Director, Innovation, Strategy and Roadmaps

At GSK, we want to supercharge our data capability to better understand our patients and accelerate our ability to discover vaccines and medicines.

The Cybersecurity organization is a key partner in GSK’s efforts to deliver a step-change in our ability to leverage data, knowledge, and prediction to find new medicines. 

We are a full-stack shop consisting of product and portfolio leadership, data engineering, infrastructure and DevOps, data / metadata / knowledge platforms, and AI/ML and analysis platforms, all geared toward:

• Building a next-generation, metadata- and automation-driven data experience for GSK’s scientists, engineers, and decision-makers, increasing productivity and reducing time spent on “data mechanics”

• Providing best-in-class AI/ML and data analysis environments to accelerate our predictive capabilities and attract top-tier talent

• Aggressively engineering our data at scale, as one unified asset, to unlock the value of our unique collection of data and predictions in real-time

The Director, Innovation, Strategy and Roadmaps will work within GSK’s AIML Security and Emerging Technology team, interacting directly with stakeholders and technical teams to drive and support the key programs and projects related to Artificial Intelligence (AI) and Machine Learning (ML) and other innovations and emerging technologies.  This is critical to the development of new medicines, particularly as we generate increasingly complex, experimental data at scale. Our vision places AI and other innovations at the centre of human genetics and functional genomics. We see the capabilities with tightly-coupled, experimental feedback loops, playing a pivotal role in understanding genetics and developing the next generation of medicines. This role will be required to be a subject matter expert in delivering security enhancements into existing and new applications, infrastructure and business processes with a specialty in the areas of AI/ML, data security, data integrity, and data democratization.  This includes how to embed security requirements and risk decisions into an agile developed product, making decisions expeditiously to ensure timely delivery of a secure outcome.

The role will be responsible for making recommendations into the direction of the Senior Director, AIML Security and Emerging Technology as well as directed business programs and projects.  The role will support teams that are dispersed globally and will interface with the technical leadership teams of our various business units as a trusted advisor.

Strategic Planning & Roadmap Development:

• Develop and maintain a comprehensive cybersecurity innovation strategy and roadmap that integrates emerging technologies, business requirements, and domain-specific roadmaps (e.g., application, cloud, IdAM, endpoint, networking).

• Align cybersecurity initiatives with broader business goals, regulatory requirements, and risk management priorities.

Emerging Technology Assessment & Adoption:

• Continuously scan the cybersecurity landscape for emerging technologies, trends, and threats to evaluate their impact and potential benefits.

• Develop and recommend technology adoption strategies based on security needs, business priorities, and feasibility assessments.

• Lead proof-of-concept initiatives and pilot programs to validate new technologies.

Innovation & Research:

• Foster a culture of cybersecurity innovation by identifying and driving initiatives that enhance security capabilities.

• Partner with industry forums, cybersecurity consortia, and academia to stay ahead of the technology curve and bring forward leading practices.

• Collaborate with internal and external stakeholders to explore AI, automation, quantum security, and other advanced security solutions.

Programmatics & Budgeting:

• Work closely with finance and leadership teams to ensure innovation projects align with financial planning and investment strategies.

• Develop business cases, cost-benefit analyses, and funding proposals for strategic cybersecurity initiatives.

• Enterprise Architecture Integration

• Ensure cybersecurity innovation efforts align with enterprise architecture and domain-specific roadmaps.

• Coordinate with domain architects to integrate security considerations into cloud, application, endpoint, identity, and network transformation initiatives.

• Bridge the gap between security requirements and IT/OT operational constraints.

Cross-Functional Collaboration:

• Engage with cybersecurity, IT, risk, compliance, and business teams to ensure strategic alignment and adoption of new capabilities.

• Act as a key liaison between the CISO office, executive leadership, and operational teams to drive innovation initiatives.

Regulatory & Risk Considerations:

• Ensure new technologies and strategies align with regulatory compliance requirements, industry standards, and internal security policies.

• Identify potential risks associated with emerging technologies and provide risk mitigation strategies.

Metrics & Reporting:

• Develop key performance indicators (KPIs) and success metrics for cybersecurity innovation efforts.

• Provide executive-level reporting on emerging trends, strategic initiatives, and the impact of cybersecurity investments.

Leadership & Influence:

• Serve as a thought leader and advocate for cybersecurity innovation across the enterprise.

• Mentor and guide teams on emerging cybersecurity technologies, trends, and strategic initiatives.

Key Responsibilities:

• Develop and implement security innovation governance frameworks aligned with organizational cybersecurity policies and industry best practices (e.g., NIST AI RMF, ISO/IEC 27001).

• Assess and mitigate risks associated with current systems, innovation and emerging technology, ensuring compliance with security standards and frameworks.

• Collaborate with cross-functional teams to define security policies, including model development, deployment, and operational safeguards.

• Conduct or coordinate AI security interviews and capability analyses to identify emerging capability requirements and gaps, developing strategies and roadmaps with peers to advance security capabilities.

• Ensure effective governance over innovation processes, addressing risks from third-party models, libraries, and tools.

• Design and implement data security controls for emerging technology innovations, focusing on privacy, confidentiality, and ethical considerations.

• Lead initiatives to ensure compliance with data regulations, such as GDPR, CCPA, and sector-specific privacy laws.

• Develop guidelines for secure data sharing and collaboration across internal teams and external partners.

• Manage risks related to biased or unrepresentative data that could compromise AI model outputs.

• Provide thought leadership on innovation and emerging technology governance trends and emerging risks, advising senior leadership on strategic priorities.

• Lead the design and integration of secure innovative capabilities into enterprise workflows, aligning with organizational objectives.

• Develop training materials and awareness programs to promote secure and compliant practices across the organization for new innovations.

• Partner with internal and external stakeholders to establish and maintain a culture of security and compliance in innovative initiatives.

• Evaluate and recommend tools and technologies for innovation governance and compliance management.

• Knowledgeable of latest available tools and products and capable of evaluating off-the-shelf products.

• Mentor other team members in security best practices.

Basic Qualifications:

• Experience in Engineering, IT/Comp Sci/ Information Assurance/ Cybersecurity/ Management

• 10+ years’ experience in Information Technology

• 7+ years’ experience in Information Security and Risks

• 5+ years of experience and knowledge of governance, security, risks, and compliance.

• Experience developing and delivering security requirements into Agile developed projects and work streams with external dependencies.

• Experience working in a continuous integration and continuous delivery model (CI/CD).

• Experience in modern cloud computing and delivery platforms such as Microsoft Azure, Google Cloud and/or Amazon AWS.

• Experience designing and delivering security requirements to support agile software development processes (Jira/Confluence/Jenkins).

• Experience with security testing tools which perform vulnerability identification, threat analysis and static/dynamic code review.

Preferred Qualifications:

• Deep experience with security in cloud environments around GDPR, CCPA, PHI/PII data, data encryption at rest and in transit as well security concepts like tokenization, federated security models and secrets management

• Expertise in cryptography, authentication protocols and authorization standards (e.g SSL/TLS, SAML, OAuth, JWT, OPA)

• Prior experience of supporting or building and securing large scale distributed systems and big data platforms.

• Deep technical experience and knowledge in the design and implementation of analytical data platforms and accepted best practices around data movement, meta-data catalogues, data transformation, data ingestion, data security, data science and data mining in both Cloud, hybrid and on-premises environments

• Understand Real time detection engineering lifecycle from ingestion to access

• Certifications – One or more of the following desired:  CISSP, CSSLP, CCSK, CCSP.

• Pharmaceutical experienced preferred but not essential.

#LI-GSK

#GSKTech1

Please visit GSK US Benefits Summary to learn more about the comprehensive benefits program GSK offers US employees.

Why GSK?

Uniting science, technology and talent to get ahead of disease together.

GSK is a global biopharma company with a special purpose – to unite science, technology and talent to get ahead of disease together – so we can positively impact the health of billions of people and deliver stronger, more sustainable shareholder returns – as an organisation where people can thrive. We prevent and treat disease with vaccines, specialty and general medicines. We focus on the science of the immune system and the use of new platform and data technologies, investing in four core therapeutic areas (infectious diseases, HIV, respiratory/ immunology and oncology).

Our success absolutely depends on our people. While getting ahead of disease together is about our ambition for patients and shareholders, it’s also about making GSK a place where people can thrive. We want GSK to be a place where people feel inspired, encouraged and challenged to be the best they can be. A place where they can be themselves – feeling welcome, valued, and included. Where they can keep growing and look after their wellbeing. So, if you share our ambition, join us at this exciting moment in our journey to get Ahead Together.

If you require an accommodation or other assistance to apply for a job at GSK, please contact the GSK Service Centre at 1-877-694-7547 (US Toll Free) or +1 801 567 5155 (outside US).

GSK is an Equal Opportunity Employer and, in the US, we adhere to Affirmative Action principles. This ensures that all qualified applicants will receive equal consideration for employment without regard to race, color, national origin, religion, sex, pregnancy, marital status, sexual orientation, gender identity/expression, age, disability, genetic information, military service, covered/protected veteran status or any other federal, state or local protected class.

Important notice to Employment businesses/ Agencies

GSK does not accept referrals from employment businesses and/or employment agencies in respect of the vacancies posted on this site. All employment businesses/agencies are required to contact GSK's commercial and general procurement/human resources department to obtain prior written authorization before referring any candidates to GSK. The obtaining of prior written authorization is a condition precedent to any agreement (verbal or written) between the employment business/ agency and GSK. In the absence of such written authorization being obtained any actions undertaken by the employment business/agency shall be deemed to have been performed without the consent or contractual agreement of GSK. GSK shall therefore not be liable for any fees arising from such actions or any fees arising from any referrals by employment businesses/agencies in respect of the vacancies posted on this site.

Please note that if you are a US Licensed Healthcare Professional or Healthcare Professional as defined by the laws of the state issuing your license, GSK may be required to capture and report expenses GSK incurs, on your behalf, in the event you are afforded an interview for employment. This capture of applicable transfers of value is necessary to ensure GSK’s compliance to all federal and state US Transparency requirements. For more information, please visit the Centers for Medicare and Medicaid Services (CMS) website at https://openpaymentsdata.cms.gov/