Senior Manager, Cloud and Container Security

We have an exciting opportunity for an experienced cloud and container security manager to join a growing cloud security team in GSKs Cyber Security Office (CSO). You will work closely with senior stakeholders and cross-functional product teams to embed and enhance GSKs cloud and container security governance and capabilities, accelerating delivery of our business objectives, cloud migration and digital transformation initiative.

You will need to be comfortable working in a fast-paced agile environment and have experience working with multiple security and governance groups, central IT, developer and system integrator teams, based across multiple geographies and in different organisations.

This role offers the opportunity to use a wide range of skills to deliver an enterprise cloud and container security program supporting modern architecture patterns and technologies.

The ideal candidate will combine excellent technical skills and communication expertise with a collaborative approach to ensure optimal stakeholder alignment with our cloud and container security strategy.’

In this role you will

• Develop and maintain cloud and container security governance frameworks for multi-cloud environments, including Azure, GCP, and Kubernetes

• Align security standards, frameworks, and policies with business and technology strategies, and implement processes and tools for compliance monitoring

• Create and update Cloud and Container Security reference architecture and capability roadmaps

• Build a network of stakeholders across security, IT, and developer teams to understand future cloud requirements

• Periodically review and update security controls and guidance for Kubernetes and IaaS/PaaS services, balancing business and security needs

• Define best practices for Kubernetes and IaaS/PaaS services to enhance security controls

• Lead cloud and container security discussions with cyber security, IT teams, senior leadership, and workload owners

• Conduct security architecture reviews for large-scale cloud projects, recommending changes to align with secure-by-design principles

• Provide security consultancy to cyber risk and governance teams for solution architecture reviews

• Identify and communicate emerging security threats

• Stay updated on market trends and competitive insights in cloud and container security

Qualifications & Skills:

• Extensive experience in information security and significant experience in cloud and container security

• Relevant educational background or equivalent experience.

• Expert knowledge of Azure, GCP, and AWS security

• Strong understanding of securing Kubernetes platforms and container-hosted workloads

• Proven expertise in security architecture and design reviews for cloud-native solutions, including containers, micro-services, APIs, PaaS capabilities, and IAM suites on Azure, GCP, and AWS

• Experience in security reviews and threat modelling for cloud solutions using Generative AI services

• In-depth understanding of cybersecurity principles, IT security controls, and related technologies

• Knowledge of network security for cloud network virtualization, Kubernetes networking, and associated controls

• Experience in identity and access management for cloud and container platforms

• Strong stakeholder management skills

• Excellent verbal and written communication skills in English, with the ability to interact effectively with technical and non-technical professionals at all levels

• Ability to work with virtual teams across different countries, aligning and adapting to various work, culture, and communication styles

Preferred Qualifications & Skills:

• Kubernetes and Cloud Native Associate (KCNA)

• Kubernetes and Cloud Security Associate (KCSA)

• Certified Kubernetes Administrator (CKA)

• Certified Kubernetes Security Specialist (CKS)

• Certified Kubernetes Application Developer (CKAD)

• Security based industry certification such as ISC2 CISSP

• Pharmaceutical industry experience would be a benefit but not essential.

• Cloud agnostic industry certification in cloud security such as ISC2 CCSP and/or CSA CCSK 

• Cloud Service Provider security certifications such as Microsoft AZ-500, Google Security Engineer, AWS Security Engineer 

• Experience with SABSA and Archimate

Closing Date for Applications – Tuesday 25th Feb 2025

Please take a copy of the Job Description, as this will not be available post closure of the advert. When applying for this role, please use the ‘cover letter’ of the online application or your CV to describe how you meet the competencies for this role, as outlined in the job requirements above. The information that you have provided in your cover letter and CV will be used to assess your application.

During the course of your application, you will be requested to complete voluntary information which will be used in monitoring the effectiveness of our equality and diversity policies. Your information will be treated as confidential and will not be used in any part of the selection process. If you require a reasonable adjustment to the application / selection process to enable you to demonstrate your ability to perform the job requirements, please contact 0808 234 4391. This will help us to understand any modifications we may need to make to support you throughout our selection process.

#LI-GSK

Why GSK?

Uniting science, technology and talent to get ahead of disease together.

GSK is a global biopharma company with a special purpose – to unite science, technology and talent to get ahead of disease together – so we can positively impact the health of billions of people and deliver stronger, more sustainable shareholder returns – as an organisation where people can thrive. We prevent and treat disease with vaccines, specialty and general medicines. We focus on the science of the immune system and the use of new platform and data technologies, investing in four core therapeutic areas (infectious diseases, HIV, respiratory/ immunology and oncology).

Our success absolutely depends on our people. While getting ahead of disease together is about our ambition for patients and shareholders, it’s also about making GSK a place where people can thrive. We want GSK to be a place where people feel inspired, encouraged and challenged to be the best they can be. A place where they can be themselves – feeling welcome, valued, and included. Where they can keep growing and look after their wellbeing. So, if you share our ambition, join us at this exciting moment in our journey to get Ahead Together.

As an Equal Opportunity Employer, we are open to all talent. In the US, we also adhere to Affirmative Action principles. This ensures that all qualified applicants will receive equal consideration for employment without regard to neurodiversity, race/ethnicity, colour, national origin, religion, gender, pregnancy, marital status, sexual orientation, gender identity/expression, age, disability, genetic information, military service, covered/protected veteran status or any other federal, state or local protected class*(*US only).

We believe in an agile working culture for all our roles. If flexibility is important to you, we encourage you to explore with our hiring team what the opportunities are.

Should you require any adjustments to our process to assist you in demonstrating your strengths and capabilities contact us on Ukdiversity.recruitment@gsk.com or 0808 234 4391.  The helpline is available from 8.30am to 12.00 noon Monday to Friday, during bank holidays these times and days may vary.

Please note should your enquiry not relate to adjustments, we will not be able to support you through these channels. However, we have created a UK Recruitment FAQ guide. Click the link and scroll to the Careers Section where you will find answers to multiple questions we receive .

As you apply, we will ask you to share some personal information which is entirely voluntary. We want to have an opportunity to consider a diverse pool of qualified candidates and this information will assist us in meeting that objective and in understanding how well we are doing against our inclusion and diversity ambitions. We would really appreciate it if you could take a few moments to complete it.  Rest assured, Hiring Managers do not have access to this information and we will treat your information confidentially.

Important notice to Employment businesses/ Agencies

GSK does not accept referrals from employment businesses and/or employment agencies in respect of the vacancies posted on this site. All employment businesses/agencies are required to contact GSK's commercial and general procurement/human resources department to obtain prior written authorization before referring any candidates to GSK. The obtaining of prior written authorization is a condition precedent to any agreement (verbal or written) between the employment business/ agency and GSK. In the absence of such written authorization being obtained any actions undertaken by the employment business/agency shall be deemed to have been performed without the consent or contractual agreement of GSK. GSK shall therefore not be liable for any fees arising from such actions or any fees arising from any referrals by employment businesses/agencies in respect of the vacancies posted on this site.

Please note that if you are a US Licensed Healthcare Professional or Healthcare Professional as defined by the laws of the state issuing your license, GSK may be required to capture and report expenses GSK incurs, on your behalf, in the event you are afforded an interview for employment. This capture of applicable transfers of value is necessary to ensure GSK’s compliance to all federal and state US Transparency requirements. For more information, please visit the Centers for Medicare and Medicaid Services (CMS) website at https://openpaymentsdata.cms.gov/