OT Cyber Security Senior Manager - Risk & Vulnerability Management

At GlaxoSmithKline (GSK), we are dedicated to safeguarding our Operational Technology (OT) systems, which are critical to our laboratory, manufacturing, and environmental management processes. We are establishing a dedicated OT Cybersecurity hub to address and manage risks within our OT environments.

We are seeking an experienced and dynamic OT Cyber Security Senior Manager to lead our risk and vulnerability management processes. In this role, you will be responsible for designing and implementing robust risk and vulnerability management processes, ensuring alignment with key stakeholders, and conducting thorough risk and threat analyses to maintain the security of our OT assets.

In this role you will

• Lead the OT risk management lifecycle, including risk identification, assessment, mitigation, and acceptance for OT-related security risks, in alignment with internal standards as well as industry best practice for OT (IEC62443)

• Collaborate with business unit leads to understand security risks within their environments and their relation to compliance requirements.

• Provide direction for addressing current and emerging risks, driving resource allocation, training, strategic planning, metrics, and monitoring activities.

• Conduct periodic OT risk assessments to reflect current security risk profiles.

• Embed OT Risk Assessments into decision-making processes across business units and service categories.

• Manage a team of risk analysts, reviewing and approving their risk assessment reports.

• Ensure effective communication between the OT Cyber Hub and business units when vulnerabilities and policy compliance violations are identified.

• Establish plans to identify OT vulnerabilities and policy compliance violations through vulnerability scanning, patch reporting, management, and penetration testing.

• Categorize and prioritize OT vulnerabilities.

• Assess the effectiveness of vulnerability dispositions.

• Maintain relationships with business unit stakeholders to assist with the remediation of critical-level alerts.

• Communicate vulnerability data to system and business owners.

• Establish and implement an OT vulnerability management communication and training plan.

• Determine necessary protective measures to address vulnerabilities on OT assets.

• Support patch management and vulnerability management product owners to address business and security needs.

Why you?

Qualifications & Skills:

We are looking for professionals with these required skills to achieve our goals: 

• Bachelor's degree in Computer Science or a related field.

• Professional certifications or advanced degrees in Cyber or Information Security, such as IEC62443 expert, CISSP, CISM, CISA, CIPT, CIPM, CRISC, or other relevant certifications.

• Experience in cyber risk and/or vulnerability management roles.

• Experience in OT security roles.

• Proven track record of leading projects and people.

• Proficiency in MS Office Suite.

Preferred Qualifications & Skills:

If you have the following characteristics, it would be a plus:

• In-depth knowledge of IEC62443 standards.

• Exposure to Digital Manufacturing / Industry 4.0 transformation.

• Excellent stakeholder engagement skills, with strong written and oral communication abilities and presentation skills.

• Experience in the pharmaceutical industry.

• Ability to quickly familiarise with internal cybersecurity policies and standards.

• Strong organizational skills with experience in project leadership.

• Demonstrated ability to track deliverables and adhere to planning schedules with attention to detail.

• Ability to work independently and demonstrate a persistent drive to completion.

• Excellent verbal and written communication skills, with the ability to interact professionally with diverse groups, including Product Owners, Project Leads, engineers, executives, managers, and subject matter experts.

Closing Date for Applications: Thursday 8th May 2025 (COB)

Please take a copy of the Job Description, as this will not be available post closure of the advert. 
When applying for this role, please use the ‘cover letter’ of the online application or your CV to describe how you meet the competencies for this role, as outlined in the job requirements above. The information that you have provided in your cover letter and CV will be used to assess your application.

During the course of your application, you will be requested to complete voluntary information which will be used in monitoring the effectiveness of our equality and diversity policies. Your information will be treated as confidential and will not be used in any part of the selection process.  If you require a reasonable adjustment to the application / selection process to enable you to demonstrate your ability to perform the job requirements, please contact 0808 234 4391. This will help us to understand any modifications we may need to make to support you throughout our selection process.

#LI-GSK

Why GSK?

Uniting science, technology and talent to get ahead of disease together.

GSK is a global biopharma company with a special purpose – to unite science, technology and talent to get ahead of disease together – so we can positively impact the health of billions of people and deliver stronger, more sustainable shareholder returns – as an organisation where people can thrive. We prevent and treat disease with vaccines, specialty and general medicines. We focus on the science of the immune system and the use of new platform and data technologies, investing in four core therapeutic areas (infectious diseases, HIV, respiratory/ immunology and oncology).

Our success absolutely depends on our people. While getting ahead of disease together is about our ambition for patients and shareholders, it’s also about making GSK a place where people can thrive. We want GSK to be a place where people feel inspired, encouraged and challenged to be the best they can be. A place where they can be themselves – feeling welcome, valued, and included. Where they can keep growing and look after their wellbeing. So, if you share our ambition, join us at this exciting moment in our journey to get Ahead Together.

GSK is an Equal Opportunity Employer. This ensures that all qualified applicants will receive equal consideration for employment without regard to race, color, religion, sex (including pregnancy, gender identity, and sexual orientation), parental status, national origin, age, disability, genetic information (including family medical history), military service or any basis prohibited under federal, state or local law.

We believe in an agile working culture for all our roles. If flexibility is important to you, we encourage you to explore with our hiring team what the opportunities are.

Should you require any adjustments to our process to assist you in demonstrating your strengths and capabilities contact us on Ukdiversity.recruitment@gsk.com or 0808 234 4391.  The helpline is available from 8.30am to 12.00 noon Monday to Friday, during bank holidays these times and days may vary.

Please note should your enquiry not relate to adjustments, we will not be able to support you through these channels. However, we have created a UK Recruitment FAQ guide. Click the link and scroll to the Careers Section where you will find answers to multiple questions we receive .

Important notice to Employment businesses/ Agencies

GSK does not accept referrals from employment businesses and/or employment agencies in respect of the vacancies posted on this site. All employment businesses/agencies are required to contact GSK's commercial and general procurement/human resources department to obtain prior written authorization before referring any candidates to GSK. The obtaining of prior written authorization is a condition precedent to any agreement (verbal or written) between the employment business/ agency and GSK. In the absence of such written authorization being obtained any actions undertaken by the employment business/agency shall be deemed to have been performed without the consent or contractual agreement of GSK. GSK shall therefore not be liable for any fees arising from such actions or any fees arising from any referrals by employment businesses/agencies in respect of the vacancies posted on this site.

Please note that if you are a US Licensed Healthcare Professional or Healthcare Professional as defined by the laws of the state issuing your license, GSK may be required to capture and report expenses GSK incurs, on your behalf, in the event you are afforded an interview for employment. This capture of applicable transfers of value is necessary to ensure GSK’s compliance to all federal and state US Transparency requirements. For more information, please visit the Centers for Medicare and Medicaid Services (CMS) website at https://openpaymentsdata.cms.gov/