Senior Manager, Cloud and Container Security

Senior Manager, Cloud and Container Security

GSK

At GSK, we unite science, technology and talent to get ahead of disease together.

We have an exciting opportunity for an experienced cloud and container security manager to join a growing cloud security team in GSK's Cyber Security Office (CSO). You will work closely with senior stakeholders and cross-functional product teams to embed and enhance GSK's cloud and container security governance and capabilities, accelerating delivery of our business objectives, cloud migration and digital transformation initiative.

You will need to be comfortable working in a fast-paced agile environment and have experience working with multiple security and governance groups, central IT, developer and system integrator teams, based across multiple geographies and in different organisations.

This role offers the opportunity to use a wide range of skills to deliver an enterprise cloud and container security program supporting modern architecture patterns and technologies.

The ideal candidate will combine excellent technical skills and communication expertise with a collaborative approach to ensure optimal stakeholder alignment with our cloud and container security strategy.

In this role you will

1. Develop and maintain cloud and container security governance frameworks for multi-cloud environments, including Azure, GCP, and Kubernetes.
2. Align security standards, frameworks, and policies with business and technology strategies, and implement processes and tools for compliance monitoring.
3. Create and update Cloud and Container Security reference architecture and capability roadmaps.
4. Build a network of stakeholders across security, IT, and developer teams to understand future cloud requirements.
5. Periodically review and update security controls and guidance for Kubernetes and IaaS/PaaS services, balancing business and security needs.
6. Define best practices for Kubernetes and IaaS/PaaS services to enhance security controls.
7. Lead cloud and container security discussions with cyber security, IT teams, senior leadership, and workload owners.
8. Conduct security architecture reviews for large-scale cloud projects, recommending changes to align with secure-by-design principles.
9. Provide security consultancy to cyber risk and governance teams for solution architecture reviews.
10. Identify and communicate emerging security threats.
11. Stay updated on market trends and competitive insights in cloud and container security.

Qualifications & Skills:

1. Extensive experience in information security and significant experience in cloud and container security.
2. Relevant educational background or equivalent experience.
3. Expert knowledge of Azure, GCP, and AWS security.
4. Strong understanding of securing Kubernetes platforms and container-hosted workloads.
5. Proven expertise in security architecture and design reviews for cloud-native solutions, including containers, micro-services, APIs, PaaS capabilities, and IAM suites on Azure, GCP, and AWS.
6. Experience in security reviews and threat modelling for cloud solutions using Generative AI services.
7. In-depth understanding of cybersecurity principles, IT security controls, and related technologies.
8. Knowledge of network security for cloud network virtualization, Kubernetes networking, and associated controls.
9. Experience in identity and access management for cloud and container platforms.
10. Excellent verbal and written communication skills in English, with the ability to interact effectively with technical and non-technical professionals at all levels.
11. Ability to work with virtual teams across different countries, aligning and adapting to various work, culture, and communication styles.

Preferred Qualifications & Skills:

1. Kubernetes and Cloud Native Associate (KCNA).
2. Kubernetes and Cloud Security Associate (KCSA).
3. Certified Kubernetes Security Specialist (CKS).
4. Security-based industry certification such as ISC2 CISSP.
5. Pharmaceutical industry experience would be a benefit but not essential.
6. Cloud agnostic industry certification in cloud security such as ISC2 CCSP and/or CSA CCSK.
7. Cloud Service Provider security certifications such as Microsoft AZ-500, Google Security Engineer, AWS Security Engineer.
8. Experience with SABSA and Archimate.

Closing Date for Applications – Tuesday 25th Feb 2025.