Cyber Security Audit Manager

Audit & Assurance is responsible for providing an objective view of risk management at a point in time. By raising awareness, we inspire meaningful action before potential issues become real issues. We collaborate and partner on the shared goal of reducing risk to GSK – protecting the interests of our patients. We are in the unique position to view across the GSK enterprise, connecting insights and sharing learnings in the risk space through our advisory and assurance product portfolio.

The Cyber Security audit team are responsible for providing assurance that GSK’s cyber defenses are operating effectively. As a Cyber Security Audit Manager, you will be responsible for ensuring the security and integrity of GSK’s systems, network and digital assets. You will lead and conduct comprehensive audits to identify vulnerabilities, evaluate security controls, assess risks and communicate these to senior management. Your role will be crucial in maintaining our organization's compliance with industry standards and regulations, particularly those relating to Data Privacy.

This role requires a combination of technical skills and business awareness. Creative thinking and the ability to translate cyber threats into business risks is a valued quality for this role.

In this role you will

• Lead and contribute to audit assignments, from planning to execution and reporting, ensuring high quality, timely and accurate delivery
• Conduct risk assessments and identify potential vulnerabilities and control deficiencies within our IT infrastructure and cloud services
• Evaluate the effectiveness of security controls, relating to Technology, People and Process
• Develop and implement audit programs to test the security of applications, networks, and systems
• Prepare and present audit findings to senior management, providing actionable recommendations for improvement
• Collaborate with IT and security teams to ensure the implementation of corrective actions and monitor their effectiveness
• Stay updated with the latest cyber security threats, trends, and regulatory requirements to ensure our audit practices remain current and effective.
• Provide training and guidance to team members on cyber security audit processes and best practices

Qualifications & Skills:

• Excellent analytical and problem-solving skills, with the ability to identify and address complex security issues
• Strong communication and presentation skills, with the ability to convey technical information to non-technical stakeholders
• Ability to work independently and as part of a team, managing multiple priorities and deadlines effectively
• Experience of security testing techniques, such as Penetration Testing techniques would be advantageous
• Commitment to continuous learning and staying abreast of emerging cyber security threats and technologies

Preferred Qualifications & Skills:

• Professional certifications such as CISSP, CISA, CISM, or equivalent are essential.
• Experience in cyber security auditing, with a strong understanding of cyber security principles and frameworks.
• Knowledge of audit practices and the expected standards for audit execution and record keeping
• Knowledge of Data Privacy regulations, such as GDPR and privacy enhancing technologies
• Knowledge of cloud services, such as Azure, and Google Cloud Platform.
• Familiarity with industry control frameworks such as ISO 27001, NIST and CIS.
• Familiarity with Artificial Intelligence models

Closing Date for Applications – Friday 7th March 2025 (COB)

Please take a copy of the Job Description, as this will not be available post closure of the advert. When applying for this role, please use the ‘cover letter’ of the online application or your CV to describe how you meet the competencies for this role, as outlined in the job requirements above. The information that you have provided in your cover letter and CV will be used to assess your application.