The Director of Security Posture Management and Governance is responsible for the execution and ongoing improvement of GSK’s Security Posture Management and Governance programs, which are designed to ensure that GSK’s technology systems and data are adequately protected. As a cybersecurity leader, this individual will work proactively with business units, senior leaders and other internal departments and organizations to implement practices per defined policies and standards; and is responsible for providing oversight and governance over activities to ensure management awareness, maintain risk metrics, and mature the security and posture of the environment.

• Establish and execute a strategic and comprehensive program to improve GSK’s security posture by identifying, scoping, and prioritizing security threats, vulnerabilities, defects and issues in our processes, applications, and systems.

• Govern the development of forward-looking strategic plans and enterprise requirements for ServiceNow, Archer, and Cloud Migration.

• Collaborate across Cyber Security and technology teams to ensure the collection, enrichment and processing or asset and application data, and required business data for purposes of assessing, monitoring, and reporting GSK’s security posture.

• Establish Vulnerability Management (VM) steering committee to review current VM posture, address escalations, and review exception requests for validity.

• Develop strategies and processes to identify, manage, and mitigate identified third party threats and vulnerabilities to attain desired risk profile and communicate strategies to key stakeholders.

• Manage statements of work in support of Cyber Maturity Program (CMP) operating models.

• Provide leadership and guidance on information security topics, advising and collaborating on security processes.

• Provide reporting on current state of security posture to senior managers as appropriate.

• Develop and maintain security policies, standards, guidelines and identify gaps to increase awareness of relevant security posture issues.

Why You?

Basic Qualifications:

• Bachelor’s degree in Computer Science or Information Technology.

• Certified Information Security Manager (CISM), Certified Information Systems Security Professional (CISSP), Certified Information Systems Auditor (CISA), or Certified Governance & Enterprise IT (CGEIT) certifications.

• 10+ years’ experience in information technology field, with 5+ years of experience in an information security and/or compliance and risk management role.

Preferred Qualification:

• Master’s degree

• Proven track record and experience in developing information security programs, policies, and procedures, including successful implementations in medium to large enterprise environments.

• High degree of initiative; dependability; experience managing multiple, simultaneous, and high-profile information security initiatives and responses.

• Strong knowledge of common information security management frameworks, such as ISO/IEC 27001, COBIT, NIST, CSA, and CIS.

• An understanding of relevant legal and regulatory requirements/standards, including but not limited to: GDPR, SOX, PCI-DSS, HIPAA and other relevant compliance standards.

• Knowledge of Information Technology Infrastructure Library (ITIL) with respect to security administration and information technology governance in a multi-platform environment.

• Exhibit strong written and verbal communication skills, interpersonal and collaborative skills.

• Strong ability to convey security information to non-technical customers in a way that inspires adoption and adherence to policies and programs.

• Experience in establishing Cyber Security metrics for reporting.

• Demonstrated sustained leadership in a large organization involving multiple stakeholders.

• Demonstrated management skills, e.g., budget development and administration, personnel administration, and staff training and development.

#LI-GSK

Why GSK?

GSK is a global biopharma company with a special purpose – to unite science, technology and talent to get ahead of disease together – so we can positively impact the health of billions of people and deliver stronger, more sustainable shareholder returns – as an organisation where people can thrive. Getting ahead means preventing disease as well as treating it, and we aim to positively impact the health of 2.5 billion people by the end of 2030.

Our success absolutely depends on our people. While getting ahead of disease together is about our ambition for patients and shareholders, it’s also about making GSK a place where people can thrive. We want GSK to be a workplace where everyone can feel a sense of belonging and thrive as set out in our Equal and Inclusive Treatment of Employees policy. We’re committed to being more proactive at all levels so that our workforce reflects the communities we work and hire in, and our GSK leadership reflects our GSK workforce.

If you require an accommodation or other assistance to apply for a job at GSK, please contact the GSK Service Centre at 1-877-694-7547 (US Toll Free) or +1 801 567 5155 (outside US).

GSK is an Equal Opportunity Employer and, in the US, we adhere to Affirmative Action principles. This ensures that all qualified applicants will receive equal consideration for employment without regard to race, color, national origin, religion, sex, pregnancy, marital status, sexual orientation, gender identity/expression, age, disability, genetic information, military service, covered/protected veteran status or any other federal, state or local protected class.

Important notice to Employment businesses/ Agencies

GSK does not accept referrals from employment businesses and/or employment agencies in respect of the vacancies posted on this site. All employment businesses/agencies are required to contact GSK's commercial and general procurement/human resources department to obtain prior written authorization before referring any candidates to GSK. The obtaining of prior written authorization is a condition precedent to any agreement (verbal or written) between the employment business/ agency and GSK. In the absence of such written authorization being obtained any actions undertaken by the employment business/agency shall be deemed to have been performed without the consent or contractual agreement of GSK. GSK shall therefore not be liable for any fees arising from such actions or any fees arising from any referrals by employment businesses/agencies in respect of the vacancies posted on this site.

Please note that if you are a US Licensed Healthcare Professional or Healthcare Professional as defined by the laws of the state issuing your license, GSK may be required to capture and report expenses GSK incurs, on your behalf, in the event you are afforded an interview for employment. This capture of applicable transfers of value is necessary to ensure GSK’s compliance to all federal and state US Transparency requirements. For more information, please visit GSK’s Transparency Reporting For the Record site.