Director- Enterprise Security Architect

Are you looking for an opportunity to provide leadership in architectural planning while driving solutions across multiple domains and solution areas, contributing to the future success of the business through innovations in technology? If so, the Enterprise Architecture Director might be the position for you!

The Enterprise Security Architect plays an integral role in defining and assessing the GSK organization's security strategy, architecture and practices. The Enterprise security architect will be required to effectively translate business objectives and risk management strategies into specific security processes enabled by security technologies and services.

The Enterprise Security Architect will focus on the security technologies layer across all of Tech, driving strategy and execution. This will ensure a seamless and connected set of security products across the Technology groups. The leader will also research, prioritize, and experiment with emerging security technology and solutions.

The Enterprise Security architect will collaborate with GSK's cybersecurity teams, in areas such as Cloud technologies, (on-prem, public hybrid and multi-cloud), including cyber security, Identity and Access Management, network security, including OT security, endpoint security, host, mobile and container.

His/her expertise will also enable security solution architecture community to support the design, deployment and success of security solutions used by the internal GSK SOC organisation and more.

This role will provide YOU the opportunity to lead key activities to progress YOUR career. These responsibilities include some of the following:

• Develops and maintains an enterprise security architecture process that enables the enterprise to develop and implement security solutions and capabilities that are clearly aligned with business, technology and threat drivers
• Develops enterprise security strategy plans and roadmaps based on sound enterprise architecture practices
• Develops and maintains security architecture artifacts (e.g., models, templates, standards and procedures) that can be used to leverage security capabilities in projects and operations
• Tracks internal and external developments and changes in the digital business and threat environments to ensure that they're adequately addressed in security strategy plans and architecture artifacts
• Collaborate with CISO and technology teams to validate business solutions, IT infrastructure, multi cloud and other reference architectures for security best practices and recommend changes to enhance security and reduce risks, where applicable
• Reviews security technologies, tools and services, and makes recommendations to the broader security and technology teams for their use, based on security, financial and operational metrics
• Liaises with CISO security solution architects, security practitioners and technology solution architects to share best practices and insights
• Liaises with the GRC internal audit (IA) team to review and evaluate the design and operational effectiveness of security-related controls and define the enterprise standard for architecture community to comply
• Liaises with the Security, Technology and vendor management team to conduct security assessments of existing and prospective strategic vendors, especially those with which the organization shares intellectual property (IP), as well as regulated or other protected data (e.g. SaaS, PaaS, IaaS, and managed service providers (MSPs)
• Establish Security technology architecture roadmaps, reference and target architecture, architectural and design principles, best practices, patters, and standards, oversee adherence to defined enterprise security architecture principles and standards
• Work with senior security leaders, vendors, and other senior technology leaders. Acts as a trusted advisor in identifying long term security domain visions and communicates the value of EA across the organisation.
• Develop and lead best practices for business continuity planning, high availability and resiliency of mission critical services.
• Enforces architecture governance structures and compliance activities to maintain regulatory compliance and enterprise standards
• Cultivates and builds relationships across security, business, IT and vendors / analysts to gather intelligence and bring insight about the wider enterprise picture and enable the leveraging of emerging security technology industry standards and approaches within EA
• An ongoing communication plan to educate and train security and technology stakeholders on the purpose and benefits of Enterprise Architecture

Why you?

Basic Qualifications:

We are looking for professionals with these required skills to achieve our goals:

• Bachelor's Degree required
• 7+ years of experience in enterprise information security architecture management
• 10+ years of experience in enterprise IT, system technology, infrastructure, integration, cloud, hosting and shared technology services.
• Minimum of 2 years of management experience working in a matrix global organization
• Experience in Engineering, IT/Comp Sci/ Information Assurance/ Cybersecurity/ Management
• Proven capability in Risk Management and Internal Controls
• Support the development of security technology standard proposals
• Experience working in a regulated industry, such as healthcare, financial services, or biotech is strongly desired
• Must have 3rd party vendor management experience.
• Cloud experience/exposure -- particularly with regard to Microsoft, and Google cloud and security service offerings

Preferred Qualifications:

If you have the following characteristics, it would be a plus:

• Master's degree or above preferred
• Excellent senior stakeholder management
• Excellent cross-functional planning and execution.
• Experience providing vision and leadership
• Should have a successful track record of tactical execution
• Outstanding written and verbal communication skills with the ability to describe complex & abstract security and technical concepts up to board level.
• Excellent people leadership qualities in both a direct and matrix organisation.
• Understanding of regulations that impact the Pharma industry (e.g., GxP, GDPR / Schrems, HIPAA, Sarbanes Oxley).
• Understanding of core security technology platform & GxP for pharma across R&D, Vaccine, manufacturing and supply chain environments, etc.
• Able to demonstrate technical breadth across Enterprise Security portfolio.
• Familiarity/experience with Architecture frameworks such as SABSA, TOGAF etc.

Why GSK?

Our values and expectations are at the heart of everything we do and form an important part of our culture.

These include Patient focus, Transparency, Respect, Integrity along with Courage, Accountability, Development, and Teamwork. As GSK focuses on our values and expectations and a culture of innovation, performance, and trust, the successful candidate will demonstrate the following capabilities:

• Agile and distributed decision-making - using evidence and applying judgement to balance pace, rigour and risk
• Managing individual and team performance.
• Committed to delivering high quality results, overcoming challenges, focusing on what matters, execution.
• Implementing change initiatives and leading change.
• Sustaining energy and well-being, building resilience in teams.
• Continuously looking for opportunities to learn, build skills and share learning both internally and externally.
• Developing people and building a talent pipeline.
• Translating strategy into action - a compelling narrative, motivating others, setting objectives and delegation.
• Building strong relationships and collaboration, managing trusted stakeholder relationships internally and externally.
• Budgeting and forecasting, commercial and financial acumen.

If you require an accommodation or other assistance to apply for a job at GSK, please contact the GSK Service Centre at 1-877-694-7547 (US Toll Free) or +1 801 567 5155 (outside US).

GSK is an Equal Opportunity Employer and, in the US, we adhere to Affirmative Action principles. This ensures that all qualified applicants will receive equal consideration for employment without regard to race, color, national origin, religion, sex, pregnancy, marital status, sexual orientation, gender identity/expression, age, disability, genetic information, military service, covered/protected veteran status or any other federal, state or local protected class.

At GSK, the health and safety of our employees are of paramount importance. As a science-led healthcare company on a mission to get ahead of disease together, we believe that supporting vaccination against COVID-19 is the single best thing we can do in the US to ensure the health and safety of our employees, complementary workers, workplaces, customers, consumers, communities, and the patients we serve.

GSK has made the decision to require all US employees to be fully vaccinated against COVID-19, where allowed by state or local law and where vaccine supply is readily available. The only exceptions to this requirement are employees who are approved for an accommodation for religious, medical or disability-related reasons.

Important notice to Employment businesses/ Agencies

GSK does not accept referrals from employment businesses and/or employment agencies in respect of the vacancies posted on this site. All employment businesses/agencies are required to contact GSK's commercial and general procurement/human resources department to obtain prior written authorization before referring any candidates to GSK. The obtaining of prior written authorization is a condition precedent to any agreement (verbal or written) between the employment business/ agency and GSK. In the absence of such written authorization being obtained any actions undertaken by the employment business/agency shall be deemed to have been performed without the consent or contractual agreement of GSK. GSK shall therefore not be liable for any fees arising from such actions or any fees arising from any referrals by employment businesses/agencies in respect of the vacancies posted on this site.

Please note that if you are a US Licensed Healthcare Professional or Healthcare Professional as defined by the laws of the state issuing your license, GSK may be required to capture and report expenses GSK incurs, on your behalf, in the event you are afforded an interview for employment. This capture of applicable transfers of value is necessary to ensure GSK's compliance to all federal and state US Transparency requirements. For more information, please visit GSK's Transparency Reporting For the Record site.