We are looking for an experienced SSRA Analyst to support CH Office of Deputy CISO supporting GSK’s Consumer separation and disentanglement program. Specialist on this role will provide a critical function supporting the planning and preparation for TSR Consumer Separation. The SSRA Analyst role will engage with senior business partners and requires a clear understanding of business imperatives in order to build commensurate cyber security controls around third-party risk. Highly skilled at diagnosing problems, modelling and analyzing data should be in your forte. This requires attention to detail and resourcefulness beyond compromise.
- Maintain and mature the third-party risk management process framework for cybersecurity risk, including vital standards, procedures, and technologies
- Execute and support the full lifecycle of information security and third-party risk assessments as needed, either individually or through available resources.
- Provide clarifying support, where vital, to internal third-party relationship owners or third-party representatives in their efforts to provide responses to the security risk assessment questionnaire.
- Coordinate with Legal and Procurement representatives to ensure accurate privacy and security clauses are included in third-party contracts
- Collaborate with internal third-party relationship owners and third-party representatives to recommend vital security controls to effectively mitigate risks to GSK
- Provide consultancy SME support in conducting security posture assessments as part of continuous monitoring or post breach scenarios to ensure that suppliers have adequate security controls.
Who we're looking for?
- Experience in translating third-party responses to assessment questionnaires, using sound judgement, into concise risk exposure reporting for delivery to internal partners
- Ability to identify sophisticated issues, communicate to relevant partners and help with the decision making
- Experience in ensuring robust tracking and remediation of third-party security and privacy risk exposures identified through assessment processes
- Experience and understanding of cybersecurity principles, cybersecurity controls, and related technologies and products
- Ability to integrate knowledge of the cybersecurity implications of networks, systems and implications with business process and behavioral security concerns into a well-articulated single risk picture that can be readily understood by business management and risk and compliance professionals
- Ability to write custom reports providing a wide range of security expertise to the business functions
- Experience and knowledge across different frameworks and standards such as ISO 27001, NIST, CIS etc.
- Understand innovations and evolving best practices among industry practitioners of third-party security risk management to continually mature processes.
- Working with virtual teams located in different countries around the world, aligning and adapting different work, culture and communication styles.
- Implementing innovative ideas on detection and prevention controls
- Ability to prioritize, delegate, and foster the development of high-performance teams to lead/support an environment driven by customer service and teamwork
- Healthcare package
- Healthcare package for families
- Leisure package
- Hot beverages