We are looking for an experienced SSRA Analyst to support CH Office of Deputy CISO supporting GSK’s Consumer separation and disentanglement program. Specialist on this role will provide a critical function supporting the planning and preparation for TSR Consumer Separation. The SSRA Analyst role will engage with senior business partners and requires a clear understanding of business imperatives in order to build commensurate cyber security controls around third-party risk. Highly skilled at diagnosing problems, modelling and analyzing data should be in your forte. This requires attention to detail and resourcefulness beyond compromise. Solving sophisticated problems in a constantly evolving environment requires grit, innovative and forward-thinking approach.
- Perform supplier cybersecurity assessments and reports in line with departmental procedures and processes.
- Support onsite supplier assurance visits when appropriate to ensure supplier controls have been implemented and are operating responsibly in accordance with contractual obligations throughout relationship lifecycle.
- Create risk assessment documentation to outline mitigation plans and residual risk for acceptance by the business.
- Negotiate risk elements, mitigation plans, and risk acceptance with external suppliers and GSK business relationship owners.
- Ensure the quality and consistency of cybersecurity assessment activity and related processes and procedures that are relied upon by lines of business for their risk Management and compliance.
Who we're looking for?
- Experience in evaluating third parties for the presence of fundamental cybersecurity controls.
- Experience conducting risk assessments and applying concepts of inherent and residual risk in order to draw appropriate conclusions and articulate the same to non-technical audiences.
- Negotiating risk elements, mitigation plans, and risk acceptance together with external suppliers and business supplier relationship owners to ensure protection of company assets
- Ability to communicate effectively with highly technical security specialists internally and externally as well as business process and data owners
- Ability to operate autonomously in the execution of third-party security risk program framework.
- Experience and knowledge across different frameworks and standards such as ISO 27001, NIST, CIS etc.
- Experience as an in-house or commercial information security and risk consultant with experience in either an IT security assurance or audit function and/or experience in assessment of technical controls against a documented set of standards and best practices
- Working and co-operating with virtual teams located in different countries around the world, aligning and adapting different work, culture and communication styles.
- Ability to deal with conflicting priorities in alignment with overall business and departmental strategies.
- An awareness of information and application cybersecurity techniques, common vulnerabilities, and emerging exploits. Broader knowledge of information security and operational technology controls, technologies and processes.
- Healthcare package
- Healthcare package for families
- Leisure package
- Hot beverages