Director, AIML Security

Site Name: San Francisco, Cambridge MA, Home Worker - USA
Posted Date: May 3 2024

At GSK, we want to supercharge our data capability to better understand our patients and accelerate our ability to discover vaccines and medicines.

The Onyx Research Data Platform organization represents a major investment by GSK R&D and Digital & Tech, designed to deliver a step-change in our ability to leverage data, knowledge, and prediction to find new medicines.

We are a full-stack shop consisting of product and portfolio leadership, data engineering, infrastructure and DevOps, data / metadata / knowledge platforms, and AI/ML and analysis platforms, all geared toward:

• Building a next-generation, metadata- and automation-driven data experience for GSK's scientists, engineers, and decision-makers, increasing productivity and reducing time spent on data mechanics"
• Providing best-in-class AI/ML and data analysis environments to accelerate our predictive capabilities and attract top-tier talent
• Aggressively engineering our data at scale, as one unified asset, to unlock the value of our unique collection of data and predictions in real-time

The Director, AIML Security will work within GSK's Cyber Risk Operations team, interacting directly with stakeholders and technical teams to drive and support the key programs and projects related to Artificial Intelligence (AI) and Machine Learning (ML). AI/ML are critical to the development of new medicines, particularly as we generate increasingly complex, experimental data at scale. Our vision places machine learning at the centre of human genetics and functional genomics. We see machine learning with tightly-coupled, experimental feedback loops, playing a pivotal role in understanding genetics and developing the next generation of medicines. This role will be required to be a subject matter expert in delivering security enhancements into existing and new applications, infrastructure and business processes with a specialty in the areas of AI/ML, data security, data integrity, and data democratization. This includes how to embed security requirements and risk decisions into an agile developed product, making decisions expeditiously to ensure timely delivery of a secure outcome.

The Director, AIML Security role will be required to assess existing or new DevOps and Infrastructure, Data and Knowledge Platforms and Computing, Analysis and AI/ML Platforms supporting Data Engineering and Scaled Digital Labs (e.g., critical applications & infrastructure, commercial off the shelf, FOSS and SaaS) to create a data security strategy, reusable security frameworks and solution considerations which enable rapid, if not de facto, security. You will require senior stakeholder engagement to agree on architectural strategies, frameworks or any recommendations and activities to mitigate any risks identified during engagements with program or project teams. Additionally, the role will be required to evaluate and support the delivery of new security tools and systems for the enterprise to ensure the security program continues to mature.

The role will be responsible for making recommendations into the direction of the Senior Director, Cyber Risk Operations as well as directed business programs and projects. The role will support teams that are dispersed globally and will interface with the technical leadership teams of our various business units as a trusted advisor.

Key Responsibilities:

• Evaluate architectural designs, primarily focused on GSK's data platforms, to identify and recommend appropriate solutions consistent with company policies, standards, and best practices.
• Assess complex business and technology cyber security capabilities and gaps and recommend remedial actions or solutions consistent with regulatory and legal requirements as well as industry best practice.
• Provide Subject Matter Expertise and guidance to various teams within Global Product & Technology and the GSK business units, specifically R&D Tech, to ensure security related issues are understood and addressed.
• Perform security and risk assessments of applications and their underlying infrastructure.
• Negotiate security management design proposals with Application Owners, Project Directors, suppliers and operational Directors & VPs. Escalate any risks exceeding agreed limits.
• Develop security related user stories and product specific threat models to embed into product architectural design processes.
• Support the development of technology road maps with a focus on secure and compliant architectures.
• Support the development and refinement of the overall security strategy for GSK's data platforms. Liaise and drive organization-wide data platform design, optimization, standards and security compliance.
• Familiar with the construction and design of data platform architectures (i.e., at massive scale), security protocols, data modelling and related aspects of data security, including hybrid, multi-cloud deployments.
• Responsible for design, risks, and compliance with established security methods and procedures.
• Follow security, risks and architecture standards, policies and procedures, and classification of data elements.
• Knowledgeable of latest available tools and products and capable of evaluating off-the-shelf products.
• Mentor other team members in security best practices.

Why You?

Basic Qualifications:

• Experience in Engineering, IT/Comp Sci/ Information Assurance/ Cybersecurity/ Management
• 10+ years' experience in Information Technology
• 7+ years' experience in Information Security and Risks
• 5+ years of hands-on experience and in-depth knowledge of governance, security, risks, and compliance.
• Experience developing and delivering security requirements into Agile developed projects and work streams with external dependencies.
• Experience working in a continuous integration and continuous delivery model (CI/CD).
• Experience in modern cloud computing and delivery platforms such as Microsoft Azure, Google Cloud and/or Amazon AWS.
• Experience designing and delivering security requirements to support agile software development processes (Jira/Confluence/Jenkins).
• Experience with security testing tools which perform vulnerability identification, threat analysis and static/dynamic code review.

Preferred Qualifications:

• Deep experience with security in cloud environments around GDPR, CCPA, PHI/PII data, data encryption at rest and in transit as well security concepts like tokenization, federated security models and secrets management

• Expertise in cryptography, authentication protocols and authorization standards (e.g SSL/TLS, SAML, OAuth, JWT, OPA)
• Experience working with data security systems (e.g. Kerberos, Knox, Sentry) and SIEM
• Prior experience of supporting or building and securing large scale distributed systems and big data platforms.
• Deep technical experience and knowledge in the design and implementation of analytical data platforms and accepted best practices around data movement, meta-data catalogues, data transformation, data ingestion, data security, data science and data mining in both Cloud, hybrid and on-premises environments
• Understand Real time detection engineering lifecycle from ingestion to access
• Certifications - One or more of the following desired: CISSP, CSSLP, CCSK, CCSP.
• Pharmaceutical experienced preferred but not essential.

#LI-GSK

#GSKOnyx

The annual base salary for new hires in this position ranges from $181,390 to $245,410 taking into account a number of factors including work location, the candidate's skills, experience, education level and the market rate for the role. In addition, this position offers an annual bonus and eligibility to participate in our share based long term incentive program which is dependent on the level of the role. Available benefits include health care and other insurance benefits (for employee and family), retirement benefits, paid holidays, vacation, and paid caregiver/parental and medical leave.
Please visit GSK US Benefits Summary to learn more about the comprehensive benefits program GSK offers US employees.

Why GSK?

Uniting science, technology and talent to get ahead of disease together.

GSK is a global biopharma company with a special purpose - to unite science, technology and talent to get ahead of disease together - so we can positively impact the health of billions of people and deliver stronger, more sustainable shareholder returns - as an organisation where people can thrive. We prevent and treat disease with vaccines, specialty and general medicines. We focus on the science of the immune system and the use of new platform and data technologies, investing in four core therapeutic areas (infectious diseases, HIV, respiratory/ immunology and oncology).

Our success absolutely depends on our people. While getting ahead of disease together is about our ambition for patients and shareholders, it's also about making GSK a place where people can thrive. We want GSK to be a place where people feel inspired, encouraged and challenged to be the best they can be. A place where they can be themselves - feeling welcome, valued, and included. Where they can keep growing and look after their wellbeing. So, if you share our ambition, join us at this exciting moment in our journey to get Ahead Together.

If you require an accommodation or other assistance to apply for a job at GSK, please contact the GSK Service Centre at 1-877-694-7547 (US Toll Free) or +1 801 567 5155 (outside US).

GSK is an Equal Opportunity Employer and, in the US, we adhere to Affirmative Action principles. This ensures that all qualified applicants will receive equal consideration for employment without regard to race, color, national origin, religion, sex, pregnancy, marital status, sexual orientation, gender identity/expression, age, disability, genetic information, military service, covered/protected veteran status or any other federal, state or local protected class.

Important notice to Employment businesses/ Agencies

GSK does not accept referrals from employment businesses and/or employment agencies in respect of the vacancies posted on this site. All employment businesses/agencies are required to contact GSK's commercial and general procurement/human resources department to obtain prior written authorization before referring any candidates to GSK. The obtaining of prior written authorization is a condition precedent to any agreement (verbal or written) between the employment business/ agency and GSK. In the absence of such written authorization being obtained any actions undertaken by the employment business/agency shall be deemed to have been performed without the consent or contractual agreement of GSK. GSK shall therefore not be liable for any fees arising from such actions or any fees arising from any referrals by employment businesses/agencies in respect of the vacancies posted on this site.

Please note that if you are a US Licensed Healthcare Professional or Healthcare Professional as defined by the laws of the state issuing your license, GSK may be required to capture and report expenses GSK incurs, on your behalf, in the event you are afforded an interview for employment. This capture of applicable transfers of value is necessary to ensure GSK's compliance to all federal and state US Transparency requirements. For more information, please visit GSK's Transparency Reporting For the Record site.