Senior Lead Cyber Security Risk Analyst

Our Cyber Security organisation enables GSK to take on some of the biggest healthcare challenges in the world by protecting our business, customers, and patients from cyber risks. We are investing in growing our Cyber Security teams because they play a pivotal role as the nature and types of threats get more sophisticated. In this ever-evolving digital and technology landscape, it is critical to stay on top of issues that could cause us harm. This requires a deep understanding of cybersecurity concepts, techniques, and trends along with critical thinking. Our Cyber Security teams are continuously learning and developing their skills to protect against bad actors, allowing GSK to stay focused on what matters most - getting ahead of disease together. Key Responsibilities Identifying risk and mitigation, process improvements, pulling together information that team reports out to larger audience. Conduct regular security audits and assessments to identify potential weaknesses in existing security measures and make recommendations for improvements. Conduct network risk assessments to identify potential security risks and vulnerabilities. Evaluate the effectiveness of existing security controls and suggest improvements. Collaborate with cross-functional teams to gather necessary information for risk assessments. Analyze and interpret network security logs, incident reports, and other relevant data to identify potential breach areas or patterns. Develop risk assessment reports, presenting findings and recommendations to management and other stakeholders. Stay up to date with emerging security threats and trends and make recommendations for proactive measures to prevent potential risks. Ensure compliance with all relevant legal and regulatory requirements related to security and risk management. Monitor risk landscape and identify emerging and future risks. Proficient with multiple domain-specific cyber security technology solutions and can effectively integrate them to meet and exceed GSK s requirements. Test the effectiveness of GSK s cyber security technologies to identify and articulate opportunities for improvement across the digital, physical, and social elements of GSK. Understand the interaction of business and technology processes / risks and can explain it in business terms to both technical and non-technical audiences. Provide advice on security best practices, and guide GSK in developing and implementing security policies aligned to network/infrastructure. Evaluate and recommend emerging security products that enable and optimize network/infrastructure. Prepare monthly dashboards, statistics, and executive reports for the management. Minimum Level of Job-Related Experience Required 6 - 10 years of experience in IT risk and technology in a large organization of which 5 years in information security experience in cyber risk and relevant experience with Infrastructure/Network Additional Responsibilities Experience integrating and supporting various enterprise security tools, Risk assessment tools. CISSP, CISM Preferred Subject matter expertise in conducting security risk assessments for technology infrastructure and network. Proficient in network security tools and technologies such as firewalls, intrusion detection/prevention systems, and vulnerability scanners Understanding of control and risk management concepts and knowledge of the operational aspects of the information risk business Strong knowledge of network infrastructure, protocols, and security technologies Knowledge of risk management policies, methods, standards, processes, governance models, and industry-standard risk analysis approaches Knowledge of LAN, WAN and Data Centre network & Security industry standards relevant to data communications / networking and computing. Knowledge on Security best practices and experience in Network solutioning, Operations and Project Management. The ideal candidate possesses excellent communication skills and the ability to communicate inherently complicated technical concepts to non-technical stakeholders of all levels.