Supplier Cyber Risk & Assurance Analyst

The Supplier Cyber Risk & Assurance Analyst will support the Supplier Cyber Risk and Assurance processes for all business units and support functions across GSK, to ensure cyber security risks that may be introduced by third-parties are understood, managed or mitigated. The role will conduct comprehensive supplier cybersecurity assessments, develop and enhance the third-party risk management process framework, and provide clear and effective support to internal third-party relationship owners and external third-party representatives.

Requirements

• 5 to 10 years of proven experience in cyber security and/or third party security risk management
• Experience and knowledge across different frameworks and standards such as ISO 27001, NIST, CIS etc.
• Demonstrated experience and understanding of cyber security principles, IT security controls, and related technologies and products
• Security Certification: Preferred Security Certifications: CISSP, CISM, CISA, CTPRA, CTPRP, CRISC, ISO27001: 2022 LA & LI, ISO42001 AI.
• Understanding of relevant regulations and compliance standards GDPR, HIPAA, PCI-DSS etc
• Practical experience with third-party risk management tools such as Archer, OneTrust, Certa, CyberGRX, UpGuard, and ServiceNow
• Sound knowledge in Power BI, Tableau, Excel advanced features
• Prior experience in conducting cyber-Security risk assessments and 3rd party security and data privacy assessments
• Strong analytical skills to identify, evaluate, and prioritize potential cyber risks from suppliers
• Understanding of cybersecurity principles, tools, and technologies used to protect against threats
• Proficiency in documenting cyber security findings, creating reports, and presenting recommendations to management
• Preparedness to coordinate and respond to cyber security incidents involving suppliers
• Expertise in reviewing and negotiating supplier contracts to ensure they include necessary security clauses
• Stakeholder/ internal business management experience
• Strong verbal/written communication in English, with the ability to effectively interact with professionals at all levels of responsibility and authority
• Ability to prioritize, delegate, and foster the development of high-performance teams to lead/support an environment driven by customer service and teamwork
• Extensive experience in designing and developing security policies, processes, standards, and contracts
• Strong understanding of inherent and residual risks, as well as expertise in risk assessment methodologies
• Work with virtual teams located in different countries around the world, aligning and adapting different work, culture and communication styles
• Exposure to any GRC technologies to conduct cyber risk management