Cyber Risk & Assurance – BU Metrics Senior Manager

Ready to help shape the future of healthcare?

GSK is a global biopharma company with a special purpose – to unite science, technology and talent to get ahead of disease together – so we can positively impact the health of billions of people and deliver stronger, more sustainable shareholder returns – as an organisation where people can thrive. Getting ahead means preventing disease as well as treating it, and we aim to impact the health of 2.5 billion people around the world in the next 10 years.

Our success absolutely depends on our people. While getting ahead of disease together is about our ambition for patients and shareholders, it’s also about making GSK a place where people can thrive. We want GSK to be a place where people feel inspired, encouraged and challenged to be the best they can be. A place where they can be themselves – feeling welcome, valued and included. Where they can keep growing and look after their wellbeing. So, if you share our ambition, join us at this exciting moment in our journey to get Ahead Together.

Job Purpose

The Cyber Risk & Assurance – BU Metrics Senior Manager will work within GSK’s Cyber Risk & Assurance team, interacting directly with stakeholders to drive and support the metrics (KRI, KPI, and KCI, etc.) programs and reporting automation development. This includes managing and supporting activities that are focused on developing cyber security measurements, creating user-interface application, standardizing ETL process and implementing PowerBI dashboards and other tools, in turn improving the operation effectiveness/efficiency and program sustainability.

Key Responsibilities:

• Support the development and implementation of the Cybersecurity Metrics Reporting strategy, program definition, service and SLA definition by driving daily operations and ensuring quality assurance.

• Engage with business stakeholders and senior leaders to define cybersecurity metrics align with GSK's risk tolerance utilizing established knowledge of NIST’s Computer Security Framework (CSF) and metric lifecycle management.

• Automate the process of data-pull from various Source-of-Records (SOR) with built-in quality assurance checks and control reviews.

• Assess the unique requirements and interdependencies to create a metric reporting suite including various levels of reporting materials and scorecards tailored to specific groups of audiences in a timely basis.

• Develop and automate real-time reporting solutions for security metrics covering the entire metric reporting lifecycle from source data to final visualization dashboards.

• Advise on risk metric lifecycle management including risk assessment coverage, metric credible challenge, thresholds determination, and governance activities, etc.

• Utilize cybersecurity metrics to report, track and communicate remediation progress, develop governance procedure for Consequence Management utilized to manage remediation progress, and present to business stakeholders and senior leaders to demonstrate progress.

• Implement effective solutions for topics around data feasibility, ad-hoc dashboard requirements, and various descriptive and predictive forecasting analysis tasks.

• Partner with other teams in effectively providing a cyber risk service reducing response times and improving on integration and automation.

• Prioritize workload based on urgency and importance and effectively manage conflicting priorities and multiple tasks.

Basic Qualifications

• A bachelor's degree in Computer Science or related field

• Demonstrated expert skills in building elegant and interactive data visualizations of complex information

• Advanced skills in PowerBI, Archer Integration, Risk Management, and PowerPoint

• Demonstrated experience with end-to-end security metrics process including metrics collection, tracking, and reporting.

• Experience in developing information security presentations for executive level consumption and effectively influencing program owners to drive remediation

• Experience in planning, designing, and deploying the integration of various data sources into a BI solution

• Experience in process definition, workflow design, and process mapping

• Experience in establishing an enterprise-wide metric reporting solution

• Understanding of security frameworks and standards such as NIST, CIS, OWASP

• Typically possesses experience with any scripting languages (Python, Perl, Bash, PHP, etc.)

Preferred qualifications

• Advanced certifications, diplomas, professional certifications, advanced degrees in Cyber or information security – examples include:

• CISSP, CISM, CISA, CIPT, CIPM, CRISC or other relevant certification desired

• Salesforce Platform App Builder credential

• Experience with Service Now and Archer GRC Platform Integration highly preferred.

• Project Management

• Prior leadership and people management experience

At GSK we value diversity (Gender, LGBTQ +, PwD etc.) and treat all candidates equally. We aim to create an inclusive workplace where all employees feel engaged, supportive of one another, and know their work makes an important contribution.

*LI-GSK

GSK is a global biopharma company with a special purpose – to unite science, technology and talent to get ahead of disease together – so we can positively impact the health of billions of people and deliver stronger, more sustainable shareholder returns – as an organisation where people can thrive. Getting ahead means preventing disease as well as treating it, and we aim to impact the health of 2.5 billion people around the world in the next 10 years. ?
 
Our success absolutely depends on our people. While getting ahead of disease together is about our ambition for patients and shareholders, it’s also about making GSK a place where people can thrive. We want GSK to be a place where people feel inspired, encouraged and challenged to be the best they can be. A place where they can be themselves – feeling welcome, valued and included. Where they can keep growing and look after their wellbeing. So, if you share our ambition, join us at this exciting moment in our journey to get Ahead Together.?
 

Important notice to Employment businesses/ Agencies

GSK does not accept referrals from employment businesses and/or employment agencies in respect of the vacancies posted on this site. All employment businesses/agencies are required to contact GSK's commercial and general procurement/human resources department to obtain prior written authorization before referring any candidates to GSK. The obtaining of prior written authorization is a condition precedent to any agreement (verbal or written) between the employment business/ agency and GSK. In the absence of such written authorization being obtained any actions undertaken by the employment business/agency shall be deemed to have been performed without the consent or contractual agreement of GSK. GSK shall therefore not be liable for any fees arising from such actions or any fees arising from any referrals by employment businesses/agencies in respect of the vacancies posted on this site.

It has come to our attention that the names of GlaxoSmithKline or GSK or our group companies are being used in connection with bogus job advertisements or through unsolicited emails asking candidates to make some payments for recruitment opportunities and interview. Please be advised that such advertisements and emails are not connected with the GlaxoSmithKline group in any way.

GlaxoSmithKline does not charge any fee whatsoever for recruitment process. Please do not make payments to any individuals / entities in connection with recruitment with any GlaxoSmithKline (or GSK) group company at any worldwide location. Even if they claim that the money is refundable.

If you come across unsolicited email from email addresses not ending in gsk.com or job advertisements which state that you should contact an email address that does not end in “gsk.com”, you should disregard the same and inform us by emailing [email protected], so that we can confirm to you if the job is genuine.