Senior Manager, Cloud Security
Maximise your chances of a successful application to this job by ensuring your CV and skills are a good match.
Overview
GlaxoSmithKline (GSK) is a science-led global healthcare company with a special purpose: to help people do more, feel better, live longer. We are on an audacious journey to impact the health of 2.5 billion people over the next decade. Our R&D division is at the forefront of this mission, dedicated to the discovery and development of groundbreaking vaccines and medicines. We are transforming the landscape of medical research by integrating cutting-edge science and technology and harnessing the power of genetics and new data. By fostering a collaborative environment that unites the talents of our people, we are revolutionizing R&D to pre-empt and defeat diseases. Join us in our commitment to uniting science, technology, and talent to get ahead of disease together.
Position Summary
We have an exciting opportunity for an experienced Cloud Security Manager to join a growing cloud security team in GSK’s Cyber Security Office (CSO). You will work closely with senior stakeholders and cross-functional product teams to embed and enhance GSK’s cloud security governance and capabilities, accelerating delivery of our business objectives, cloud migration and digital transformation initiative.
You will need to be comfortable working in a fast-paced, agile environment and have experience working with multiple security and governance groups, central IT, developer and system integrator teams, based across multiple geographies and in different organisations.
This role offers the opportunity to use a wide range of skills to deliver an enterprise cloud security program supporting modern architecture patterns and technologies. The ideal candidate will combine technical skills and communication expertise with a collaborative approach to ensure optimal stakeholder alignment with our cloud security strategy.
Key Responsibilities:
- Build and maintain cloud and container security governance frameworks for multi-cloud environment including Microsoft Azure, GCP and Kubernetes.
- Define and align cloud and container security standards, frameworks and policies with overall business and technology strategy and drive implementation of processes and tools to monitor and enforce compliance.
- Develop and evolve Cloud and Container Security reference architecture and security capabilities roadmaps.
- Build and maintain a network of key stakeholders across security teams, central IT teams, business tech and developer groups to understand future state cloud requirements and roadmaps.
- Define and periodically review cloud service and container security controls and guidance documentation for Kubernetes and all IaaS & PaaS services, balancing business objectives with information and cyber security requirements.
- Define security guidance and best practice for Kubernetes and all IaaS & PaaS services to supplement security controls.
- Drive the cloud and container security conversation within cyber security office, central IT teams, business technical senior leadership and workload owners.
- Provide cloud and container security architecture review for large scale cloud projects and platforms providing recommended changes or enhancements to ensure alignment with secure by design principles.
- Provide cloud and container security consultancy to cyber risk assurance and governance risk and compliance teams for solution architecture reviews.
- Identify and communicate current and emerging security threats.
- Maintain technical skills and knowledge, keeping up to date with market trends and competitive insights.
Essential Skills:
- Minimum of 8 years working as an information security professional and at least 3 years working as a cloud and/or container security professional.
- BSc level or equivalent education.
- Expert level security knowledge of Azure, GCP and AWS.
- Solid understanding of securing Kubernetes platforms and Container hosted workloads.
- Proven experience in security architecture and security by design reviews of cloud native solutions, leveraging containers, micro-services, APIs, PaaS capabilities such as data storage, databases and data processing technologies, and identity & access management suites on Azure, GCP and AWS.
- Proven experience of security reviews and threat modelling for cloud hosted solutions leveraging Generative AI cloud services.
- Demonstrated experience and understanding of cyber security principles, IT security controls, and related technologies and products.
- Demonstrated experience of network security related to cloud network virtualisation, Kubernetes networking and associated security controls.
- Demonstrated experience of identity and access management related to securing cloud and container platforms and workloads.
- Strong stakeholder management skills.
- Strong verbal/written communication in English, with the ability to effectively interact with professionals at all levels of responsibility and authority, both technical and non-technical.
- Ability to work with virtual teams located in different countries around the world, aligning and adapting different work, culture, and communication styles.
Desirable Skills:
- Pharmaceutical industry experience
- Kubernetes and Cloud Native Associate (KCNA)
- Kubernetes and Cloud Security Associate (KCSA)
- Certified Kubernetes Administrator (CKA)
- Certified Kubernetes Security Specialist (CKS)
- Certified Kubernetes Application Developer (CKAD)
- Security based industry certification such as ISC2 CISSP
Why GSK?
Uniting science, technology and talent to get ahead of disease together.
GSK is a global biopharma company with a special purpose – to unite science, technology and talent to get ahead of disease together – so we can positively impact the health of billions of people and deliver stronger, more sustainable shareholder returns – as an organisation where people can thrive. We prevent and treat disease with vaccines, specialty and general medicines. We focus on the science of the immune system and the use of new platform and data technologies, investing in four core therapeutic areas (infectious diseases, HIV, respiratory/ immunology and oncology).
Our success absolutely depends on our people. While getting ahead of disease together is about our ambition for patients and shareholders, it’s also about making GSK a place where people can thrive. We want GSK to be a place where people feel inspired, encouraged and challenged to be the best they can be. A place where they can be themselves – feeling welcome, valued, and included. Where they can keep growing and look after their wellbeing. So, if you share our ambition, join us at this exciting moment in our journey to get Ahead Together.
Inclusion at GSK
GSK is an Equal Opportunity/Affirmative Action Employer. All qualified applicants will receive equal consideration for employment without regard to race, color, national origin, religion, sex, pregnancy, marital status, sexual orientation, gender identity/expression, age, disability, genetic information, military service, covered/protected veteran status or any other federal, state or local protected class.
If you need any adjustments in the recruitment process, please get in touch with our Recruitment team ( to further discuss this today.
Important notice to employment businesses/agencies
GSK does not accept referrals from employment businesses and/or employment agencies in respect of the vacancies posted on this site. All employment businesses/agencies are required to contact GSK's commercial and general procurement/human resources department to obtain prior written authorization before referring any candidates to GSK. The obtaining of prior written authorization is a condition precedent to any agreement (verbal or written) between the employment business/ agency and GSK. In the absence of such written authorization being obtained any actions undertaken by the employment business/agency shall be deemed to have been performed without the consent or contractual agreement of GSK. GSK shall therefore not be liable for any fees arising from such actions or any fees arising from any referrals by employment businesses/agencies in respect of the vacancies posted on this site.
Please note that if you are a US Licensed Healthcare Professional or Healthcare Professional as defined by the laws of the state issuing your license, GSK may be required to capture and report expenses GSK incurs, on your behalf, in the event you are afforded an interview for employment. This capture of applicable transfers of value is necessary to ensure GSK’s compliance to all federal and state US Transparency requirements. For more information, please visit GSK’s Transparency Reporting For the Record site.
Pay: From £600.00 per day
Work Location: In person
