Senior Manager, InfoSec and Risk Management

Posted:
8/1/2024, 4:56:18 AM

Location(s):
Greater Poland Voivodeship, Poland ⋅ Poznan, Greater Poland Voivodeship, Poland

Experience Level(s):
Expert or higher ⋅ Senior

Field(s):
IT & Security

The Senior Manager, InfoSec & Risk Management, will play a pivotal role in ensuring the robustness of our information security framework and the effective management of enterprise risks. The primary purpose of this role is to manage and mitigate risks across the organization, focusing on both Information Technology (IT) and Operational Technology (OT) environments.
 

This role demands a strategic thinker with leadership capabilities together with a strong technical background to effectively understand and address the complexities of IT and OT systems. This also includes navigating complex risk landscapes and driving continuous improvement in our risk management practices. By fostering collaboration across various departments and ensuring compliance with regulatory requirements, the Senior Manager will contribute to safeguarding the organization’s critical assets and maintaining operational resilience for both IT (Information Technology) and OT (Operational Technology)
 

This position is responsible for facilitating the preparation of key governance boards, including the Risk Management Committee Board (RMCB), Information Security Governance Board (ISGB), monthly risk review. The incumbent will also coordinate the development, implementation, and tracking of remediation plans aimed at mitigating identified risks and enhancing our overall security posture.

Key Responsibilities:
 

Risk Management

  • Conduct comprehensive risk assessments to identify potential threats and vulnerabilities within the organization’s IT and OT systems and operations, covering both security and compliance aspects
  • Develop, coordinate, and oversee the implementation of remediation plans to address identified risks and ensure timely resolution.
  • Prepare and present regular status reports to senior management and stakeholders.
  • Define and implement security related management monitoring controls to ensure adherence to regulatory requirements and internal policies related to information security and risk management.

Crisis Management

  • Define a comprehensive and strong response plan in collaboration with other Tech teams and GSC Business to address potential crisis
  • Regularly test the response plan through tabletop exercises and drills to ensure its effectiveness and readiness of all teams
  • Coordinate the response to actual crisis, ensuring effective containment, investigation and remediation efforts are executed in timely manner

Governance Board Facilitation:

  • Prepare agendas, materials, and reports for the Risk Management Committee Board (RMCB), Information Security Governance Board (ISGB) and monthly risk review meetings.

Stakeholder Collaboration

  • Work closely with various departments, including GRC, CSO, OT Security, Legal & Compliance, GP&T, Site Tech, Tech Product Owners, to foster a collaborative approach to risk management and information security.

Continuous Improvement:

  • Identify opportunities for enhancing the organization’s risk management and information security practices and lead initiatives to implement improvements.
  • Foster a culture of learning and adaptability.Develop and deliver training programs and awareness initiatives to promote a culture of risk awareness and information security across the organization.


Basic Qualifications:

  • Proven leadership capabilities to guide and motivate cross-functional teams.
  • Excellent skills in building and maintaining relationships with internal and external stakeholders.
  • Ability to effectively communicate complex technical information to non-technical stakeholders.
  • Strong presentation skills and experience in preparing reports for executive leadership.
  • Deep understanding of the Microsoft ecosystem, including Windows lifecycle management, Azure cloud services, and Active Directory.
  • Good understanding of IT and OT systems, including network infrastructure, industrial control systems (ICS), and SCADA (Supervisory Control and Data Acquisition).
  • Proficiency in risk assessment methodologies and tools.
  • Knowledge of cybersecurity frameworks such as NIST, ISO 27001, and CIS Controls
  • Proficiency in project management methodologies and tools.
  • Ability to analyse complex information, identify patterns, and propose effective risk mitigation strategies.

Benefits:

·       Career at one of the leading global healthcare companies

·       Company Car or Car Allowance

·       Long-Term incentives 

·       Contract of employment 

·       Attractive reward package (annual bonus & awards for outstanding performance, recognition awards for additional achievements and engagement, holiday benefits

·        Life insurance and pension plan

·       Private medical package with additional preventive healthcare services for employees and their eligible

·       Sports cards (Multisport)

·       Possibilities of development within the role and company’s structure

·       Personalized learning approach

·       Extensive support of work life balance (flexible working solutions, short Fridays option, health & well-being activities)

·       Supportive community and integration events

·       Modern office with creative rooms, fresh fruits everyday

·       Free car and bike parking, locker rooms and showers       

#LI-GSK

G6


 

Why GSK?

Uniting science, technology and talent to get ahead of disease together.

GSK is a global biopharma company with a special purpose – to unite science, technology and talent to get ahead of disease together – so we can positively impact the health of billions of people and deliver stronger, more sustainable shareholder returns – as an organisation where people can thrive. We prevent and treat disease with vaccines, specialty and general medicines. We focus on the science of the immune system and the use of new platform and data technologies, investing in four core therapeutic areas (infectious diseases, HIV, respiratory/ immunology and oncology).

Our success absolutely depends on our people. While getting ahead of disease together is about our ambition for patients and shareholders, it’s also about making GSK a place where people can thrive. We want GSK to be a place where people feel inspired, encouraged and challenged to be the best they can be. A place where they can be themselves – feeling welcome, valued, and included. Where they can keep growing and look after their wellbeing. So, if you share our ambition, join us at this exciting moment in our journey to get Ahead Together.

GSK is an Equal Opportunity/Affirmative Action Employer. All qualified applicants will receive equal consideration for employment without regard to race, color, national origin, religion, sex, pregnancy, marital status, sexual orientation, gender identity/expression, age, disability, genetic information, military service, covered/protected veteran status or any other federal, state or local protected class.

Important notice to Employment businesses/ Agencies

GSK does not accept referrals from employment businesses and/or employment agencies in respect of the vacancies posted on this site. All employment businesses/agencies are required to contact GSK's commercial and general procurement/human resources department to obtain prior written authorization before referring any candidates to GSK. The obtaining of prior written authorization is a condition precedent to any agreement (verbal or written) between the employment business/ agency and GSK. In the absence of such written authorization being obtained any actions undertaken by the employment business/agency shall be deemed to have been performed without the consent or contractual agreement of GSK. GSK shall therefore not be liable for any fees arising from such actions or any fees arising from any referrals by employment businesses/agencies in respect of the vacancies posted on this site.

Please note that if you are a US Licensed Healthcare Professional or Healthcare Professional as defined by the laws of the state issuing your license, GSK may be required to capture and report expenses GSK incurs, on your behalf, in the event you are afforded an interview for employment. This capture of applicable transfers of value is necessary to ensure GSK’s compliance to all federal and state US Transparency requirements. For more information, please visit GSK’s Transparency Reporting For the Record site.