1. Home
  2. Accounting / Management control
  3. Principal - Cyber Risk and Assurance

Offers “Gsk”

Expires soon
Gsk

Principal - Cyber Risk and Assurance

  • Bengaluru (Bangalore Urban)
  • Accounting / Management control
Apply Now

Job description

Nombre del sítio: Bengaluru Luxor North Tower
Fecha de publicación: Feb 27 2024

Our Cyber Security organisation enables GSK to take on some of the biggest healthcare challenges in the world by protecting our business, customers, and patients from cyber risks. We are investing in growing our Cyber Security teams because they play a pivotal role as the nature and types of threats get more sophisticated.

In this ever-evolving digital and technology landscape, it is critical to stay on top of issues that could cause us harm. This requires a deep understanding of cybersecurity concepts, techniques, and trends along with critical thinking. Our Cyber Security teams are continuously learning and developing their skills to protect against bad actors, allowing GSK to stay focused on what matters most – getting ahead of disease together.

Job Purpose: -

The primary purpose of this position is to partner with the business and global support functions to embed the concept of “secure by design” by influencing projects and operations to implement proportionate cyber security coverage throughout the development Lifecyle.

This is achieved by acting as a cyber security focal point for the business, acting as a conduit to other security teams (such as Cyber Security Operations, Governance Risk and Compliance and Architecture and Engineering) as required to meet business needs.

Key Responsibilities : -

· 
To identify, document and report business cyber risks to senior stakeholders and positively influence the cyber security posture

· 
Provide high level SME support and guidance in identifying and managing risks in all cores of cyber security like data, application, cloud, IAM etc.

· 
Formally assess and evaluate cyber security risks related to business projects, determine the potential impact of those risks, and conduct follow-up on any necessary remediation efforts. Ensure that IT solutions and business processes comply with GSK’s policies, controls and applicable legal and regulatory requirements whilst also ensuring that business objectives are met

· 
Collaborate with internal third-party relationship owners and third-party representatives to recommend necessary security and privacy controls to effectively mitigate risks to GSK

· 
Evangelize third-party risk management processes across business lines to help influence a strong culture of proactive awareness for third-party security risks

· 
To guide business owners and relevant stakeholders throughout the entire delivery lifecycle ensuring that information security is considered in a proportionate and tailored way

· 
To carry out expert security assessments in supporting the business and global support functions utilising a thorough understanding of pharma and effectively create/monitor delivery of the remediation plans on identified risks and support on all levels within the business.

· 
To partner effectively with the business, GRC and the wider Tech Security/Risk teams to eliminate overlaps and provide a holistic and consistent cyber security position including key initiatives such as cyber incidents and resilience.

· 
To ensure consistent and continual alignment to the business and TSR strategy through oversight of the Cyber Risk Management framework, activities and processes including all aspects of the metrics/reporting.

· 
To contribute to the development of global cyber security baselines, guidelines, standards, policies and procedures

· 
Ability to support multiple teams to conduct threat modelling exercises for applications on an ongoing basis and embed strong cyber controls around data governance within business processes

· 
Maintain current knowledge of cyber risk management requirements and accreditation standards and monitor changes in technology impacting security & risk posture.

· 
To serve as a coach and mentor to peers and engage in upskilling activities for the overall team

· 
Identifying and implementing automation initiatives like control testing to enhance the delivery time and improve efficiency

· 
Identify and implement areas of duplication and propose ways of eliminating duplication to bring cost effectiveness and efficiency

· 
Partner with outsourced third-party provider in effectively providing a cyber risk service reducing response times and improving on integration and automation

Job-Related Experience sections above that are required for the job: -

· 
Experience and knowledge across different frameworks and standards such as ISO 27001, NIST, CIS etc.

· 
CISSP, CISM

· 
Demonstrated experience and understanding of cyber security principles, IT security controls, and related technologies and products

· 
Experience in working with outsourced providers and bringing positive changes to the organisation by working in partnership

· 
Prior experience in conducting cyber Security risk assessments and 3rd party security and data privacy assessments

· 
Stakeholder/ internal business management experience

· 
Strong verbal/written communication in English, with the ability to effectively interact with professionals at all levels of responsibility and authority

· 
Ability to prioritize, delegate, and foster the development of high-performance teams to lead/support an environment driven by customer service and teamwork

· 
Work with virtual teams located in different countries around the world, aligning and adapting different work, culture and communication styles.

· 
Exposure to any GRC technologies to conduct cyber risk management

At GSK we value diversity (Gender, LGBTQ +, PwD etc.) and treat all candidates equally. We aim to create an inclusive workplace where all employees feel engaged, supportive of one another, and know their work makes an important contribution.

#GSKcso

Nuestro objetivo es ser una de las empresas de atención médica más innovadoras, de mejor desempeño y más confiables del mundo. Creemos que todos aportamos algo único a GSK y cuando combinamos nuestros conocimientos, experiencias y estilos, el impacto es increíble. Únase a nuestra aventura en GSK donde se inspirará para hacer el mejor trabajo para nuestros pacientes y clientes. Un lugar donde puede ser usted mismo, sentirse bien y seguir creciendo.

  

Aviso importante a las empresas o agencias de empleo

GSK no acepta recomendaciones de empresas de empleo o agencias de empleo con respecto a las vacantes publicadas en este sitio. Todas las empresas o agencias de empleo están obligadas a ponerse en contacto con el Departamento de Contrataciones Comerciales y Generales o el Departamento de Recursos Humanos de GSK para obtener autorización previa por escrito antes de recomendar a cualquier candidato a GSK. La obtención de autorización previa por escrito es una condición precedente a cualquier acuerdo (verbal o escrito) entre la empresa o agencia de empleo y GSK. En ausencia de dicha autorización por escrito, se considerará que las acciones que emprenda la empresa o agencia de empleo se han realizado sin el consentimiento o el acuerdo contractual de GSK. Por lo tanto, GSK no será responsable de ninguna tarifa derivada de tales acciones o cualquier tarifa que surja de cualquier recomendación por parte de las empresas o agencias de empleo con respecto a las vacantes publicadas en este sitio.

Make every future a success.
  • Job directory
  • Business directory
    •