Job description Posted 06 January 2022

R&D Operational Technology (OT) Third Party Security Risk Management

Contract until December 2022

Pay rate up to £620 per day via Umbrella inside IR35

Stevenage, UK - Flexible remote working available but some on site work needed too

Job Description

Do you enjoy leading in a matrix team environment, collaborating with contributors from multiple disciplines to solve problems? Do you thrive when you’re turning ideas and concepts into reality and knowing you’re delighting your customers in the process? Do you have a flair for encouraging and supporting people to deliver their best work even when working remotely? Do you understand the importance of prioritizing according to business value and communication clearly and openly with stakeholders?

We’d like to hear from you if you think you might make a good fit!

Job Purpose

The Operational Technology (OT) Third-Party security risk management is one of the OT controls / processes that is required as part of the OT programme. The R&D OT third party security risk is very high and requires targeted actions to mitigate and reduce the risk level.

The OT Third Party Security Risk Management role within R&D is responsible for managing the adherence to the Third-Party Security Risk Management (TPSRM) process / assessment for OT Security across R&D. The role is key in ensuring R&D local procurement and externalization teams adhere to the GSK Third Party Oversight (TPO) process with regards to OT security. The role is also responsible for managing R&D level vendor engagement process in context of OT principles, and developing related training / awareness.

About Operational Technology (OT) Security in R&D

Operational Technology (OT) is hardware and software that directly monitors or controls industrial equipment, assets, processes and events in labs, biomedical and supply chain environments. OT is critical in supporting many of key value streams in R&D, including Chemistry, Manufacturing and Controls (e.g. Supply chain, analytical labs), In vivo / In vitro Translation (IV/IVT) & clinical operations. Protecting R&D against cyber-security threats is an absolute priority. OT security risk mitigation controls are designed by a central cyber security team and are then tailored to and implemented within specific R&D environments by a matrix team of science and engineering specialists, Tech designers and engineers and business risk owners.

The R&D OT Third Party Security Risk Management role is a key member and driving force in R&D cyber-security risk mitigation.

Responsibilities include:

• Manage Third-Party Security Risk Management (TPSRM) process for OT Security across R&D: Liaise with the Supplier Security Risk Assessment (SSRA) team in Tech Security & Risk (TSR) to ensure that all relevant R&D OT Third-parties that meet the criteria are security assessed. Provide guidance to the business owners to correctly answer the OT questions such that appropriate OT actions are assigned.

• Review of Request for Information (RFIs): Review the Request for Information (RFI) completed by the third parties and facilitate completion of the output actions with the business owners.

• Ensure adherence to the Third-Party Oversight (TPO) process: Partner with procurement to ensure that R&D local procurement and externalization teams adhere to the GSK Third Party Oversight (TPO) process with regards to OT security. Manage R&D level vendor engagement process in context of OT principles. Periodically review R&D OT Third-parties to ensure they are still security compliant.

• Training and Awareness: Develop related Third-Party Security risk training and awareness and deliver to relevant recipients across R&D.

• Adoption strategy & change management: In the role of change agent, support the business in agile approaches to deployment and adoption of this control. In so doing, ensure enterprise thinking is in place, build excitement, momentum, visible success stories and clear value-based plans.

Why you?

Basic Qualifications:

We are looking for professionals with these required skills to achieve our goals:

• Degree with multiple years’ relevant experience in managing Third-Party security risk in large corporates within a regulated environment.

• Demonstrated learning agility to understand the broad spectrum of R&D operations and this challenging technical domain.

• Good understanding and experience in cyber security.

• Great relationship management, influencing and communication skills are essential to collaborate with onsite and remote team members, stakeholders, and customers.

• The size, scope and scale of role necessitates a self-starter with the right proven experiences, strategic thinking, and execution capabilities. Credibility (through experience) is essential to success in this role.

Preferred Qualifications:

If you have the following characteristics, it would be a plus:

• Sound experience in Change Management.

• Knowledge of Pharma/BioPharma R&D processes and value chains.

• Experience of Operational Technology environments and/or cyber-security risk mitigation programmes.

Why GSK?

Our values and expectations are at the heart of everything we do and form an important part of our culture.

These include Patient focus, Transparency, Respect, Integrity along with Courage, Accountability, Development, and Teamwork. As GSK focuses on our values and expectations and a culture of innovation, performance, and trust, the successful candidate will demonstrate the following capabilities:

Agile and distributed decision-making – using evidence and applying judgement to balance pace, rigour and risk, governance and control, managing ambiguity and paradox. Managing individual performance. Creating a performance culture and driving results, prioritization, execution, delivering performance. Setting strategic direction and leading on-going organizational transformation. Building a resilient organization. Building strong relationships and collaboration in service of common goals, engaging the organization and building trusted external networks for mutual benefit. Managing P&L and capital allocation.

GSK is an Equal Opportunity Employer and, in the US, we adhere to Affirmative Action principles. This ensures that all qualified applicants will receive equal consideration for employment without regard to race, color, national origin, religion, sex, pregnancy, marital status, sexual orientation, gender identity/expression, age, disability, genetic information, military service, covered/protected veteran status or any other federal, state or local protected class.