GSK offers an exciting opportunity for an experienced cloud security analyst to join a growing cloud security team in GSKs Cyber Security Office (CSO). You will work closely with cross-functional technical teams to embed GSKs cloud security strategy, enabling secure by design use of GSK cloud platforms.

This role offers the opportunity to use a wide range of skills to deliver an enterprise cloud security program supporting modern architecture patterns and technologies. 

The ideal candidate will combine excellent technical and communication skills with a collaborative approach to ensure optimal stakeholder alignment with our cloud security strategy.

Senior Analyst, Cloud Security

Key Responsibilities:

• Understand and contribute to GSKs cloud security governance framework and security controls for multi-cloud environment including Microsoft Azure, GCP and AWS.
• Build and maintain a network of key stakeholders across security, IT, business tech and developer teams to ensure customer understanding of security requirements and tools available to ensure compliance.
• Define and align cloud security standards, frameworks and policies with overall business and technology strategy and leverage processes and tools to monitor and enforce compliance.
• Define and periodically review cloud service security controls and guidance documentation for all IaaS & PaaS services, balancing business objectives with information and cyber security requirements.
• Define security guidance and best practice for all IaaS & PaaS services to supplement security controls.
• Define and periodically review cloud service security controls and governance for sanctioned and unsanctioned SaaS platforms.
• Provide cloud security technical review for large scale cloud projects and platforms providing recommended changes or enhancements to ensure alignment with secure by design principles.
• Provide cloud security technical review for to cyber risk assurance and governance risk and compliance teams for solution architecture reviews.
• Identify and communicate current and emerging security threats.
• Maintain technical skills and knowledge, keeping up to date with market trends and competitive insights.

Why You?

Necessary skills:

• Minimum of 3 years working as an information security professional and at least 2 years hands on experience with cloud security.
• Strong security knowledge of at least one of Azure and GCP. Any knowledge of AWS will be beneficial but is not a must
• Proven experience in implementing and/or reviewing of secure cloud native solutions, leveraging containers, micro-services, APIs, PaaS capabilities such as data storage, databases and data processing technologies, and identity & access management suites.
• Proven experience creating ‘secure by design’ cloud solution patterns using Infrastructure as Code templates. Ideally experience in Terraform.
• Proven experience working with Infrastructure as Code security scanning solutions. Ideally experience of tools like open policy agent which use Rego.
• Proven experience working with Azure Policy and GCP org Policies.  Managing cloud native policies using Terraform (desirable).
• Very good verbal/written communication in English, with the ability to effectively interact with both technical and non-technical professionals.
• Ability to work with virtual teams located in different countries around the world, aligning and adapting different work, culture, and communication styles.

Preferred skills (although not a must):

• Cloud agnostic industry certification in cloud security such as ISC2 CCSP and/or CSA CCSK 
• Cloud Service Provider security certifications such as Microsoft AZ-500, Google Security Engineer, AWS Security Engineer 

Why GSK?

• Career with purpose - whatever it is you’re doing, you’ll be sharing our mission to improve the quality of human life, by enabling people to do more, feel better and live longer
• Possibility of developing within the role and company’s structure
• Hybrid working model
• Additional benefits (yearly bonus, medical care, life insurance, pension scheme, sports card, holiday bonus)
• Access to newest technologies and solutions and operating them at scale
• Team Building events
• Career at one of the leading global healthcare companies
• Supportive & friendly working environment
• Corporate culture based on our values: patient focus, integrity, respect and transparency

Inclusion & Diversity at GSK:

We want to hear from you and support with any adjustments that you may require during the recruitment process. Please get in touch with our Recruitment Team ([email protected]) to further discuss this today.

#LI-GSK #LI-Hybrid #DEI

Why GSK?

Uniting science, technology and talent to get ahead of disease together.

GSK is a global biopharma company with a special purpose – to unite science, technology and talent to get ahead of disease together – so we can positively impact the health of billions of people and deliver stronger, more sustainable shareholder returns – as an organisation where people can thrive. We prevent and treat disease with vaccines, specialty and general medicines. We focus on the science of the immune system and the use of new platform and data technologies, investing in four core therapeutic areas (infectious diseases, HIV, respiratory/ immunology and oncology).

Our success absolutely depends on our people. While getting ahead of disease together is about our ambition for patients and shareholders, it’s also about making GSK a place where people can thrive. We want GSK to be a place where people feel inspired, encouraged and challenged to be the best they can be. A place where they can be themselves – feeling welcome, valued, and included. Where they can keep growing and look after their wellbeing. So, if you share our ambition, join us at this exciting moment in our journey to get Ahead Together.

GSK is an Equal Opportunity/Affirmative Action Employer. All qualified applicants will receive equal consideration for employment without regard to race, color, national origin, religion, sex, pregnancy, marital status, sexual orientation, gender identity/expression, age, disability, genetic information, military service, covered/protected veteran status or any other federal, state or local protected class.

Important notice to Employment businesses/ Agencies

GSK does not accept referrals from employment businesses and/or employment agencies in respect of the vacancies posted on this site. All employment businesses/agencies are required to contact GSK's commercial and general procurement/human resources department to obtain prior written authorization before referring any candidates to GSK. The obtaining of prior written authorization is a condition precedent to any agreement (verbal or written) between the employment business/ agency and GSK. In the absence of such written authorization being obtained any actions undertaken by the employment business/agency shall be deemed to have been performed without the consent or contractual agreement of GSK. GSK shall therefore not be liable for any fees arising from such actions or any fees arising from any referrals by employment businesses/agencies in respect of the vacancies posted on this site.

Please note that if you are a US Licensed Healthcare Professional or Healthcare Professional as defined by the laws of the state issuing your license, GSK may be required to capture and report expenses GSK incurs, on your behalf, in the event you are afforded an interview for employment. This capture of applicable transfers of value is necessary to ensure GSK’s compliance to all federal and state US Transparency requirements. For more information, please visit GSK’s Transparency Reporting For the Record site.