SSRA Analyst

GSK Tech Global Centre in Poznan
Mid
Online interview
Employment contract
Poznań
Remote possible
80%
Paid vacation
26

Project description

We are looking for an experienced SSRA Analyst to support CH Office of Deputy CISO supporting GSK’s Consumer separation and disentanglement program. Specialist on this role will provide a critical function supporting the planning and preparation for TSR Consumer Separation. The SSRA Analyst role will engage with senior business partners and requires a clear understanding of business imperatives in order to build commensurate cyber security controls around third-party risk. Highly skilled at diagnosing problems, modelling and analyzing data should be in your forte. This requires attention to detail and resourcefulness beyond compromise. Solving sophisticated problems in a constantly evolving environment requires grit, innovative and forward-thinking approach. 

Your tasks

  • Perform supplier cybersecurity assessments and reports in line with departmental procedures and processes.
  • Support onsite supplier assurance visits when appropriate to ensure supplier controls have been implemented and are operating responsibly in accordance with contractual obligations throughout relationship lifecycle.
  • Create risk assessment documentation to outline mitigation plans and residual risk for acceptance by the business.
  • Negotiate risk elements, mitigation plans, and risk acceptance with external suppliers and GSK business relationship owners.
  • Ensure the quality and consistency of cybersecurity assessment activity and related processes and procedures that are relied upon by lines of business for their risk Management and compliance.


Who we're looking for?

Basic Qualifications:

  • Experience in evaluating third parties for the presence of fundamental cybersecurity controls.
  • Experience conducting risk assessments and applying concepts of inherent and residual risk in order to draw appropriate conclusions and articulate the same to non-technical audiences.
  • Negotiating risk elements, mitigation plans, and risk acceptance together with external suppliers and business supplier relationship owners to ensure protection of company assets
  • Ability to communicate effectively with highly technical security specialists internally and externally as well as business process and data owners
  • Ability to operate autonomously in the execution of third-party security risk program framework.

Preferred Qualifications:

  • Experience and knowledge across different frameworks and standards such as ISO 27001, NIST, CIS etc.
  • Experience as an in-house or commercial information security and risk consultant with experience in either an IT security assurance or audit function and/or experience in assessment of technical controls against a documented set of standards and best practices
  • Working and co-operating with virtual teams located in different countries around the world, aligning and adapting different work, culture and communication styles.
  • Ability to deal with conflicting priorities in alignment with overall business and departmental strategies.
  • An awareness of information and application cybersecurity techniques, common vulnerabilities, and emerging exploits. Broader knowledge of information security and operational technology controls, technologies and processes. 

How we manage our projects?
Methodology
Scrum, Agile, Kanban
Who makes architectural decisions?
Team and tech leads
Who makes technology stack decisions?
Architect
Project management software
JIRA, Microsoft Teams, Azure Devops
How we code?
Git
Version control
Style guide
Code review
Static code analysis
TDD
BDD
Code metrics
Knowledge database
How we test?
Unit tests
Integration tests
System tests
Performance tests
Manual testing
Test automation
CI
Toolset
Laptop
Additional monitor
Headphones
Personal container
Phone
Operating system
Work environment
Tech supervisor
Open space
Flexible working hours
Healthcare
  • Healthcare package
  • Healthcare package for families
Leisure package
  • Leisure package
Kitchen
  • Hot beverages
  • Fruits
  • Snacks
Traning
  • Trainings
Parking
  • Car parking
  • Bicycle parking
Other
  • Chill room
  • Integration events
  • work up to 80% of your working time per month remotely
  • flexible working hours
  • work part-time or have a long weekend thanks to Short Friday

Our company

GSK Tech Global Centre in Poznan

Poznań 750
Tech skills
  • Node.js
  • JavaScript
  • Java

Check out similar job offers