Home
Communities
Companies
- Companies
  
  Discover best places to work
- Compare Companies
  
  Compare & find best workplace
- Add Office Photos
  
  Bring your workplace to life
- Add Company Benefits
  
  Highlight your company's perks
Reviews
- Company reviews
  
  Read reviews for 6L+ companies
- Write a review
  
  Rate your former or current company
Salaries
- Browse salaries
  
  Discover salaries for 6L+ companies
- Salary calculator
  
  Calculate your take home salary
- Are you paid fairly?
  
  Check your market value
- Share your salary
  
  Help other jobseekers
- Gratuity calculator
  
  Check your gratuity amount
- HRA calculator
  
  Check how much of your HRA is tax-free
- Salary hike calculator
  
  Check your salary hike
Interviews
- Company interviews
  
  Read interviews for 40K+ companies
- Campus placements
  
  Interviews questions for 2K+ colleges
- Share interview questions
  
  Contribute your interview questions
Jobs
Awards

WINNERS AWAITED!
- ABECA 2025
  
  WINNERS AWAITED!
  
  AmbitionBox Employee Choice Awards - 4th Edition
- ABECA 2024
  
  AmbitionBox Employee Choice Awards - 3rd Edition
- AmbitionBox Best Places to Work 2022
  
  2nd Edition
- AmbitionBox Best Places to Work 2021
  
  1st Edition

Add office photos

Employer? Claim Account for FREE

GlaxoSmithKline Pharmaceuticals

Compare

4.1

based on 1.8k Reviews

Video summary

52 GlaxoSmithKline Pharmaceuticals Jobs

Supplier Cyber Risk & Assurance Analyst

GlaxoSmithKline Pharmaceuticals Limited

4.1

based on 1.8k Reviews

8-10 years

Bangalore / Bengaluru

1 vacancy

Supplier Cyber Risk & Assurance Analyst

GlaxoSmithKline Pharmaceuticals

posted 21hr ago

Job Role Insights

Flexible timing

Key skills for the job

Customer Service Automation Testing Procurement Risk Management Information Security CCTV Monitoring

+ 4 more

Job Description

Job Purpose

Support the Supplier Cyber Risk and Assurance processes for all business units and support functions across GSK, to ensure cyber security risks that may be introduced by third-parties are understood, managed or mitigated

Key Responsibilities

Conduct comprehensive supplier cybersecurity assessments and generate detailed reports, ensuring alignment with up-to-date departmental procedures and industry best practices.
Continuously develop and enhance the third-party risk management process framework for security risk, incorporating the latest standards, procedures, emerging technologies, and AI-driven insights.
Review and analyse supplier security practices through questionnaires, audits, scans and assessments to ensure compliance with company cyber security standards.
Coordinate and respond to security incidents involving suppliers, including investigation, mitigation, and reporting.
Examine supplier contracts to ensure they include necessary security clauses and negotiate terms to address identified risks.
Provide clear and effective support to internal third-party relationship owners and external third-party representatives, facilitating accurate responses to the security risk assessment questionnaire.
Collaborate closely with Legal, Procurement teams to ensure the inclusion of robust security and privacy clauses in third-party contracts, in line with current regulatory and industry requirements.
Accurately interpret third-party responses to assessment questionnaires, using AI and automation tools to translate them into concise and actionable risk exposure reports for internal stakeholders.
Work with internal third-party relationship owners and external third-party representatives to recommend and implement effective cyber security controls to mitigate risks to GSK.
Ensure robust tracking and remediation of third-party security and privacy risk exposures identified through assessment processes
Deliver ongoing training and awareness programs related to the supplier cyber risk and assurance process, keeping pace with the latest industry trends and threats.
Aggregate and distribute periodic program metrics and dashboards, leveraging advanced analytics and reporting tools.
Provide expert consultancy and subject matter expertise (SME) support in conducting security posture assessments, as part of continuous monitoring or post-breach scenarios, ensuring that suppliers maintain robust and up-to-date security controls with the assistance of AI and automation technologies.

Minimum Level of Job-Related Experience Required

8+ years of proven experience in cyber security and/or third party security risk management

General

Experience and knowledge across different frameworks and standards such as ISO 27001, NIST, CIS etc.
Demonstrated experience and understanding of cyber security principles, IT security controls, and related technologies and products
Security Certification: Preferred Security Certifications: CISSP, CISM, CISA, CTPRA, CTPRP, CRISC, ISO27001: 2022 LA & LI, ISO42001 AI. Understanding of relevant regulations and compliance standards GDPR, HIPAA, PCI-DSS etc
Practical experience with third-party risk management tools such as Archer, OneTrust, Certa, CyberGRX, UpGuard, and ServiceNow is highly preferred.
Sound knowledge in Power BI, Tableau, Excel advanced features.
Prior experience in conducting cyber-Security risk assessments and 3rd party security and data privacy assessments. Ensuring 3rd parties adhere to data protection laws and best practices for safeguarding sensitive information.
Strong analytical skills to identify, evaluate, and prioritize potential cyber risks from suppliers.
Understanding of cybersecurity principles, tools, and technologies used to protect against threats.
Proficiency in documenting cyber security findings, creating reports, and presenting recommendations to management.
Preparedness to coordinate and respond to cyber security incidents involving suppliers.
Expertise in reviewing and negotiating supplier contracts to ensure they include necessary security clauses.
Stakeholder/ internal business management experience
Strong verbal/written communication in English, with the ability to effectively interact with professionals at all levels of responsibility and authority
Ability to prioritize, delegate, and foster the development of high-performance teams to lead/support an environment driven by customer service and teamwork
Extensive experience in designing and developing security policies, processes, standards, and contracts.
Strong understanding of inherent and residual risks, as well as expertise in risk assessment methodologies.
Work with virtual teams located in different countries around the world, aligning and adapting different work, culture and communication styles.
Exposure to any GRC technologies to conduct cyber risk management

Technical/Functional (Line) Expertise

Experience in evaluating third parties for the presence of fundamental information security controls.
Experience conducting risk assessments and applying concepts of inherent and residual risk in order to draw appropriate conclusions and articulate the same to non-technical audiences.
Ability to effectively negotiate appropriate remediation of security gaps with third party representatives to ensure protection of GSK information.

Leadership

Influencing action across various business lines and geographies to achieve program objectives.
Ability to effectively manage conflicting priorities in alignment with overall business and departmental strategies.
Developing strong relationships with leaders of complementary programs (e.g. Procurement, Legal, Ethics & Compliance) to ensure harmonization.

Decision-making and Autonomy

Operates autonomously in the execution of the third-party security risk program framework.
Serves as central point-of-contact for evaluating security risks associated with all third-party engagements.
Recommends and agrees with Line Manager the need for shifts in program strategy.

Interaction

Excellent project management skills to effectively balance unexpected and conflicting priorities as they arise
Experience operating effectively across matrixed organizations
Intercultural sensitivity

Innovation

Understand innovations and evolving best practices amongst industry practitioners of third-party security risk management to continually mature GSK s program.
Ability to apply innovative approaches to balancing business constraints with program goals to identify win-win solutions.

Complexity