This website uses cookies to ensure you get the best experience. Learn more

Information Security Audit Manager

Audit and Assurance is responsible for providing an objective view of risk management at a point in time. By raising awareness, we inspire meaningful action before potential issues become real issues. We collaborate and partner on the shared goal of reducing risk to GSK - protecting the interests of our patients.

We are in the unique position to view across the GSK enterprise, connecting insights and sharing learnings in the risk space through our advisory and assurance product portfolio.

A role in Audit & Assurance will build both risk management and leadership capabilities and you can expect to:
• Gain GSK knowledge and cultural awareness
• Develop broader perspectives and a "One GSK" global mindset
• Engage with leaders at every level of the organisation
• Grow cross-functional networks
• Enhance leadership capabilities in communication, collaboration, challenge and influencing

Risk Area

This role covers the enterprise risks of Information Security and Data Privacy. For Information Security, this covers threats to Data Confidentiality, Integrity and Availability; for data privacy, it covers legal requirements relating to the collection, usage, sharing and retention of personal information. Specific areas of focus are:
• Application software security
• Network security
• Vulnerability management
• Security of Cloud Services
• Access management, including controlled use of administrative privileges
• Malware defences
• Data recovery, continuity and availability
• Protection and Governance of Personal Information
• Compliance with applicable laws and regulations (e.g. GDPR)

To deliver objective and insightful assurance that inspires meaningful action in reducing risk to GSK. The role is critical to illuminating the current state of risk management, giving credit for good practices, identifying issues, understanding root cause, and connecting dots across disparate activities to deliver insights that mobilize the organisation to improve.

Key Responsibilities

• Engage auditees and other business stakeholders in a way that inspires and builds trust, mutual understanding, and respect
• Design and execute Audits, which utilize a range of risk-based assurance techniques
• Identify technical issues & vulnerabilities, assessing control gaps, and translate these into meaningful business risks.
• Deliver timely and meaningful audit outputs in alignment with the Core Audit Process (or other assurance products as required)
• Connect auditees and other business stakeholders to insights and resources that will deepen their understanding of risk and the internal control framework.
• Anticipate and effectively manage potential obstacles to audit delivery and risk reduction; ensure timely escalation. Demonstrate a flexible approach to work, rebalancing priorities where necessary and solving problems creatively.
• Lead by example to challenge the status quo and create a vibrant, values-based work environment. Develop self and others through giving and receiving feedback to promote excellence and continuous improvement. Engage in peer to peer coaching, teaching, and mentoring.
• Actively contribute to the evolution of A&A assurance strategies and related audit universe entries.
• Expand the knowledge base of the A&A team through proactive knowledge sharing and collaboration. Share your experience actively for relevant audits. Build your own knowledge of new areas and actively participate in audits of new areas to increase your audit experience and flexibility as required by A&A.
• Champion A&A strategic projects and initiatives.

Why You?Basic qualifications:
• Strong experience in cyber security, or a security relevant discipline (e.g. Security Auditor, Penetration Tester, SOC Analyst / Manager, Software Engineer, Network Engineer)
• Strong awareness of an industry recognised security framework (e.g. CIS Critical Security Controls, PCI-DSS, NIST Cyber security framework, ISF Standard of Good Practice)
• Good technical knowledge across Technology Stacks and computer system architectures
• Experience in conducting IT Audits or Security Assessments
• Knowledge of Data Privacy principles, Data Privacy Laws and the relationship between Privacy and Security
• Good problem solving, analytical and project management experience and proven track record of managing complex initiatives and delivering with agreed timelines.
• Strong interpersonal skills with excellent written and oral communication skills.
• Strong leadership and influencing skills.
• Self-starter, results-oriented.
• Bachelor's degree in a relevant discipline (e.g., Computer Science or IT related) preferred.
• Security or Privacy Related Certification (e.g. CISSP, CISA, CRISC, CIPT, CIPP)

Preferred qualifications:
• Foreign language skills, preferred.

Why GSK?:
Why GSK?

GSK has a 150-year legacy of helping to transform the health, lives and futures of millions of people around the world. We're a science-led healthcare company with more than 100,000 people working in 115 countries. Each year we produce around 4 billion packs of medicine, nearly 900 million doses of vaccine and more than 18 billion packs of consumer healthcare products. Our focus of helping people do more, feel better and live longer is at the center of all that we aim to do.

Contact information:
You may apply for this position online by selecting the Apply now button.

If you require an accommodation or other assistance to apply for a job at GSK, please contact the GSK HR Service Centre at 1-877-694-7547 (US Toll Free) or +1 801 567 5155 (outside US).GSK is an Equal Opportunity/Affirmative Action Employer. All qualified applicants will receive equal consideration for employment without regard to race, color, national origin, religion, sex, pregnancy, marital status, sexual orientation, gender identity/expression, age, disability, genetic information, military service, covered/protected veteran status or any other federal, state or local protected class.

Important notice to Employment businesses/ Agencies

GSK does not accept referrals from employment businesses and/or employment agencies in respect of the vacancies posted on this site. All employment businesses/agencies are required to contact GSK's commercial and general procurement/human resources department to obtain prior written authorization before referring any candidates to GSK. The obtaining of prior written authorization is a condition precedent to any agreement (verbal or written) between the employment business/ agency and GSK. In the absence of such written authorization being obtained any actions undertaken by the employment business/agency shall be deemed to have been performed without the consent or contractual agreement of GSK. GSK shall therefore not be liable for any fees arising from such actions or any fees arising from any referrals by employment businesses/agencies in respect of the vacancies posted on this site.

Please note that if you are a US Licensed Healthcare Professional or Healthcare Professional as defined by the laws of the state issuing your license, GSK may be required to capture and report expenses GSK incurs, on your behalf, in the event you are afforded an interview for employment. This capture of applicable transfers of value is necessary to ensure GSK's compliance to all federal and state US Transparency requirements. For more information, please visit GSK's Transparency Reporting For the Record site.

Apply Now

Share this