Site Name:
Bengaluru Luxor North Tower
Posted Date:
Nov 27 2025The primary purpose of this position is to support the Director of Cyber Risk and Assurance and operationalise cyber risk assurance management practices within the business unit by embedding the concept of secure by design, driving Cyber Security Officer (CSO) initiatives within the business unit (BU) to reduce cyber security risk, improve the BU risk profile, and ensure effective risk management and reporting.The role is accountable for embedding a culture of security within the business, ensuring cyber risks are understood, assessed, and effectively managed in alignment with enterprise policies and regulatory requirements. The Senior Principle - Cyber Risk & Assurance provides expert guidance, translates technical security risks into business terms ensuring effective risk-informed decision-making to protect critical assets, patients, and GSK intellectual property.This demands effective stakeholder management and engagement, the Senior Principle - Cyber Risk & Assurance will focus on influencing key stakeholders, delivering CSO projects, programs, and initiatives that enhance cyber security resilience and ensure proportionate cyber security coverage throughout the BU operations.Acting as a central point of contact for cyber security within the business unit, this position will coordinate with a range of cross-functional teams such as Training and Awareness, Third-Party Risk Management, Governance Risk and Compliance (GRC), Legal, Tech, Architecture and Engineering, and the full suite of CSO disciplines to meet business and security needs effectively.Leveraging technical expertise and business acumen to balance and communicate security risks to key business leaders and stakeholders, this role will be responsible for identifying, analysing, prioritising and influencing the management and remediation of security risks across the BU, working with BU stakeholders to understand their objectives, key projects, and initiatives to ensure cyber security is considered at the outset to embed secure by design principles reducing likelihood of cyber risk and improve resilience.The Senior Principle - Cyber Risk & Assurance shall support the Director of Cyber Risk and Assurance in the collation and delivery of Information Security Governance Meeting (ISGM) materials to Senior Business Unit Risk Owners (SBURO), ensuring all data is collected, checking for accuracy, and presented in the desired format to support effective and timely risk decision-making.They shall further assist in ensuring all BU issues and risks are raised and comprehensively reviewed and approved within the integrated risk management platforms as applicable and perform high-level risk assessments, data gathering, analysis as necessary and presenting the results back to the BU, influencing key stakeholders to ensure effective remediation plans are developed and implemented.
Key Responsibilities
:Leadership and Operational Delivery
- Support the Director of Cyber Risk and Assurance in driving an effective cyber risk and assurance culture and strategy across the BU.
- Execute CSO projects and initiatives resulting from CSO strategy that impact the BU and report progress back to BU and Director of Cyber Risk and Assurance.
- Partner with the BU, GRC, Legal, and the wider CSO teams to eliminate overlaps and provide a holistic and consistent cyber security posture.
- Act as focal point for cyber security matters within the BU, ensuring alignment with the cyber risk framework, standards, and policies.
Risk Management and Reporting
- Oversee and support Key Risk Indicator (KRI) metrics and risk profile reporting.
- Monitor and oversee the execution of risk assessments, exceptions/issues approvals, remediation plans, and general cyber risk management activities whilst monitoring adherence to SLAs and KPIs.
- Facilitate the development of metrics to measure, report, and enable effective risk decision making.
- Ensure the right stakeholders are engaged and notified at appropriate stages of risk identification, remediation and reporting.
Perform/assist risk assessments, business impact analyses, and tests of business continuity plans, and continuously strengthen the corporate business continuity program and framework Stakeholder Engagement and Cross-Functional Collaboration
- Guide business owners and relevant stakeholders throughout the entire delivery lifecycle ensuring that information security is considered in a proportionate and tailored way
- Facilitate process and walkthrough discussions to document end-to-end business processes, functional requirements, identify key cyber risks and exposures, and advocate for control design.
Knowledge and Upskilling
Maintain current knowledge of cyber security and cyber risk management requirements and accreditation standards and monitor changes in technology impacting security & risk posture.
