Job Description

As the Sr Director of Security Posture and Assurance for GSK you will set strategic vision and lead the initiatives within the cyber security organization to deliver a risk-based security testing program for both IT and OT.  You will evaluate, maintain, and monitor security controls and exclusions to provide near real-time visibility to the security posture of the organization's networks and systems ensuring world class protection against threats to patient and partner eco-systems.  In this role you will lead a team to develop multiple views into the security posture for different levels of the organization to make tactical and strategic decisions that relate to but not limited to; vulnerability management, penetration testing/red team, application security testing.  Additionally, this role is responsible for the enterprise wide eGRC platform strategy, roadmap, and platform support. 

Responsibilities:

·       Set the strategic vision and provide oversight to GSK’s cyber security testing program for IT/OT

·       Lead and develop a team of multi-disciplined security professionals

·       Identify and report metrics relating to security control implementations to executives to reveal the maturity of the organization's information security practice

·       Lead the continued deployment of the enterprise-wide solution to consolidate eGRC reporting, notification, remediation tracking

·       Partner with various internal customer entities to better understand the use cases and ensure these are appropriately articulated in the solution for vulnerability management, risk, and internal audit

·       Schedule, perform and maintain records of required information security auditing, patching, maintenance, software/hardware changes, and scanning based on evolving threat/vulnerabilities and industry compliance requirements

·       Report on the status of information security safeguards applied to computer systems and networks for overall awareness and perform period checks to determine validity of those controls through independently developed means and through partnerships with penetration testing and red teams. 

·       Provide mechanisms to routinely review critical security controls such as firewall rules, IPS rules

·       Advise senior cyber security stakeholders of emerging risks in the environment

Basic Qualifications: 

·       10+ years of cyber security leadership, working with senior executives and managing large teams

·       Deep security knowledge with the ability to work in a complex and fast paced environment

·       Proven experience in the security posture and assurance realm

·       Strong verbal and communications skills and ability to work across geographic and functional boundaries

·       BA Computer Science, Information Systems/BS, or related security experience

Preferred Qualifications 

·       CISM, CISSP, CISA CPP 

·       Advanced degree in Cyber Security

·       Knowledge of legal and/or regulatory matters in the context of enterprise security

·       Experience leading agile delivery teams

*LI-GSK

Why GSK?

Our values and expectations are at the heart of everything we do and form an important part of our culture.

These include Patient focus, Transparency, Respect, Integrity along with Courage, Accountability, Development, and Teamwork. As GSK focuses on our values and expectations and a culture of innovation, performance, and trust, the successful candidate will demonstrate the following capabilities:

Agile and distributed decision-making – using evidence and applying judgement to balance pace, rigor and risk
Managing individual and team performance.
Committed to delivering high quality results, overcoming challenges, focusing on what matters, execution.
Implementing change initiatives and leading change.
Sustaining energy and well-being, building resilience in teams.
Continuously looking for opportunities to learn, build skills and share learning both internally and externally.
Developing people and building a talent pipeline.
Translating strategy into action - a compelling narrative, motivating others, setting objectives and delegation.
Building strong relationships and collaboration, managing trusted stakeholder relationships internally and externally.
Budgeting and forecasting, commercial and financial acumen.