Cyber Security -Audit Manager

Site Name: UK - London - Brentford
Posted Date: Feb 9 2024

Role : Cyber Security - Audit Manager

A&A Background

A&A is responsible for providing an objective view of risk management at a point in time. By raising awareness, we inspire meaningful action before potential issues become real issues. We collaborate and partner on the shared goal of reducing risk to GSK – protecting the interests of our patients. We are in the unique position to view across the GSK enterprise, connecting insights and sharing learnings in the risk space through our advisory and assurance product portfolio.

Job Purpose

The Cyber SecurityAudit Manager role is one that is suitable for someone with a strong background in information risk management and Cyber Security controls testing. This role requires a combination of technical skills and business awareness. Creative thinking and the ability to translate cyber threats into business risks is a valued quality for this role.

The Cyber SecurityAudit Manager is both a leader and a team contributor. As an engagement lead, you would be responsible for leading a team of 2 – 5 auditors with responsibility for delivering the final audit report to senior executives, whilst ensuring audit testing is performed to a high standard. As a team contributor you would be involved in planning, testing, fieldwork and reporting stages of the audit. The ability to risk assess technical issues and communicate those in terms meaningful to business stakeholders is an essential requirement.

The Cyber Security audit team are responsible for providing assurance that GSK’s cyber defences are operating effectively. This involves identifying and testing security safeguards covering control domains such as Vulnerability Management, Identity and Access Management, Data Protection, Application Software Security, Network Management and Secure Configuration of Cloud Services.

Key Responsibilities

• Design audit tests, which will determine if security controls and safeguards are operating as designed. Controls may be Technical, Procedural or People based.
• Perform and document risk assessments through the identification of threat scenarios and an assessment of likelihood and business impact
• Engage with auditee stakeholders throughout the audit, ensuring they are informed of progress at each stage in the audit and elicit information to verify testing outcomes.
• Design and execute audit tests ensuring they are documented in work papers, and test results and associated evidence is collated.
• Lead individual audits and be responsible for every aspect of audit management, including team management, communications, quality of documentation, risk assessment and consultation with subject matter experts as necessary.
• Work under the direction of the Audit Director to ensure delivery of a quality audit product, aligned with the initial audit objective and scope. Escalate issues to the Audit Director as appropriate
• Work collaboratively with Audit Managers from other risk areas (e.g. Commercial, Finance, Research and Supply Chain) to identify cyber risks which could impact critical business operations and data.

Skills & Experience

• Experience in conducting Cyber & Information Security risk assessments and / or audits.
• Strong knowledge of Information Security control frameworks (e.g., CIS or NIST frameworks), control testing techniques and risk assessment methods
• Knowledge of audit practices and the expected standards for audit execution and record keeping
• The ability to use data analytics to identify compliance issues or security threats.
• Leadership skills, including team management, stakeholder management, communication, progress reporting
• Strong awareness of cloud service models, system architectures and secure cloud configurations
• Excellent communication skills, especially the ability to translate technical issues into meaningful business risks.
• Bachelor’s degree (or equivalent professional qualification) in relevant discipline (e.g., computing related).
• Information Security Certifications, including cloud security (e.g. CISSP, CCSP, CISA or equivalent)
• Experience of project management or service management
• Experience of Threat Hunting or Penetration Testing techniques would be advantageous.

Job Application End Date : 16th COB

Why Us?

GSK is a global biopharma company with a special purpose – to unite science, technology and talent to get ahead of disease together – so we can positively impact the health of billions of people and deliver stronger, more sustainable shareholder returns – as an organization where people can thrive. Getting ahead means preventing disease as well as treating it, and we aim to positively impact the health of 2.5 billion people by the end of 2030.

Our success absolutely depends on our people. While getting ahead of disease together is about our ambition for patients and shareholders, it’s also about making GSK a place where people can thrive. We want GSK to be a workplace where everyone can feel a sense of belonging and thrive as set out in our Equal and Inclusive Treatment of Employees policy. We’re committed to being more proactive at all levels so that our workforce reflects the communities we work and hire in, and our GSK leadership reflects our GSK workforce.

As an Equal Opportunity Employer, we are open to all talent. In the US, we also adhere to Affirmative Action principles. This ensures that all qualified applicants will receive equal consideration for employment without regard to neurodiversity, race/ethnicity, colour, national origin, religion, gender, pregnancy, marital status, sexual orientation, gender identity/expression, age, disability, genetic information, military service, covered/protected veteran status or any other federal, state or local protected class*(*US only).

We believe in an agile working culture for all our roles. If flexibility is important to you, we encourage you to explore with our hiring team what the opportunities are.

Should you require any adjustments to our process to assist you in demonstrating your strengths and capabilities contact us on or . 

Please note should your enquiry not relate to adjustments, we will not be able to support you through these channels. However, we have created a UK Recruitment FAQ guide. Click the link and scroll to the Careers Section where you will find answers to multiple questions we receive

As you apply, we will ask you to share some personal information which is entirely voluntary. We want to have an opportunity to consider a diverse pool of qualified candidates and this information will assist us in meeting that objective and in understanding how well we are doing against our inclusion and diversity ambitions. We would really appreciate it if you could take a few moments to complete it. Rest assured, Hiring Managers do not have access to this information and we will treat your information confidentially.

Important notice to Employment businesses/ Agencies

GSK does not accept referrals from employment businesses and/or employment agencies in respect of the vacancies posted on this site. All employment businesses/agencies are required to contact GSK's commercial and general procurement/human resources department to obtain prior written authorization before referring any candidates to GSK. The obtaining of prior written authorization is a condition precedent to any agreement (verbal or written) between the employment business/ agency and GSK. In the absence of such written authorization being obtained any actions undertaken by the employment business/agency shall be deemed to have been performed without the consent or contractual agreement of GSK. GSK shall therefore not be liable for any fees arising from such actions or any fees arising from any referrals by employment businesses/agencies in respect of the vacancies posted on this site.

Please note that if you are a US Licensed Healthcare Professional or Healthcare Professional as defined by the laws of the state issuing your license, GSK may be required to capture and report expenses GSK incurs, on your behalf, in the event you are afforded an interview for employment. This capture of applicable transfers of value is necessary to ensure GSK’s compliance to all federal and state US Transparency requirements. For more information, please visit GSK’s Transparency Reporting For the Record site.

We’re moving towards a more sustainable future with our new headquarters. With better public transport links and proximity to world-class science and technology institutions, we’re excited for our move to the vicinity of Earnshaw Street, London WC1A (“the New HQ”) by end H1 2024.