Director Technology Governance Risk and Compliance for Enterprise AI

Are you energized by a compliance security leadership role that optimizes information security protection?  If so, this Compliance Security Domain Director role could be an exciting opportunity to explore.

As a Compliance Security Domain Director, you will be responsible for ensuring that information protection change activities are well understood by regional business leaders and roll out of activities is phased to cause the least business disruption.

This role will provide YOU the opportunity to lead key activities to progress YOUR career, these responsibilities include some of the following:

• Providing risk management services by applying the GSK Risk Management Framework and processes for information security within the Region, including its articulation and application. 
• Negotiating risk management assessments and establishing local business cases to gain funding and sponsorship for security investments and changes.
• Providing oversight of regional governance, measurement & reporting to ensure that significant information risk decisions are made in accordance with the agreed risk appetite/limits or are being escalated to the appropriate level of authority for agreement of any risk acceptance or tolerance. 
• Reporting into the Chief Information Security Officer (CISO) on the risk coverage of project and assets, business specific security initiatives or deviation from GSK information security strategy.
• Ensuring alignment of information protection program strategy deployment and regional business change activity through review and influence of the content of GSK regional business and risk management strategies, policies and management practices. 
• Ensuring that GSK information security requirements and group strategies are communicated and understood within the region.
• Promoting security awareness & capability development by tailoring global information security awareness programmes.
• Supporting the localization of security communications and culture change activities to make them accessible within each region.
• Leveraging Embedded Business Capability by maintaining awareness of security capabilities and roles embedded in the region and influencing the delivery of these services.
• Supporting the CISO and regional leaders in any significant information security related crisis incidents as required and ensuring business unit crisis teams are engaged as appropriate.

Why you?

Basic Qualifications:

We are looking for professionals with these required skills to achieve our goals:

• Bachelor’s Degree
• Information Security Certification or Risk Management Certification
• 5 or more years of experience in information security risk management in a regulated environment
• Experience in the pharmaceutical, healthcare or consumer healthcare industry

Preferred Qualifications:

If you have the following characteristics, it would be a plus:

• Post Graduate Degree in information technology
• Strong verbal and written communication skills
• Experience with information security controls, techniques, and processes particularly in applications security
• Demonstrated ability to influence across a matrixed organization

Why GSK?

Our values and expectations are at the heart of everything we do and form an important part of our culture.

These include Patient focus, Transparency, Respect, Integrity along with Courage, Accountability, Development, and Teamwork. As GSK focuses on our values and expectations and a culture of innovation, performance, and trust, the successful candidate will demonstrate the following capabilities:

• Agile and distributed decision-making – using evidence and applying judgement to balance pace, rigour and risk
• Managing individual and team performance.
• Committed to delivering high quality results, overcoming challenges, focusing on what matters, execution.
• Implementing change initiatives and leading change.
• Sustaining energy and well-being, building resilience in teams.
• Continuously looking for opportunities to learn, build skills and share learning both internally and externally.
• Developing people and building a talent pipeline.
• Translating strategy into action - a compelling narrative, motivating others, setting objectives and delegation.
• Building strong relationships and collaboration, managing trusted stakeholder relationships internally and externally.
• Budgeting and forecasting, commercial and financial acumen.

*This is a job description to aide in the job posting, but does not include all job evaluation details

Skills

Identity Access Management (IAM), Risk Assessments, Risk Management, Risk Management Framework, Security Architecture Design, Security Compliance, Security Policies, Security Risk, Vulnerability Management

Why GSK?

Uniting science, technology and talent to get ahead of disease together.

GSK is a global biopharma company with a special purpose – to unite science, technology and talent to get ahead of disease together – so we can positively impact the health of billions of people and deliver stronger, more sustainable shareholder returns – as an organisation where people can thrive. We prevent and treat disease with vaccines, specialty and general medicines. We focus on the science of the immune system and the use of new platform and data technologies, investing in four core therapeutic areas (infectious diseases, HIV, respiratory/ immunology and oncology).

Our success absolutely depends on our people. While getting ahead of disease together is about our ambition for patients and shareholders, it’s also about making GSK a place where people can thrive. We want GSK to be a place where people feel inspired, encouraged and challenged to be the best they can be. A place where they can be themselves – feeling welcome, valued, and included. Where they can keep growing and look after their wellbeing. So, if you share our ambition, join us at this exciting moment in our journey to get Ahead Together.

Important notice to Employment businesses/ Agencies

GSK does not accept referrals from employment businesses and/or employment agencies in respect of the vacancies posted on this site. All employment businesses/agencies are required to contact GSK's commercial and general procurement/human resources department to obtain prior written authorization before referring any candidates to GSK. The obtaining of prior written authorization is a condition precedent to any agreement (verbal or written) between the employment business/ agency and GSK. In the absence of such written authorization being obtained any actions undertaken by the employment business/agency shall be deemed to have been performed without the consent or contractual agreement of GSK. GSK shall therefore not be liable for any fees arising from such actions or any fees arising from any referrals by employment businesses/agencies in respect of the vacancies posted on this site.

It has come to our attention that the names of GlaxoSmithKline or GSK or our group companies are being used in connection with bogus job advertisements or through unsolicited emails asking candidates to make some payments for recruitment opportunities and interview. Please be advised that such advertisements and emails are not connected with the GlaxoSmithKline group in any way.

GlaxoSmithKline does not charge any fee whatsoever for recruitment process. Please do not make payments to any individuals / entities in connection with recruitment with any GlaxoSmithKline (or GSK) group company at any worldwide location. Even if they claim that the money is refundable.

If you come across unsolicited email from email addresses not ending in gsk.com or job advertisements which state that you should contact an email address that does not end in “gsk.com”, you should disregard the same and inform us by emailing askus@gsk.com, so that we can confirm to you if the job is genuine.