Cyber Security Audit Manager

Audit & Assurance is responsible for providing an objective view of risk management at a point in time.  By raising awareness, we inspire meaningful action before potential issues become real issues. We collaborate and partner on the shared goal of reducing risk to GSK – protecting the interests of our patients. We are in the unique position to view across the GSK enterprise, connecting insights and sharing learnings in the risk space through our advisory and assurance product portfolio.

The Cyber Security audit team are responsible for providing assurance that GSK’s cyber defenses are operating effectively. As a Cyber Security Audit Manager, you will be responsible for ensuring the security and integrity of GSK’s systems, network and digital assets. You will lead and conduct comprehensive audits to identify vulnerabilities, evaluate security controls, assess risks and communicating these to senior management. Your role will be crucial in maintaining our organization's compliance with industry standards and regulations, particularly those relating to Data Privacy.

This role requires a combination of technical skills and business awareness.  Creative thinking and the ability to translate cyber threats into business risks is a valued quality for this role.

In this role you will 

• Lead and contribute to audit assignments, from planning to execution and reporting, ensuring high quality, timely and accurate delivery

• Conduct risk assessments and identify potential vulnerabilities and control deficiencies within our IT infrastructure and cloud services

• Evaluate the effectiveness of security controls, relating to Technology, People and Process

• Develop and implement audit programs to test the security of applications, networks, and systems

• Prepare and present audit findings to senior management, providing actionable recommendations for improvement

• Collaborate with IT and security teams to ensure the implementation of corrective actions and monitor their effectiveness

• Stay updated with the latest cyber security threats, trends, and regulatory requirements to ensure our audit practices remain current and effective.

• Provide training and guidance to team members on cyber security audit processes and best practices

Qualifications & Skills:

• Excellent analytical and problem-solving skills, with the ability to identify and address complex security issues

• Strong communication and presentation skills, with the ability to convey technical information to non-technical stakeholders

• Ability to work independently and as part of a team, managing multiple priorities and deadlines effectively

• Experience of security testing techniques, such as Penetration Testing techniques would be advantageous

• Commitment to continuous learning and staying abreast of emerging cyber security threats and technologies

Preferred Qualifications & Skills:

• Professional certifications such as CISSP, CISA, CISM, or equivalent are essential.

• Experience in cyber security auditing, with a strong understanding of cyber security principles and frameworks.

• Knowledge of audit practices and the expected standards for audit execution and record keeping

• Knowledge of Data Privacy regulations, such as GDPR and privacy enhancing technologies

• Knowledge of cloud services, such as Azure, and Google Cloud Platform.

• Familiarity with industry control frameworks such as ISO 27001, NIST and CIS.

• Familiarity with Artificial Intelligence models

Closing Date for Applications – Friday 7th March 2025 (COB)

Please take a copy of the Job Description, as this will not be available post closure of the advert. When applying for this role, please use the ‘cover letter’ of the online application or your CV to describe how you meet the competencies for this role, as outlined in the job requirements above. The information that you have provided in your cover letter and CV will be used to assess your application.

During your application, you will be requested to complete voluntary information which will be used in monitoring the effectiveness of our equality and diversity policies. Your information will be treated as confidential and will not be used in any part of the selection process. If you require a reasonable adjustment to the application / selection process to enable you to demonstrate your ability to perform the job requirements, please contact 0808 234 4391. This will help us to understand any modifications we may need to make to support you throughout our selection process.

#LI-GSK

Why GSK?

Uniting science, technology and talent to get ahead of disease together.

GSK is a global biopharma company with a special purpose – to unite science, technology and talent to get ahead of disease together – so we can positively impact the health of billions of people and deliver stronger, more sustainable shareholder returns – as an organisation where people can thrive. We prevent and treat disease with vaccines, specialty and general medicines. We focus on the science of the immune system and the use of new platform and data technologies, investing in four core therapeutic areas (infectious diseases, HIV, respiratory/ immunology and oncology).

Our success absolutely depends on our people. While getting ahead of disease together is about our ambition for patients and shareholders, it’s also about making GSK a place where people can thrive. We want GSK to be a place where people feel inspired, encouraged and challenged to be the best they can be. A place where they can be themselves – feeling welcome, valued, and included. Where they can keep growing and look after their wellbeing. So, if you share our ambition, join us at this exciting moment in our journey to get Ahead Together.

As an Equal Opportunity Employer, we are open to all talent. In the US, we also adhere to Affirmative Action principles. This ensures that all qualified applicants will receive equal consideration for employment without regard to neurodiversity, race/ethnicity, colour, national origin, religion, gender, pregnancy, marital status, sexual orientation, gender identity/expression, age, disability, genetic information, military service, covered/protected veteran status or any other federal, state or local protected class*(*US only).

We believe in an agile working culture for all our roles. If flexibility is important to you, we encourage you to explore with our hiring team what the opportunities are.

Should you require any adjustments to our process to assist you in demonstrating your strengths and capabilities contact us on Ukdiversity.recruitment@gsk.com or 0808 234 4391.  The helpline is available from 8.30am to 12.00 noon Monday to Friday, during bank holidays these times and days may vary.

Please note should your enquiry not relate to adjustments, we will not be able to support you through these channels. However, we have created a UK Recruitment FAQ guide. Click the link and scroll to the Careers Section where you will find answers to multiple questions we receive .

As you apply, we will ask you to share some personal information which is entirely voluntary. We want to have an opportunity to consider a diverse pool of qualified candidates and this information will assist us in meeting that objective and in understanding how well we are doing against our inclusion and diversity ambitions. We would really appreciate it if you could take a few moments to complete it.  Rest assured, Hiring Managers do not have access to this information and we will treat your information confidentially.

Important notice to Employment businesses/ Agencies

GSK does not accept referrals from employment businesses and/or employment agencies in respect of the vacancies posted on this site. All employment businesses/agencies are required to contact GSK's commercial and general procurement/human resources department to obtain prior written authorization before referring any candidates to GSK. The obtaining of prior written authorization is a condition precedent to any agreement (verbal or written) between the employment business/ agency and GSK. In the absence of such written authorization being obtained any actions undertaken by the employment business/agency shall be deemed to have been performed without the consent or contractual agreement of GSK. GSK shall therefore not be liable for any fees arising from such actions or any fees arising from any referrals by employment businesses/agencies in respect of the vacancies posted on this site.

Please note that if you are a US Licensed Healthcare Professional or Healthcare Professional as defined by the laws of the state issuing your license, GSK may be required to capture and report expenses GSK incurs, on your behalf, in the event you are afforded an interview for employment. This capture of applicable transfers of value is necessary to ensure GSK’s compliance to all federal and state US Transparency requirements. For more information, please visit the Centers for Medicare and Medicaid Services (CMS) website at https://openpaymentsdata.cms.gov/