Job Title: Lead Engineer - Cyber Risk & Assurance
Business Introduction
GSK remains committed to achieving bold commercial ambitions for the future. By 2031, we aim to deliver £40 billion in annual sales, leveraging our existing strong performance momentum to significantly increase our positive impact on the health of billions of patients globally. Our Ahead Together strategy is centred on early intervention to prevent and alter the course of disease, thereby protecting people and supporting healthcare systems.
Our diverse portfolio consists of vaccines, specialty medicines, and general medicines.
Through continuous innovation and a dedicated focus on scientific and technical excellence, we strive to develop and launch new, groundbreaking treatments that address critical health challenges.
Position Summary
You will lead cyber risk and assurance work focused on suppliers and critical partners. You will run assessments, guide remediation, and help shape our third-party risk processes. You will work with Legal, Procurement, IT and business teams across countries. We value clear communicators who think practically, act with integrity, and learn fast. This role offers strong career growth, real ownership and the chance to help protect work that matters to patients and communities as we unite science, technology and talent to get ahead of disease together.
This role will provide YOU the opportunity to lead key activities to progress YOUR career. These responsibilities include some of the following:
- Lead and deliver supplier cybersecurity assessments and produce clear, actionable risk reports for stakeholders.
- Develop and improve third-party risk processes, checklists and controls, including use of automation and AI where appropriate.
- Work with Legal and Procurement to ensure contracts include appropriate security and privacy terms and support negotiation when needed.
- Coordinate supplier incident response, investigations and remediation tracking.
- Advise internal teams on remediation priorities and practical security controls to reduce supplier risk.
- Create and share program metrics and dashboards to show risk posture and progress.
Why You?
Work arrangement: This role is hybrid, based in India with a mix of office and remote work. We support flexible working where possible.
Basic Qualification
We are seeking professionals with the following required skills and qualifications to help us achieve our goals
- Bachelor’s degree in computer science, information security, engineering or a related field, or equivalent experience.
- Minimum 5 years hands-on experience in cybersecurity, third-party risk management or supplier assurance.
- Practical experience conducting vendor assessments, audits, questionnaires or technical reviews.
- Familiarity with common security frameworks such as ISO 27001, NIST or CIS.
- Strong written and verbal English communication. You can explain technical findings to non-technical audiences.
- Comfortable working with cross-functional stakeholders and tracking remediation to completion.
Preferred Qualification
If you have the following characteristics, it would be a plus
- Relevant certifications such as CISSP, CISM, CISA, CRISC or ISO 27001 lead auditor.
- Experience with third-party risk platforms such as Archer, OneTrust, CyberGRX or ServiceNow.
- Knowledge of cloud security, application security, and common security testing tools.
- Exposure to AI and machine learning risk assessment, including data privacy and bias considerations.
- Experience creating dashboards and reports using Power BI, Tableau or Excel advanced features.
- Prior experience working in a regulated industry or large global organisation.
What success looks like
You move assessments to clear actions and measurable results. You build trust with suppliers and internal teams. You simplify complex risks into practical steps. You help the organisation reduce supplier-related incidents and improve measurable security posture.
How we support you
You will join an experienced security community that learns together. You will receive on-the-job coaching, access to learning resources and opportunities to grow technical and leadership skills.
Apply now if you want to help protect our business and the people we serve. We welcome all applicants and are committed to inclusion. If you need adjustments during the recruitment process, please contact our recruitment team at IN.recruitment-adjustments@gsk.com.
Why GSK?
Uniting science, technology and talent to get ahead of disease together.
GSK is a global biopharma company with a purpose to unite science, technology and talent to get ahead of disease together. We aim to positively impact the health of 2.5 billion people by the end of the decade, as a successful, growing company where people can thrive. We get ahead of disease by preventing and treating it with innovation in specialty medicines and vaccines. We focus on four therapeutic areas: respiratory, immunology and inflammation; oncology; HIV; and infectious diseases – to impact health at scale.
People and patients around the world count on the medicines and vaccines we make, so we’re committed to creating an environment where our people can thrive and focus on what matters most. Our culture of being ambitious for patients, accountable for impact and doing the right thing is the foundation for how, together, we deliver for patients, shareholders and our people.
Inclusion at GSK:
As an employer committed to Inclusion, we encourage you to reach out if you need any adjustments during the recruitment process.
Please contact our Recruitment Team at IN.recruitment-adjustments@gsk.com to discuss your needs.
Important notice to Employment businesses/ Agencies
GSK does not accept referrals from employment businesses and/or employment agencies in respect of the vacancies posted on this site. All employment businesses/agencies are required to contact GSK's commercial and general procurement/human resources department to obtain prior written authorization before referring any candidates to GSK. The obtaining of prior written authorization is a condition precedent to any agreement (verbal or written) between the employment business/ agency and GSK. In the absence of such written authorization being obtained any actions undertaken by the employment business/agency shall be deemed to have been performed without the consent or contractual agreement of GSK. GSK shall therefore not be liable for any fees arising from such actions or any fees arising from any referrals by employment businesses/agencies in respect of the vacancies posted on this site.
It has come to our attention that the names of GlaxoSmithKline or GSK or our group companies are being used in connection with bogus job advertisements or through unsolicited emails asking candidates to make some payments for recruitment opportunities and interview. Please be advised that such advertisements and emails are not connected with the GlaxoSmithKline group in any way.
GlaxoSmithKline does not charge any fee whatsoever for recruitment process. Please do not make payments to any individuals / entities in connection with recruitment with any GlaxoSmithKline (or GSK) group company at any worldwide location. Even if they claim that the money is refundable.
If you come across unsolicited email from email addresses not ending in gsk.com or job advertisements which state that you should contact an email address that does not end in “gsk.com”, you should disregard the same and inform us by emailing askus@gsk.com, so that we can confirm to you if the job is genuine.