The Design Assurance & Product Management (DA&PM) function plays a pivotal role in embedding cybersecurity into the early stages of product, platform and infrastructure development. DA&PM ensures that secure design principles are integrated across the entire product lifecycle from ideation and architecture through to deployment and decommissioning.
The role bridges security architecture, secure delivery, and governance, driving alignment between business, technology, and cyber strategy. This function is uniquely positioned to ensure practical, delivery-ready security that scales with enterprise transformation.
Embed Secure-by-Design Practices: Champion the integration of secure design principles into product, platform, and cloud architectures from early planning through delivery.
Shape Strategic Architecture Patterns: Develop and maintain reusable design templates and security patterns aligned to enterprise architecture, Zero Trust principles, and modern delivery models.
Product & Platform Security Governance: Partner with engineering, architecture, and platform teams to ensure secure delivery, lifecycle control enforcement, and continuous improvement of critical security controls.
Tool Evaluation & Rationalization: Lead or advise on the assessment of security tooling across the stack (cloud, identity, data, appsec, infra), balancing effectiveness, coverage, and total cost of ownership.
Risk-Based Security Design Reviews: Conduct or contribute to security design validations, threat modelling, and deviation reviews, ensuring controls are right-sized and risk-aligned.
Collaborate Across Engineering & Operations: Work closely with product owners, cloud/hosting teams, and cyber defence to bridge design intent with operational realities — including telemetry, logging, and detection enablement.
Drive Roadmap Alignment: Influence security roadmap planning for products, tools, and platforms, ensuring alignment with enterprise risk priorities, architectural standards, and digital business needs.
Contribute to Security Enablement: Help evolve practices, templates, and guidance that enable development teams to build securely by default, including training, design advisory, and control self-assessments.
Monitor Control Effectiveness: Support engineering and operations teams in defining and tracking performance metrics, usage patterns, and exceptions for critical controls across cloud, data, and identity domains.
Act as a Trusted Advisor: Serve as a consultative voice on security posture, architecture deviations, tool usage, and modernization efforts across product and platform teams.
Bachelor’s degree in Computer Science, Information Security, or a related technical field (Master’s preferred).
12+ years of experience in cybersecurity, including hands-on involvement across security architecture, engineering, or product security.
Proven experience in designing and implementing secure cloud-native architectures ( Azure, or GCP).
Solid understanding of modern identity and access management, network segmentation, application security and data protection principles.
Strong knowledge of industry standards and frameworks (e.g., NIST CSF, CIS Benchmarks, MITRE ATT&CK, OWASP, Zero Trust).
Demonstrated experience influencing secure design decisions across complex, distributed platforms and multi-cloud environments.
Experience with DevSecOps practices and integrating security in CI/CD pipelines.
Familiarity with security technologies across the stack (e.g., CNAPP, EDR/XDR, CSPM, SIEM/SOAR, PAM/PIM, SAST/DAST, Data Classification/Labeling).
Hands-on experience with tool rationalization, security telemetry pipelines, and control efficacy monitoring.
Strong stakeholder management skills, with the ability to translate technical risks to business impact.
Ability to work in a fast-paced, federated environment, balancing secure design with agile product delivery.
Thought leadership in driving modernization efforts aligned to Zero Trust, secure-by-design, and cloud-native security principles.
Why GSK?
Uniting science, technology and talent to get ahead of disease together.
GSK is a global biopharma company with a purpose to unite science, technology and talent to get ahead of disease together. We aim to positively impact the health of 2.5 billion people by the end of the decade, as a successful, growing company where people can thrive. We get ahead of disease by preventing and treating it with innovation in specialty medicines and vaccines. We focus on four therapeutic areas: respiratory, immunology and inflammation; oncology; HIV; and infectious diseases – to impact health at scale.
People and patients around the world count on the medicines and vaccines we make, so we’re committed to creating an environment where our people can thrive and focus on what matters most. Our culture of being ambitious for patients, accountable for impact and doing the right thing is the foundation for how, together, we deliver for patients, shareholders and our people.
Inclusion at GSK:
As an employer committed to Inclusion, we encourage you to reach out if you need any adjustments during the recruitment process.
Please contact our Recruitment Team at IN.recruitment-adjustments@gsk.com to discuss your needs.
Important notice to Employment businesses/ Agencies
GSK does not accept referrals from employment businesses and/or employment agencies in respect of the vacancies posted on this site. All employment businesses/agencies are required to contact GSK's commercial and general procurement/human resources department to obtain prior written authorization before referring any candidates to GSK. The obtaining of prior written authorization is a condition precedent to any agreement (verbal or written) between the employment business/ agency and GSK. In the absence of such written authorization being obtained any actions undertaken by the employment business/agency shall be deemed to have been performed without the consent or contractual agreement of GSK. GSK shall therefore not be liable for any fees arising from such actions or any fees arising from any referrals by employment businesses/agencies in respect of the vacancies posted on this site.
It has come to our attention that the names of GlaxoSmithKline or GSK or our group companies are being used in connection with bogus job advertisements or through unsolicited emails asking candidates to make some payments for recruitment opportunities and interview. Please be advised that such advertisements and emails are not connected with the GlaxoSmithKline group in any way.
GlaxoSmithKline does not charge any fee whatsoever for recruitment process. Please do not make payments to any individuals / entities in connection with recruitment with any GlaxoSmithKline (or GSK) group company at any worldwide location. Even if they claim that the money is refundable.
If you come across unsolicited email from email addresses not ending in gsk.com or job advertisements which state that you should contact an email address that does not end in “gsk.com”, you should disregard the same and inform us by emailing askus@gsk.com, so that we can confirm to you if the job is genuine.