Director, Data Security Services

Artificial intelligence and machine learning are critical to the development of new medicines, particularly as we generate increasingly-complex, experimental data at scale. Our vision places machine learning at the centre of human genetics and functional genomics. We see machine learning with tightly-coupled, experimental feedback loops, playing a pivotal role in understanding genetics and developing the next generation of medicines. The Director, Data Security Services will be required to be a subject matter expert in delivering security enhancements into existing and new applications, infrastructure and business processes, with a specialty in the area of data security, data integrity, AI, ML along with concepts such as the democratization of data. This includes how to embed security requirements into an agile developed product, making decisions expeditiously to ensure timely delivery of a secure outcome.

The Director, Data Security Services role will be required to assess existing or new critical applications & infrastructure, commercial off the shelf, FOSS and SaaS. You will require senior stakeholder engagement to agree on recommendations and activities to mitigate any risks identified during engagement with program or project teams. Additionally, the role will be required to evaluate and support the delivery of new security tools and systems for the enterprise to ensure the security program continues to mature. The role will be responsible for making recommendations into the direction of the Security Architecture and Consulting strategy as well as Tech standards and policies.

The role will support teams that are dispersed globally and will interface with the technical leadership teams of our various business units as a trusted advisor. The role will be located in North America or UK.

This role will provide YOU the opportunity to lead key activities to progress YOUR career. These responsibilities include some of the following:

• Identify and evaluate complex business and technology cyber security risks and recommend remedial actions consistent with regulatory and legal requirements as well as industry best practice.

• Provide Subject Matter Expertise and guidance to various teams within Core Technology and the GSK business units, specifically R&D, to ensure security related issues are understood and addressed.

• Perform assessments of applications and their underlying infrastructure.

• Negotiate Security and Risk management proposals with Application Owners, Project Directors, suppliers and operational Directors & VPs. Escalate any risks exceeding agreed limits.

• Develop security related user stories and product specific threat models to embed into products.

• Develop technology road map, architecture and implement data security and compliance.

• Identify overall strategy for Cloud based Big Data and Enterprise data warehouse systems. Liaise and drive organization-wide data design, optimization, standards and security compliance.

• Familiar with the construction and design of big data architectures, security protocols, data modelling and related aspects of data security.

• Responsible for design, implementation and compliance with data security methods and procedures.

• Follows data security and architecture standards, policies and procedures, and classification of data elements.

• Knowledgeable of latest available tools and products and capable of evaluating off-the-shelf products.

• Mentor other team members in data security best practices.

Why you?

Basic Qualifications:

We are looking for professionals with these required skills to achieve our goals:

• Experience in Engineering, IT/Comp Sci/ Information Assurance/ Cybersecurity/ Management

• 10+ years experience in Information Technology

• 7-10 years experience in Information Security

• 5+ years of hands on experience and in-depth knowledge of data governance, data security, and data compliance.

• Experience developing and delivering security requirements into Agile developed projects and work streams with external dependencies.

• Experience working in a continuous integration and continuous delivery model (CI/CD).

• Experience in modern cloud computing and delivery platforms such as Microsoft Azure, Google Cloud and Amazon AWS.

• Experience designing and delivering security requirements to support agile software development processes (Jira/Confluence/Jenkins).

• Experience with security testing tools which perform vulnerability identification, threat analysis and static/dynamic code review.

Preferred Qualifications:

If you have the following characteristics, it would be a plus:

• Deep experience with security in cloud environments around GDPR, CCPA, PHI/PII data, data encryption at rest and in transit as well security concepts like tokenization, federated security models and secrets management

• Expertise in cryptography, authentication protocols and authorization standards (e.g SSL/TLS, SAML, OAuth, JWT, OPA)

• Experience working with data security systems (e.g. Kerberos, Knox, Sentry) and SIEM

• Prior experience of supporting or building and securing large scale distributed systems and data platforms using Big Data stack (Kafka, Hadoop, Spark, Flink, Hive .) on AWS

• Deep technical experience and knowledge in the design and implementation of analytical data platforms and accepted best practices around data movement, meta-data catalogs, data transformation, data ingestion, data security, data science and data mining in both Cloud, hybrid and on-premise environments

• Understand Real time detection engineering lifecycle from ingestion to access

• Certifications – One or more of the following desired: CISSP, CSSLP, CCSK, CCSP.

• Pharmaceutical experienced preferred but not essential.

Our values and expectations are at the heart of everything we do and form an important part of our culture.

These include Patient focus, Transparency, Respect, Integrity along with Courage, Accountability, Development, and Teamwork. As GSK focuses on our values and expectations and a culture of innovation, performance, and trust, the successful candidate will demonstrate the following capabilities:

• Operating at pace and agile decision-making – using evidence and applying judgement to balance pace, rigour and risk.

• Committed to delivering high quality results, overcoming challenges, focusing on what matters, execution.

• Continuously looking for opportunities to learn, build skills and share learning.

• Sustaining energy and well-being.

• Building strong relationships and collaboration, honest and open conversations.

• Budgeting and cost-consciousness.

If you require an accommodation or other assistance to apply for a job at GSK, please contact the GSK Service Centre at 1-877-694-7547 (US Toll Free) or +1 801 567 5155 (outside US).

GSK is an Equal Opportunity Employer and, in the US, we adhere to Affirmative Action principles. This ensures that all qualified applicants will receive equal consideration for employment without regard to race, color, national origin, religion, sex, pregnancy, marital status, sexual orientation, gender identity/expression, age, disability, genetic information, military service, covered/protected veteran status or any other federal, state or local protected class.

Important notice to Employment businesses/ Agencies

GSK does not accept referrals from employment businesses and/or employment agencies in respect of the vacancies posted on this site. All employment businesses/agencies are required to contact GSK's commercial and general procurement/human resources department to obtain prior written authorization before referring any candidates to GSK. The obtaining of prior written authorization is a condition precedent to any agreement (verbal or written) between the employment business/ agency and GSK. In the absence of such written authorization being obtained any actions undertaken by the employment business/agency shall be deemed to have been performed without the consent or contractual agreement of GSK. GSK shall therefore not be liable for any fees arising from such actions or any fees arising from any referrals by employment businesses/agencies in respect of the vacancies posted on this site.

Please note that if you are a US Licensed Healthcare Professional or Healthcare Professional as defined by the laws of the state issuing your license, GSK may be required to capture and report expenses GSK incurs, on your behalf, in the event you are afforded an interview for employment. This capture of applicable transfers of value is necessary to ensure GSK’s compliance to all federal and state US Transparency requirements. For more information, please visit GSK’s Transparency Reporting For the Record site.