven track record of managing complex initiatives and delivering with agreed timelines.
• Strong interpersonal skills with excellent written and oral communication skills.
• Strong leadership and influencing skills.
• Self-starter, results-oriented.
• Bachelor's degree in a relevant discipline (e.g., Computer Science or IT related) preferred.
• Security or Privacy Related Certification (e.g. CISSP, CISA, CRISC, CIPT, CIPP)
• Proficient in English, essential
If you have the following characteristics, it would be a plus:
• MBA or Advanced Degree
• Foreign language skills, preferred
Our values and expectations are at the heart of everything we do and form an important part of our culture.
These include Patient focus, Transparency, Respect, Integrity along with Courage, Accountability, Development, and Teamwork. As GSK focuses on our values and expectations and a culture of innovation, performance, and trust, the successful candidate will demonstrate the following capabilities:
Operating at pace and agile decision-making - using evidence and applying judgement to balance pace, rigour and risk.
Committed to delivering high quality results, overcoming challenges, focusing on what matters, execution.
Continuously looking for opportunities to learn, build skills and share learning.
Sustaining energy and well-being.
Building strong relationships and collaboration, honest and open conversations.
Budgeting and cost-consciousness
At GSK we are all inspired by the difference we make and challenge ourselves every day to improve the lives of patients and consumers. That's why we have created an environment where everyone feels valued, able to develop, contribute to our mission and be proud of what we achieve.
To support you in achieving your role and career ambitions you'll be given the opportunity to:
Play an important role in delivering our mission
Be an essential part of diverse, global team
Develop others as part of your own professional growth
Interested in Joining the Team?
During the course of your application you will be requested to complete voluntary information which will be used in monitoring the effectiveness of our equality and diversity policies. Your information will be treated as confidential and will not be used in any part of the selection process.
If you require a reasonable adjustment to the application / selection process to enable you to demonstrate your ability to perform the job requirements please contact 0808 234 4391. This will help us to understand any modifications we may need to make to support you throughout our selection process.
The information that you have provided in your cover letter and/or CV will be used to assess your application.
Thank you for your interest in this opportunity.
Closing Date: COP 30th July 2019
You may apply for this position online by selecting the Apply now button.
If you require an accommodation or other assistance to apply for a job at GSK, please contact the GSK HR Service Centre at 1-877-694-7547 (US Toll Free) or +1 801 567 5155 (outside US).GSK is an Equal Opportunity/Affirmative Action Employer. All qualified applicants will receive equal consideration for employment without regard to race, color, national origin, religion, sex, pregnancy, marital status, sexual orientation, gender identity/expression, age, disability, genetic information, military service, covered/protected veteran status or any other federal, state or local protected class.
Important notice to Employment businesses/ Agencies
GSK does not accept referrals from employment businesses and/or employment agencies in respect of the vacancies posted on this site. All employment businesses/agencies are required to contact GSK's commercial and general procurement/human resources department to obtain prior written authorization before referring any candidates to GSK. The obtaining of prior written authorization is a condition precedent to any agreement (verbal or written) between the employment business/ agency and GSK. In the absence of such written authorization being obtained any actions undertaken by the employment business/agency shall be deemed to have been performed without the consent or contractual agreement of GSK. GSK shall therefore not be liable for any fees arising from such actions or any fees arising from any referrals by employment businesses/agencies in respect of the vacancies posted on this site.