Director Technology Governance Risk and Compliance - Enterprise AI

Job Description

Are you energized by a compliance security leadership role that optimizes information security protection? If so, this Compliance Security Domain Director role could be an exciting opportunity to explore. As a Compliance Security Domain Director, you will be responsible for ensuring that information protection change activities are we'll understood by regional business leaders and roll out of activities is phased to cause the least business disruption. This role will provide YOU the opportunity to lead key activities to progress YOUR career, these responsibilities include some of the following: Providing risk management services by applying the GSK Risk Management Framework and processes for information security within the Region, including its articulation and application. Negotiating risk management assessments and establishing local business cases to gain funding and sponsorship for security investments and changes. Providing oversight of regional governance, measurement & reporting to ensure that significant information risk decisions are made in accordance with the agreed risk appetite/limits or are being escalated to the appropriate level of authority for agreement of any risk acceptance or tolerance. Reporting into the Chief Information Security Officer (CISO) on the risk coverage of project and assets, business specific security initiatives or deviation from GSK information security strategy. Ensuring alignment of information protection program strategy deployment and regional business change activity through review and influence of the content of GSK regional business and risk management strategies, policies and management practices. Ensuring that GSK information security requirements and group strategies are communicated and understood within the region. Promoting security awareness & capability development by tailoring global information security awareness programmes. Supporting the localization of security communications and culture change activities to make them accessible within each region. Leveraging Embedded Business Capability by maintaining awareness of security capabilities and roles embedded in the region and influencing the delivery of these services. Supporting the CISO and regional leaders in any significant information security related crisis incidents as required and ensuring business unit crisis teams are engaged as appropriate. Basic Qualifications: bachelors Degree Information Security Certification or Risk Management Certification 5 or more years of experience in information security risk management in a regulated environment Experience in the pharmaceutical, healthcare or consumer healthcare industry Preferred Qualifications: Post Graduate Degree in information technology Strong verbal and written communication skills Experience with information security controls, techniques, and processes particularly in applications security Demonstrated ability to influence across a matrixed organization Why GSK Agile and distributed decision-making - using evidence and applying judgement to balance pace, rigour and risk Managing individual and team performance. Committed to delivering high quality results, overcoming challenges, focusing on what matters, execution. Implementing change initiatives and leading change. Sustaining energy and we'll-being, building resilience in teams. Continuously looking for opportunities to learn, build skills and share learning both internally and externally. Developing people and building a talent pipeline. Translating strategy into action - a compelling narrative, motivating others, setting objectives and delegation. Building strong relationships and collaboration, managing trusted stakeholder relationships internally and externally. Budgeting and forecasting, commercial and financial acumen.