hackajob is a matching platform partnering with GSK helping them to hire the best talent and build the future. To get the chance to get matched to this role and other similar roles, click on Apply to set up your free profile.
GSK is a global biopharma company with a special purpose to unite science, technology and talent to get ahead of disease so the health of billions of people can be positively impacted and so stronger, more sustainable shareholder returns can be delivered as an organisation where people can thrive. Getting ahead means preventing disease as well as treating it, and GSK aims to impact the health of 2.5 billion people around the world in the next 10 years.
Role: Principal - Cyber Risk and Assurance - Infra/Network
Purpose of Role:
This role requires expertise in assessing and managing security risks associated with infrastructure components, network architecture, and associated technologies.
Key Responsibilities:
- Conduct comprehensive risk assessments of the organization's infrastructure and network environment to identify potential security vulnerabilities, threats, and risks.
- Develop and maintain a risk assessment framework and methodology tailored to GSK's infrastructure and network security, incorporating GSK standards and industry best practices.
- Lead the design and implementation of risk assessment processes, including security architecture reviews, to evaluate the effectiveness of security controls.
- Collaborate with internal teams, including IT operations, network engineering, and application development, to assess security risks associated with infrastructure changes, network expansions, and technology deployments.
- Define and prioritize security remediation efforts based on risk assessment findings, business impact analysis, and regulatory compliance requirements.
- Provide guidance and recommendations to senior management on infrastructure and network security risks, potential threats, and risk mitigation strategies.
- Develop and maintain documentation related to risk assessment processes, findings, remediation plans, and security controls.
- Stay abreast of emerging security threats, vulnerabilities, and industry trends related to infrastructure and network security, and incorporate relevant insights into risk assessment practices.
- Collaborate with external auditors, regulators, and third-party vendors to facilitate security assessments, audits, and compliance reviews as needed.
- Monitor risk landscape and identify emerging and future risks.
- Analyse the GSK's cyber security infrastructures to enable targeted and data-driven enhancements.
- Test the effectiveness of GSK's cyber security technologies to identify and articulate opportunities for improvement across the digital, physical, and social elements of GSK.
- Proficient with multiple domain-specific cyber security technology solutions and can effectively integrate them to meet and exceed GSK's requirements.
- Enable sustainability and continuous improvement of cyber security solutions by assessing and enhancing GSK's cyber security governance infrastructures.
Qualifications:
- Bachelor's degree in computer science, information technology, or a related field. Master's degree or relevant certifications (e.g., CISSP, CISM, CISA, CEH) preferred.
- 10+ years of experience in IT risk and technology in a large organization of which 5 years in information security experience in cyber risk and relevant experience with Infrastructure/Network
- In-depth knowledge of network infrastructure components, protocols, and technologies, including routers, switches, firewalls, VPNs, and intrusion detection/prevention systems.
- Strong understanding of security risk assessment methodologies, frameworks (e.g., NIST, ISO 27001), and industry standards.
- Experience with security assessment tools and technologies, such as vulnerability scanners, penetration testing tools, and network monitoring solutions.
- Excellent analytical and problem-solving skills, with the ability to analyse complex technical environments and identify security risks and vulnerabilities.
- Effective communication and interpersonal skills, with the ability to convey technical concepts to non-technical stakeholders and collaborate effectively with cross-functional teams.
- Strong project management skills, with the ability to plan, organize, and execute security risk assessment initiatives within defined timelines.
- Commitment to continuous learning and professional development in the field of cybersecurity and infrastructure/network security risk management.
