Job Description

Our Cyber Security organisation enables GSK to take on some of the biggest healthcare challenges in the world by protecting our business, customers, and patients from cyber risks. We are investing in growing our Cyber Security teams because they play a pivotal role as the nature and types of threats get more sophisticated. In this ever-evolving digital and technology landscape, it is critical to stay on top of issues that could cause us harm. This requires a deep understanding of cybersecurity concepts, techniques, and trends along with critical thinking. Our Cyber Security teams are continuously learning and developing their skills to protect against bad actors, allowing GSK to stay focused on what matters most - getting ahead of disease together. Key Responsibilities 6+ years of proven experience in cyber security Knowledge of information security principles, technology and tactics with an understanding of technological trends and a basic understanding of information security architecture. Experience developing and delivering security awareness programs Experience working in information security and demonstrable understanding of the concepts of information security Knowledge of security policies and principles of information handling and protection An in-depth understanding of ISO 27002 security policy, and a working knowledge of other policy frameworks such as ISO, COBIT and NIST a plus Familiarity with local and regional regulatory information security requirements Ability to appropriately balance security awareness needs with business impact and benefit Skilled in presentations and briefings Technical acumen with Excel, Tibco Spotfire and other business analysis tools preferable Ability to team well with others to facilitate and enhance the understanding and compliance to security policies Maintain awareness of the current security threat landscape The ability to understand information security technical controls and methods as well as their application in the context of business solutions is required to function properly within this team. Minimum Level of Job-Related Experience Required 5 to 10 years of proven experience in cyber security and/or third party security risk management Additional Responsibilities Provide comprehensive coordination and administrative support for the social engineering attacks, e.g. phishing, simulations programme. Responsible for supporting that programme and coordinating any learning interventions that are required for people who fall for the simulations. Coordination of all activities related to communication to staff at all levels of the organisation, managing internal and customer-focused communications, assisting with data collection and analysis, creating learning assets and awareness materials Conducting detailed project activities, tracking progress, and reporting the outcomes Collaborate with internal GSK stakeholders and managed service partners representatives to recommend necessary security awareness to effectively mitigate risks to GSK Evangelize security awareness processes across business lines to help influence a strong culture of proactive awareness Monitor and identify the top human risks to our organization and the behaviors we need to change to mitigate those risks Implement and support a positive security awareness program, which focuses on changing behaviors both at work and at home