Principal Architect Supplier Cyber Security Risk

• Execute and support the full lifecycle of information security and third-party risk assessments as needed, either individually or through available resources.
• Coordinate with Legal and Procurement representatives to ensure proper security and privacy clauses are included in third-party contracts
• Ensure robust tracking and remediation of third-party security and privacy risk exposures identified through assessment processes
• Evangelize third-party risk management processes across business lines to help influence a strong culture of proactive awareness for third-party risks
• Contribute to the gathering and distribution of periodic program metrics and/or dashboards
• Provide consultancy SME support in conducting security posture assessments as part of continuous monitoring or post breach scenarios to ensure that suppliers have adequate security controls.

• 8+ years of demonstrable experience in cyber security and/or third party security risk management
• Experience and knowledge across different frameworks and standards such as ISO 27001, NIST, CIS etc.
• Demonstrable experience and understanding of cyber security principles, IT security controls, and related technologies and products
• Ability to prioritize, delegate, and foster the development of high-performance teams to lead/support an environment driven by customer service and partnership
• Exposure to any GRC technologies to conduct cyber risk management
• Fluent English

• Career at one of the leading global healthcare companies
• Contract of employment
• Attractive reward package (annual bonus & awards for outstanding performance, recognition awards for additional achievements and engagement, holiday benefit)
• Life insurance and pension plan
• Private medical package with additional preventive healthcare services for employees and their eligible
• Sports cards (Multisport)
• Possibilities of development within the role and company’s structure
• Personalized learning approach (mentoring, online training’ platforms: Pluralsight, Business Skills, Harvard Manage Mentor, Skillsoft and external training)
• Extensive support of work life balance (flexible working solutions, short Fridays option, health & well-being activities)
• Supportive community and integration events
• Modern office with creative rooms, fresh fruits everyday
• Free car and bike parking, locker rooms and showers.
• Company Car or Car Allowance
• Long term incentives
  • Poznan Business Garden

• GSK Tech Global Centre located in Poznan is the world’s largest GSK technology centre, hiring about 700 highly-skilled IT professionals. As Tech we are absolutely fundamental part of a science-led global healthcare company to help GSK discover, develop, manufacture and commercialize and sell our medicines and products. Our work makes a difference and in GSK we work with purpose to help people do more, feel better, live longer.
• Join GSK Tech Global Centre in Poznan and work in an environment that empowers and inspires. Experiment and collaborate across multinational teams to bring innovation. Work as you like and where you like. Be you, feel good and keep growing!
• Principal Architect, Supplier Cyber Security Risk role will engage with senior business partners and requires a clear understanding of business imperatives in order to build commensurate cyber security controls around third-party risk. As an information security expert, diagnosing problems, modelling and analyzing data should be in your forte. This requires attention to detail and resourcefulness beyond compromise. Solving complex problems in a rapidly evolving environment requires grit, innovative and forward-thinking approach.
• This role will provide you the opportunity to lead key activities to progress your career. These responsibilities include some of the following:
  • Execute and support the full lifecycle of information security and third-party risk assessments as needed, either individually or through available resources.
  • Coordinate with Legal and Procurement representatives to ensure proper security and privacy clauses are included in third-party contracts
  • Ensure robust tracking and remediation of third-party security and privacy risk exposures identified through assessment processes
  • Evangelize third-party risk management processes across business lines to help influence a strong culture of proactive awareness for third-party risks
  • Contribute to the gathering and distribution of periodic program metrics and/or dashboards
  • Provide consultancy SME support in conducting security posture assessments as part of continuous monitoring or post breach scenarios to ensure that suppliers have adequate security controls.
• Why you?
• Basic Qualifications:
• We are looking for engineers with these required skills to achieve our goals:
  • 8+ years of demonstrable experience in cyber security and/or third party security risk management
  • Experience and knowledge across different frameworks and standards such as ISO 27001, NIST, CIS etc.
  • Demonstrable experience and understanding of cyber security principles, IT security controls, and related technologies and products
  • Ability to prioritize, delegate, and foster the development of high-performance teams to lead/support an environment driven by customer service and partnership
  • Exposure to any GRC technologies to conduct cyber risk management
  • Fluent English
• Why GSK?
• Our values and expectations are at the heart of everything we do and form an important part of our culture. These include Patient focus, Transparency, Respect, Integrity along with Courage, Accountability, Development, and Teamwork.
• We offer:
  • Career at one of the leading global healthcare companies
  • Contract of employment
  • Attractive reward package (annual bonus & awards for outstanding performance, recognition awards for additional achievements and engagement, holiday benefit)
  • Life insurance and pension plan
  • Private medical package with additional preventive healthcare services for employees and their eligible
  • Sports cards (Multisport)
  • Possibilities of development within the role and company’s structure
  • Personalized learning approach (mentoring, online training’ platforms: Pluralsight, Business Skills, Harvard Manage Mentor, Skillsoft and external training)
  • Extensive support of work life balance (flexible working solutions, short Fridays option, health & well-being activities)
  • Supportive community and integration events
  • Modern office with creative rooms, fresh fruits everyday
  • Free car and bike parking, locker rooms and showers.
  • Company Car or Car Allowance
  • Long term incentives
    
    *LI-GSK
    G6