Principal - Cyber Risk and Assurance

**Job Title:** Principal - Cyber Risk and Assurance


**Position Summary:**
The Principal - Cyber Risk and Assurance role at GSK is an exciting opportunity to lead efforts in safeguarding our business, customers, and patients from cyber risks. This position involves partnering with global teams to embed "secure by design" principles across projects and operations, ensuring robust cyber security coverage throughout the development lifecycle. The role requires collaboration with cross-functional teams, including Cyber Security Operations, Governance Risk and Compliance, and Architecture and Engineering, to address business needs effectively. We value candidates who are proactive, analytical, and possess strong communication skills to influence and drive a culture of cyber resilience.

**Responsibilities:**
1. Identify, document, and report business cyber risks to senior stakeholders, positively influencing the cyber security posture.
2. Provide subject matter expertise in managing risks across key areas such as data, applications, cloud, and identity access management (IAM).
3. Conduct formal cyber security risk assessments for business projects, ensuring compliance with GSK policies, controls, and regulatory requirements while meeting business objectives.
4. Collaborate with internal and external stakeholders to recommend security and privacy controls that mitigate risks effectively.
5. Guide business owners and stakeholders throughout the delivery lifecycle, ensuring tailored and proportionate information security measures.
6. Partner with global teams to align cyber risk management frameworks, metrics, and reporting with GSK’s strategy and initiatives.

**Qualifications/Skills:**

**Basic Qualifications:**

10+ years of cyber security risk assessments experience.
1. Bachelor’s degree in Cyber Security, Information Technology, Computer Science, or a related field.
2. Demonstrated experience in cyber security principles, IT security controls, and related technologies.
3. Experience conducting cyber security risk assessments and third-party security and data privacy evaluations.
4. Strong verbal and written communication skills in English, with the ability to interact effectively with professionals at all levels.
5. Knowledge of frameworks and standards such as ISO 27001, NIST, and CIS.
6. Ability to work with virtual teams across different countries, adapting to diverse work cultures and communication styles.

**Preferred Qualifications:**
1. Professional certifications such as CISSP, CISM, or equivalent.
2. Experience with Governance, Risk, and Compliance (GRC) technologies for cyber risk management.
3. Proven ability to prioritize, delegate, and foster high-performance teams in a customer-focused environment.
4. Experience working with outsourced providers to drive positive organizational changes.
5. Familiarity with automation initiatives to enhance efficiency in cyber risk management processes.

**Work Arrangement:**
This role is based in India and follows a hybrid work model, combining on-site and remote work flexibility.

---

*This Position Description is to provide a framework for job understanding between employee and manager. It may not cover or contain the full listing of activities, duties or responsibilities that are required of the employee for this job. Duties, responsibilities and activities may change at any time with or without notice and at the discretion of the management of the Company. The position description is not used in the assignment or assessment of any GSK level or grade used in the Job Evaluation Process.*

Skills

Application Security, Cloud Security, Data Security, Identity Access Management (IAM), Infrastructure Security, Operating Systems Security, Security Engineering, Security System Integration, Security Testing, Vulnerability Management

Why GSK?

Uniting science, technology and talent to get ahead of disease together.

GSK is a global biopharma company with a special purpose – to unite science, technology and talent to get ahead of disease together – so we can positively impact the health of billions of people and deliver stronger, more sustainable shareholder returns – as an organisation where people can thrive. We prevent and treat disease with vaccines, specialty and general medicines. We focus on the science of the immune system and the use of new platform and data technologies, investing in four core therapeutic areas (infectious diseases, HIV, respiratory/ immunology and oncology).

Our success absolutely depends on our people. While getting ahead of disease together is about our ambition for patients and shareholders, it’s also about making GSK a place where people can thrive. We want GSK to be a place where people feel inspired, encouraged and challenged to be the best they can be. A place where they can be themselves – feeling welcome, valued, and included. Where they can keep growing and look after their wellbeing. So, if you share our ambition, join us at this exciting moment in our journey to get Ahead Together.

Important notice to Employment businesses/ Agencies

GSK does not accept referrals from employment businesses and/or employment agencies in respect of the vacancies posted on this site. All employment businesses/agencies are required to contact GSK's commercial and general procurement/human resources department to obtain prior written authorization before referring any candidates to GSK. The obtaining of prior written authorization is a condition precedent to any agreement (verbal or written) between the employment business/ agency and GSK. In the absence of such written authorization being obtained any actions undertaken by the employment business/agency shall be deemed to have been performed without the consent or contractual agreement of GSK. GSK shall therefore not be liable for any fees arising from such actions or any fees arising from any referrals by employment businesses/agencies in respect of the vacancies posted on this site.

It has come to our attention that the names of GlaxoSmithKline or GSK or our group companies are being used in connection with bogus job advertisements or through unsolicited emails asking candidates to make some payments for recruitment opportunities and interview. Please be advised that such advertisements and emails are not connected with the GlaxoSmithKline group in any way.

GlaxoSmithKline does not charge any fee whatsoever for recruitment process. Please do not make payments to any individuals / entities in connection with recruitment with any GlaxoSmithKline (or GSK) group company at any worldwide location. Even if they claim that the money is refundable.

If you come across unsolicited email from email addresses not ending in gsk.com or job advertisements which state that you should contact an email address that does not end in “gsk.com”, you should disregard the same and inform us by emailing askus@gsk.com, so that we can confirm to you if the job is genuine.