Cyber Security Office - Operational Technology (OT) Cyber Security analyst – Compliance and vulnerability management
The objective of the OT Cyber hub is to reduce the risk of security threats to OT assets at GSK.
GSK is looking for an experienced cybersecurity compliance analyst to perform tasks related to the OT vulnerability management process, that must be established and driven in collaboration with asset owners. Vulnerabilities must be assigned to owners, mitigation plans must be established and identified, and their completion must be tracked and reported.
The role also includes to support with the implementation and monitoring of our internal OT Cyber Security Standards into manufacturing, R&D and facilities. It may also include the coordination of various tasks related to the improvement of our security monitoring capabilities.
Cybersecurity analyst
Key responsibilities are:
* Engage with stakeholders across GSK to plan and execute compliance monitoring activities.
* Identify compliance gaps and areas for improvement. Document findings and provide recommendations for remediation.
* Identify asset owners based on various data sources and repositories.
* Establish vulnerability mitigation plans in alignment with asset owners
* Establish reporting mechanisms for identified vulnerabilities
* Engage with stakeholders across GSK to plan and execute security monitoring activities including log collection
* Facilitate project execution and manage milestones and deliverables.
* Assist with weekly reporting requirements
Skills required:
* Previous experience in working as a compliance officer or cybersecurity auditor.
* Strong understanding of cybersecurity industry standards (e.g. NIST CSF, SP800-82, IEC62443), and best practices.
* Able to familiarize quickly with internal cybersecurity policies and standards
* Sound organisational skills with experience in leading projects
* Strong planning and deliverable tracking to plan with the required attention to detail
* Able to hit the ground running and demonstrate a persistent drive to completion
* Excellent stakeholder engagement with the expected written and oral communication skills, strong presentation skills.
* Excellent verbal and written communication skills and the ability to interact professionally with a diverse group; Product Owners, Project Leads, engineers, executives, managers and subject matter experts
* Advanced MS Office Skills
Desirable: Relevant cybersecurity certifications such as CISSP, CISA, or CISM.
Desirable: Background in delivery of Cyber / Operational Technology security initiatives
Desirable: Pharmaceutical industry experience
Desirable: Understanding of quality practices and the documentation cycle in a regulated environment
The successful candidate will be a motivated team player who also works well independently
Location for the role will be agreed and will be for an initial 6-month duration on a five day per week basis.