SSRA Senior Analyst

GSK Tech Global Centre in Poznan
Senior
Online interview
Employment contract
Poznań
Remote possible
80%
Paid vacation
26

Project description

We are looking for an experienced SSRA Analyst to support CH Office of Deputy CISO supporting GSK’s Consumer separation and disentanglement program. Specialist on this role will provide a critical function supporting the planning and preparation for TSR Consumer Separation. The SSRA Analyst role will engage with senior business partners and requires a clear understanding of business imperatives in order to build commensurate cyber security controls around third-party risk. Highly skilled at diagnosing problems, modelling and analyzing data should be in your forte. This requires attention to detail and resourcefulness beyond compromise.


Your tasks

  • Maintain and mature the third-party risk management process framework for cybersecurity risk, including vital standards, procedures, and technologies
  • Execute and support the full lifecycle of information security and third-party risk assessments as needed, either individually or through available resources.
  • Provide clarifying support, where vital, to internal third-party relationship owners or third-party representatives in their efforts to provide responses to the security risk assessment questionnaire.
  • Coordinate with Legal and Procurement representatives to ensure accurate privacy and security clauses are included in third-party contracts
  • Collaborate with internal third-party relationship owners and third-party representatives to recommend vital security controls to effectively mitigate risks to GSK
  • Provide consultancy SME support in conducting security posture assessments as part of continuous monitoring or post breach scenarios to ensure that suppliers have adequate security controls.

Who we're looking for?

BASIC QUALIFICATIONS:

  • Experience in translating third-party responses to assessment questionnaires, using sound judgement, into concise risk exposure reporting for delivery to internal partners
  • Ability to identify sophisticated issues, communicate to relevant partners and help with the decision making
  • Experience in ensuring robust tracking and remediation of third-party security and privacy risk exposures identified through assessment processes
  • Experience and understanding of cybersecurity principles, cybersecurity controls, and related technologies and products
  • Ability to integrate knowledge of the cybersecurity implications of networks, systems and implications with business process and behavioral security concerns into a well-articulated single risk picture that can be readily understood by business management and risk and compliance professionals
  • Ability to write custom reports providing a wide range of security expertise to the business functions

PREFERRED QUALIFICATIONS:

  • Experience and knowledge across different frameworks and standards such as ISO 27001, NIST, CIS etc.
  • Understand innovations and evolving best practices among industry practitioners of third-party security risk management to continually mature processes.
  • Working with virtual teams located in different countries around the world, aligning and adapting different work, culture and communication styles.
  • Implementing innovative ideas on detection and prevention controls
  • Ability to prioritize, delegate, and foster the development of high-performance teams to lead/support an environment driven by customer service and teamwork

How we manage our projects?
Methodology
Scrum, Agile, Kanban
Who makes architectural decisions?
Team and tech leads
Who makes technology stack decisions?
Architect
Project management software
JIRA, Microsoft Teams, Azure Devops
How we code?
Git
Version control
Style guide
Code review
Static code analysis
TDD
BDD
Code metrics
Knowledge database
How we test?
Unit tests
Integration tests
System tests
Performance tests
Manual testing
Test automation
CI
Toolset
Laptop
Additional monitor
Headphones
Personal container
Phone
Operating system
Work environment
Tech supervisor
Open space
Flexible working hours
Healthcare
  • Healthcare package
  • Healthcare package for families
Leisure package
  • Leisure package
Kitchen
  • Hot beverages
  • Fruits
  • Snacks
Traning
  • Trainings
Parking
  • Car parking
  • Bicycle parking
Other
  • Chill room
  • Integration events
  • work up to 80% of your working time per month remotely
  • flexible working hours
  • work part-time or have a long weekend thanks to Short Friday

Our company

GSK Tech Global Centre in Poznan

Poznań 750
Tech skills
  • Node.js
  • JavaScript
  • Java

Check out similar job offers