Principal - Cyber Risk and Assurance - Infra/Network

Purpose of Role:

This role requires expertise in assessing and managing security risks associated with infrastructure components, network architecture, and associated technologies.

Key Responsibilities: 

• Conduct comprehensive risk assessments of the organization's infrastructure and network environment to identify potential security vulnerabilities, threats, and risks.
• Develop and maintain a risk assessment framework and methodology tailored to GSK's infrastructure and network security, incorporating GSK standards and industry best practices.
• Lead the design and implementation of risk assessment processes, including security architecture reviews, to evaluate the effectiveness of security controls.
• Collaborate with internal teams, including IT operations, network engineering, and application development, to assess security risks associated with infrastructure changes, network expansions, and technology deployments.
• Define and prioritize security remediation efforts based on risk assessment findings, business impact analysis, and regulatory compliance requirements.
• Provide guidance and recommendations to senior management on infrastructure and network security risks, potential threats, and risk mitigation strategies.
• Develop and maintain documentation related to risk assessment processes, findings, remediation plans, and security controls.
• Stay abreast of emerging security threats, vulnerabilities, and industry trends related to infrastructure and network security, and incorporate relevant insights into risk assessment practices.
• Collaborate with external auditors, regulators, and third-party vendors to facilitate security assessments, audits, and compliance reviews as needed.
• Monitor risk landscape and identify emerging and future risks.
• Analyse the GSK’s cyber security infrastructures to enable targeted and data-driven enhancements.
• Test the effectiveness of GSK’s cyber security technologies to identify and articulate opportunities for improvement across the digital, physical, and social elements of GSK.
• Proficient with multiple domain-specific cyber security technology solutions and can effectively integrate them to meet and exceed GSK’s requirements.
• Enable sustainability and continuous improvement of cyber security solutions by assessing and enhancing GSK’s cyber security governance infrastructures.

Qualifications:

• Bachelor's degree in computer science, information technology, or a related field. Master's degree or relevant certifications (e.g., CISSP, CISM, CISA, CEH) preferred.
• 10+ years of experience in IT risk and technology in a large organization of which 5 years in information security experience in cyber risk and relevant experience with Infrastructure/Network
• In-depth knowledge of network infrastructure components, protocols, and technologies, including routers, switches, firewalls, VPNs, and intrusion detection/prevention systems.
• Strong understanding of security risk assessment methodologies, frameworks (e.g., NIST, ISO 27001), and industry standards.
• Experience with security assessment tools and technologies, such as vulnerability scanners, penetration testing tools, and network monitoring solutions.
• Excellent analytical and problem-solving skills, with the ability to analyse complex technical environments and identify security risks and vulnerabilities.
• Effective communication and interpersonal skills, with the ability to convey technical concepts to non-technical stakeholders and collaborate effectively with cross-functional teams.
• Strong project management skills, with the ability to plan, organize, and execute security risk assessment initiatives within defined timelines.
• Commitment to continuous learning and professional development in the field of cybersecurity and infrastructure/network security risk management.