Senior Principal - Cyber Risk and Assurance Data Security

Ready to help shape the future of healthcare?

GSK is a global biopharma company with a special purpose – to unite science, technology and talent to get ahead of disease together – so we can positively impact the health of billions of people and deliver stronger, more sustainable shareholder returns – as an organization where people can thrive. Getting ahead means preventing disease as well as treating it, and we aim to impact the health of 2.5 billion people around the world over 10 years.

Our success absolutely depends on our people. While getting ahead of disease together is about our ambition for patients and shareholders, it’s also about making GSK a place where people can thrive. We want GSK to be a place where people feel inspired, encouraged and challenged to be the best they can be. A place where they can be themselves – feeling welcome, valued and included. Where they can keep growing and look after their wellbeing. So, if you share our ambition, join us at this exciting moment in our journey to get Ahead Together.

GSK is looking for a data security risk manager. If you are looking for an exciting place to work, please look at the list of qualifications below.

Responsibilities

• Identifying a company’s internal and external data sources, collaborating with department heads to determine their data storage and organizational needs.
• conduct end-end data flow mapping on our suppliers to ensure that appropriate protection is enforced on GSK and at supplier’s side.
• Creating and implementing data management processes and procedures
• Perform data analytics in our data lake and provide support to various projects to link multiple points
• Responsible for interfacing with our compliance, audit, and legal teams on matters of mutual interest
• Ownership of security metrics and incident analysis across the organization – must be able to document and communicate to appropriate audiences.
• Coordinating the execution of all IT Security tools, technologies, people, processes, and procedures enterprise-wide, ensuring internal and external standards are followed.
• Performing audits on data security and conduct risk assessment and analysis related to data security areas.
• Enhancing data security systems and identify the gaps and ensure they are formulated via relevant policies and addressed as part of data security.
• Proven experience in data and database security roles, including database administration.
• Understanding of secure coding principles and collaboration with developers to ensure application security.
• Proficiency in encryption techniques for data at rest and in transit, along with knowledge of data loss prevention (DLP) strategies. - Familiarity with cloud security best practices and the ability to secure cloud environments (e.g., AWS, Azure, Google Cloud).
• Knowledge of security standards, compliance frameworks (e.g., NIST, ISO 27001), and relevant regulations (e.g., GDPR, HIPAA)
• Must collaborate well with other IT teams across the organization.
• This role is both strategic and tactical – must have strong technical capabilities in the security arena, particularly in the areas of encryption, data loss prevention and other data management technologies strong leadership skills with their team, and across other teams.
• Provide recommendations for data collection requirements, and policy configurations of deployed security technologies.
• Work along with architects, prioritizes, coordinates, and communicates the choice of security.
• Must be able to communicate and articulate security matters to all layers of the organization.
• Providing United’s Leadership team updates on our data security posture
• Assists in monitoring and analyzing attempted efforts to compromise security protocols.
• Monitor, maintain and tune Data Security systems and policies and Investigate Data Security events.
• Data Loss Prevention (DLP) Engineering - Email, Endpoint, Web, File Discover and implement performance of data centre security standards, policies, and practices.
• Develop security plans for on-site special events and other unique security situations to assure proper access control and evacuation procedures are followed.

• Knowledge necessary to keep responsibility for the Application and Data security service delivery in line with industry standards and service management frameworks.
• Bachelor/Graduate degree in Computer Science, Mathematics, or a related technical field and a minimum of 15+ years related professional experience.
• Strong knowledge of data and database security principles, encryption techniques, access controls, auditing, and DLP solutions. - Familiarity with various database management systems (e.g., Oracle, MySQL, SQL Server).
• At least 2 years’ experience working with DLP, DRM, or other Data Security technology (internal, perimeter and cloud), proxy, and data security.
• At least 2 years with external customers
• At least 2 years’ experience developing and communicating recommendations to non-technical business areas.
• At least 2 years process management on Security frameworks/standards (ISO 27002, PCI compliance, NIST/DISA guides).
• Experience in data-driven cyber security solutions architecture, development, and deployment
• At least 3 years of experience in Leading Stakeholder Engagement
• 10+years of experience working health related data and regulations.
• Deep knowledge of US data security laws and regulations
• Strong understanding of international data security laws and regulations particularly with the EU nations
• Successful track record of implementing data security and governance programs.

At GSK we value diversity (Gender, LGBTQ +, PwD etc.) and treat all candidates equally. We aim to create an inclusive workplace where all employees feel engaged, supportive of one another, and know their work makes an important contribution.

#LI-GSK

#GSKcso

Why GSK?

Uniting science, technology and talent to get ahead of disease together.

GSK is a global biopharma company with a special purpose – to unite science, technology and talent to get ahead of disease together – so we can positively impact the health of billions of people and deliver stronger, more sustainable shareholder returns – as an organisation where people can thrive. We prevent and treat disease with vaccines, specialty and general medicines. We focus on the science of the immune system and the use of new platform and data technologies, investing in four core therapeutic areas (infectious diseases, HIV, respiratory/ immunology and oncology).

Our success absolutely depends on our people. While getting ahead of disease together is about our ambition for patients and shareholders, it’s also about making GSK a place where people can thrive. We want GSK to be a place where people feel inspired, encouraged and challenged to be the best they can be. A place where they can be themselves – feeling welcome, valued, and included. Where they can keep growing and look after their wellbeing. So, if you share our ambition, join us at this exciting moment in our journey to get Ahead Together.

  
Important notice to Employment businesses/ Agencies

GSK does not accept referrals from employment businesses and/or employment agencies in respect of the vacancies posted on this site. All employment businesses/agencies are required to contact GSK's commercial and general procurement/human resources department to obtain prior written authorization before referring any candidates to GSK. The obtaining of prior written authorization is a condition precedent to any agreement (verbal or written) between the employment business/ agency and GSK. In the absence of such written authorization being obtained any actions undertaken by the employment business/agency shall be deemed to have been performed without the consent or contractual agreement of GSK. GSK shall therefore not be liable for any fees arising from such actions or any fees arising from any referrals by employment businesses/agencies in respect of the vacancies posted on this site.

It has come to our attention that the names of GlaxoSmithKline or GSK or our group companies are being used in connection with bogus job advertisements or through unsolicited emails asking candidates to make some payments for recruitment opportunities and interview. Please be advised that such advertisements and emails are not connected with the GlaxoSmithKline group in any way.

GlaxoSmithKline does not charge any fee whatsoever for recruitment process. Please do not make payments to any individuals / entities in connection with recruitment with any GlaxoSmithKline (or GSK) group company at any worldwide location. Even if they claim that the money is refundable.

If you come across unsolicited email from email addresses not ending in gsk.com or job advertisements which state that you should contact an email address that does not end in “gsk.com”, you should disregard the same and inform us by emailing askus@gsk.com, so that we can confirm to you if the job is genuine.