SSRA Senior Analyst

GSK Tech Global Centre in Poznan
Online interview
Employment contract
Remote possible
Paid vacation

Project description

We are looking for an experienced SSRA Analyst to support CH Office of Deputy CISO supporting GSK’s Consumer separation and disentanglement program. Specialist on this role will provide a critical function supporting the planning and preparation for TSR Consumer Separation. The SSRA Analyst role will engage with senior business partners and requires a clear understanding of business imperatives in order to build commensurate cyber security controls around third-party risk. Highly skilled at diagnosing problems, modelling and analyzing data should be in your forte. This requires attention to detail and resourcefulness beyond compromise.

Your tasks

  • Maintain and mature the third-party risk management process framework for cybersecurity risk, including vital standards, procedures, and technologies
  • Execute and support the full lifecycle of information security and third-party risk assessments as needed, either individually or through available resources.
  • Provide clarifying support, where vital, to internal third-party relationship owners or third-party representatives in their efforts to provide responses to the security risk assessment questionnaire.
  • Coordinate with Legal and Procurement representatives to ensure accurate privacy and security clauses are included in third-party contracts
  • Collaborate with internal third-party relationship owners and third-party representatives to recommend vital security controls to effectively mitigate risks to GSK
  • Provide consultancy SME support in conducting security posture assessments as part of continuous monitoring or post breach scenarios to ensure that suppliers have adequate security controls.

Who we're looking for?


  • Experience in translating third-party responses to assessment questionnaires, using sound judgement, into concise risk exposure reporting for delivery to internal partners
  • Ability to identify sophisticated issues, communicate to relevant partners and help with the decision making
  • Experience in ensuring robust tracking and remediation of third-party security and privacy risk exposures identified through assessment processes
  • Experience and understanding of cybersecurity principles, cybersecurity controls, and related technologies and products
  • Ability to integrate knowledge of the cybersecurity implications of networks, systems and implications with business process and behavioral security concerns into a well-articulated single risk picture that can be readily understood by business management and risk and compliance professionals
  • Ability to write custom reports providing a wide range of security expertise to the business functions


  • Experience and knowledge across different frameworks and standards such as ISO 27001, NIST, CIS etc.
  • Understand innovations and evolving best practices among industry practitioners of third-party security risk management to continually mature processes.
  • Working with virtual teams located in different countries around the world, aligning and adapting different work, culture and communication styles.
  • Implementing innovative ideas on detection and prevention controls
  • Ability to prioritize, delegate, and foster the development of high-performance teams to lead/support an environment driven by customer service and teamwork

How we manage our projects?
Scrum, Agile, Kanban
Who makes architectural decisions?
Team and tech leads
Who makes technology stack decisions?
Project management software
JIRA, Microsoft Teams, Azure Devops
How we code?
Version control
Style guide
Code review
Static code analysis
Code metrics
Knowledge database
How we test?
Unit tests
Integration tests
System tests
Performance tests
Manual testing
Test automation
Additional monitor
Personal container
Operating system
Work environment
Tech supervisor
Open space
Flexible working hours
  • Healthcare package
  • Healthcare package for families
Leisure package
  • Leisure package
  • Hot beverages
  • Fruits
  • Snacks
  • Trainings
  • Car parking
  • Bicycle parking
  • Chill room
  • Integration events
  • work up to 80% of your working time per month remotely
  • flexible working hours
  • work part-time or have a long weekend thanks to Short Friday

Our company

GSK Tech Global Centre in Poznan

Poznań 750
Tech skills
  • Node.js
  • JavaScript
  • Java

Check out similar job offers