Senior Security Service Analyst (Risk Management)

Requirements:

General

• Experience and knowledge across different frameworks and standards such as ISO 27001, NIST, CIS etc.
• Demonstrated experience and understanding of cyber security principles, IT security controls, and related technologies and products
• Prior experience in conducting cyber Security risk assessments and 3rd party security and data privacy assessments
• Stakeholder/ internal business management experience
• Strong verbal/written communication in English, with the ability to effectively interact with professionals at all levels of responsibility and authority
• Ability to prioritize, delegate, and foster the development of high-performance teams to lead/support an environment driven by customer service and teamwork
• Work with virtual teams located in different countries around the world, aligning and adapting different work, culture and communication styles.
• Exposure to any GRC technologies to conduct cyber risk management
• Technical/Functional (Line) Expertise (Breadth and depth of knowledge, application and complexity of technical knowledge)
• Experience in evaluating third parties for the presence of fundamental information security controls.
• Experience conducting risk assessments and applying concepts of inherent and residual risk in order to draw appropriate conclusions and articulate the same to non-technical audiences.
• Ability to effectively negotiate appropriate remediation of security gaps with third party representatives to ensure protection of GSK information.
• Leadership (Vision, strategy and business alignment, people management, communication, influencing others, managing change)
• Influencing action across various business lines and geographies to achieve program objectives.
• Ability to effectively manage conflicting priorities in alignment with overall business and departmental strategies.
• Developing strong relationships with leaders of complementary programs (e.g. Procurement, Legal, Ethics & Compliance) to ensure harmonization.
• Decision-making and Autonomy (The capacity and authority to make organizational decisions, autonomy in decision-making, complexity of decisions, impact of decisions, problem-solving)
• Operates autonomously in the execution of the third-party security risk program framework.
• Serves as central point-of-contact for evaluating security risks associated with all third-party engagements.
• Recommends and agrees with Line Manager the need for shifts in program strategy.
• Interaction (The span and nature of one’s engagement with others when performing one’s job, internal and external relationships)
• Excellent project management skills to effectively balance unexpected and conflicting priorities as they arise
• Experience operating effectively across matrixed organizations
• Intercultural sensitivity
• Innovation (The required level of scientific knowledge, knowledge sharing, innovation and risk taking)
• Understand innovations and evolving best practices amongst industry practitioners of third-party security risk management to continually mature GSK’s program.
• Ability to apply innovative approaches to balancing business constraints with program goals to identify win-win solutions.
• Complexity (Products managed, mix of businesses, internal and/or external business environment, cultural considerations)
• Global SME role, but with coordination to the global third-party program.
• Operate across geographies and across business lines.
• Collaborate effectively with relevant third parties and managed service provider.