Job description Posted 09 July 2021

Cybersecurity Supplier Security, Risk & Assurance Analyst

Role is based in Brentford but initially working from Home


This position is within the Supplier Security, Risk and Assurance team whose focus is on Information Risk and Operational Technology risk associated with third parties. The Information Security Senior Consultant works with internal business groups, procurement, and legal as well as external suppliers directly to ensure the GSK information protection risk is well managed where third parties are involved

Key responsibilities 

  • Perform supplier security assessments in line with departmental procedures and processes.
  • Create risk assessment documentation to outline mitigation plans and residual risk for acceptance by the business.
  • Establish and maintain internal relationships with appropriate procurement and business unit organizations to ensure alignment of processes and activities.
  • Carry out onsite supplier assurance visits when appropriate to ensure supplier controls have been implemented and are operating effectively and in accordance with contractual obligations throughout relationship lifecycle.
  • Contribute to the development and maintenance of departmental standards, templates, tools, and processes.
  • Integration and development of compliance processes into solution and service to align and improve overall delivery.
  • Participate in activities pertaining to service reviews, metrics gathering and reporting, voice of the Process, voice of the customer, root cause analysis, remediation, reporting, and continuous improvement.
  • Negotiate risk elements, mitigation plans, and risk acceptance with external suppliers and GSK business supplier relationship owners


  • We are looking for professionals with these required skills to achieve our goals:
  • The successful candidate will have excellent written and verbal communication skills and good judgment in setting priorities, providing practical advice and guidance, and evaluating consequences in support of decisions that are in the best interests of GSK. This includes being able to understand and clearly explain technical topics and the significance of associated risks to non-technical audiences and senior management.
  • The candidate must be a self-starter, comfortable working independently, and is expected to keep their knowledge of IT security, quality, risk, and compliance current through involvement with relevant industry forums, involvement in GSK projects, and regular training
  • Experience as an in-house or commercial information security and risk consultant with experience in either an IT security assurance or audit function and/or experience in assessment of technical controls against a documented set of standards and best practices
  • The ability to assess information security technical controls and methods against a documented framework of standards and assurance is a mixture of inherent and acquired skills that are key to these roles. We do not have a development environment for these skills so must take on individuals with a proven track record
  • Team player and willingness to go the extra mile and improve processes