Global Director of HR Digital, Privacy and Cyber Security

Site Name: UK - London - Brentford

Posted Date: Mar

Global Director of HR Digital, Privacy and Cyber Security

Location: GSK House, London (Preferred)

The purpose of the role is to promote an effective DPC management culture across all of the HR Function globally building the capability for values based decision making and to ensure that as HR global teams deliver their strategies and objectives they have the tools and knowledge to manage related risks as they arise.

Strategic Scope

You will be the subject matter expert for all GSK HR data privacy governance and controls. Specifically, you will lead strategic activities to protect all employee data across the HR function, driving robust 'best-in-class' governance programmes to ensure global compliance with GSK's legislative and regulatory responsibilities.

Find out more:

Annual Report 2021

Key Responsibilities

Strategic leadership and oversight

• Establish the global strategy, leadership and oversight for digital, privacy and cyber governance requirements as they relate to GSK for all HR employee data.
• Translate central Legal and Compliance policy and standards into workable global operational guidelines to ensure the effective governance and security of HR data.
• Map and define key privacy and cyber security risks including future evolving legislative landscape to establish appropriate risk-based mitigation plans.
• Develop an effective governance framework including the creating of a HR Privacy Steering Committee to appropriately profile and gain accountability for key risk and mitigation plans.
• Raise the quality of updates to the HR Risk Management and Compliance Board (RMCB) including the development of KRIs to drive process change and accountability.
• Provide timely reporting as needed to HR and wider leadership (ARC, ROCC, RMCB, PGB, etc).
• Stay current on global data privacy legislation and current cyber security threats ensuring business awareness as necessary.

Primary Point of Contact

• Become the primary point of contact for all data privacy and cyber security matters for relevant government bodies and regulators, HR colleagues & line management including Group Legal and third-party providers.
• Map key business stakeholders for privacy, digital and cyber security risk and develop an annual communication and engagement plan.
• Ensure HR is effectively represented and connected especially with the Head of Digital Privacy and Cyber Security and the Head of People Data and Analytics.
• Lead risk coordination and mitigation on behalf of the HRLT member accountable for the relevant HR and Enterprise risks.
• Develop an engaging proactive strategy to raise the profile and accessibility of the HR DPC team to become the 'Go-To' resource for all privacy and cyber security matters.
• Establish the role as POC for questions relative to global privacy process for all stakeholders including HR&PS LT, business partners, service centres, Group Legal, external counsel, and government/ regulatory bodies.

Subject Matter Expert

• Present as Subject Matter Expert for all HR Data Privacy and Cyber security requirements.
• Engage with the business owners across the function to proactively identify and provide expert guidance on the privacy requirements of key projects ensuring their timely delivery.
• Understand and prepare HR for the evolving aspects of technology such as BOTS, AI and Machine Learning on data privacy and the related ethical considerations.
• Create standardised global processes
• Leverage the use of data and analytics tools to improve reporting across the HR function and raise awareness to drive actions to mitigate privacy and cyber security risk.
• Collaborate with the central DPC Legal team to interpret and implement a devolved operating model across HR.
• Implement central legal policy and create standardised global processes and systems for example to complete PIAs and data inventory management and facilitate privacy by design principles across the function.
• Drive continuous improvement through advocating new business process, automation and an agile methodology.
• Influence risk tolerance parameter discussions as they apply to HR privacy and cyber security.

Licence to Operate

• Ensure HR operations meet key Licence to Operate, Compliance & Governance requirements.
• Design training tools and resources tailored for leaders and teams across the HR function a provide coaching and guidance to create a robust culture of ongoing education, raised awareness and accountability for DPC risk.
• Responding to and advising on data subject rights requests, including data subject access requests (DSARs) and other requests from individuals.
• Proactively bring future legislative changes (e.g., CALPRA) & translate into HR Policies, processes, documentation & ways of working.
• Ensuring that GSK's IT systems and procedures comply with all relevant data privacy and protection law, regulation, and policy including in relation to the retention and destruction of data.
• Lead ongoing discussions with Third Parties including RFPs to ensure appropriate contractual assurance on all data privacy matters and their and ongoing life cycle management.
• Promote zero breach compliance policies.
• Trouble shoot complex issues e.g. non-compliant employees/ documents and address potential legally sensitive matters to manage and limit risk for GSK.

Leadership and Develop Team and Colleagues

• Recruit, lead, develop and plan for succession of a small specialist international team.
• Advise to a wider network of colleagues accountable for DPC risk throughout the function.
• Ensure privacy resources are appropriately deployed on projects.

Closing Date for Applications: 6th April 2023 (COB)

Please take a copy of the Job Description, as this will not be available post closure of the advert.

When applying for this role, please use the 'cover letter' of the online application or your CV to describe how you meet the competencies for this role, as outlined in the job requirements above. The information that you have provided in your cover letter and CV will be used to assess your application.

During the course of your application you will be requested to complete voluntary information which will be used in monitoring the effectiveness of our equality and diversity policies. Your information will be treated as confidential and will not be used in any part of the selection process. If you require a reasonable adjustment to the application / selection process to enable you to demonstrate your ability to perform the job requirements, please contact This will help us to understand any modifications we may need to make to support you throughout our selection process.

• LI-GSK

Why you?

Qualifications & Skills:

We are looking for professionals with these required skills to achieve our goals:

• Bachelors Degree or equivalent experience (required)
• Strong knowledge of European and UK data privacy and data protection regulation, and a good understanding of other major privacy frameworks and evolving legislation worldwide.
• 5 years' experience within a compliance, legal, audit and/or risk function with recent experience in privacy compliance in GSK or a large, global organisation.
• Ability to work effectively and sensitively in a highly matrixed organisation across geographies and cultures
• Proven experience developing strategic policy, leading to operational implementation at pace.
• Current knowledge of information technology and data management systems required to control data privacy and cyber security risk.
• Well-developed and professional interpersonal skills; ability to interact in influence effectively with people at all levels of the organisation and externally.
• Excellent written and verbal communication skills including the ability to communicate risk management concepts to both technical and non-technical audiences, including CET members
• Strong change and project management skills, including the ability to manage time well, prioritise effectively and handle multiple deadlines.
• Ability to undertake large, long-term projects, develop alternative methods to complete them and implement solutions. Knowledge of Agile methodology preferred.
• Ability to use independent judgement and discretion when making majority of decisions.
• Excellent understanding of the Data Privacy management, regulatory and compliance trends is foundational to success in this role.
• Connected with peers in the Data Privacy industry to allow sharing of best practice.
• Track record in providing high degree of reliance, accountability and value-added consultation/ support to senior business managers and other support functions
• Strong problem-solving skills that are pragmatic and which demonstrates understanding of the business.

Preferred Qualifications & Skills:

If you have the following characteristics, it would be a plus:

• Data protection and/or privacy certification, such as CIPP, CIPT, CIPM, ISEB (preferred).
• Agile practitioner (preferred)
• Law degree or post-graduate legal qualification (preferred).

We're moving towards a more sustainable future with our new headquarters. With better public transport links and proximity to world-class science and technology institutions, we're excited for our move to the vicinity of Earnshaw Street, London WC1A ("the New HQ").by end H1 2024.

Why GSK?

GSK is a global biopharma company with a special purpose - to unite science, technology and talent to get ahead of disease together - so we can positively impact the health of billions of people and deliver stronger, more sustainable shareholder returns - as an organisation where people can thrive. Getting ahead means preventing disease as well as treating it, and we aim to impact the health of 2.5 billion people around the world in the next 10 years.

Our success absolutely depends on our people. While getting ahead of disease together is about our ambition for patients and shareholders, it's also about making GSK a place where people can thrive. We want GSK to be a workplace where everyone can feel a sense of belonging and thrive as set out in our Equal and Inclusive Treatment of Employees policy. We're committed to being more proactive at all levels so that our workforce reflects the communities we work and hire in, and our GSK leadership reflects our GSK workforce.

As an Equal Opportunity Employer, we are open to all talent. In the US, we also adhere to Affirmative Action principles. This ensures that all qualified applicants will receive equal consideration for employment without regard to neurodiversity, race/ethnicity, colour, national origin, religion, gender, pregnancy, marital status, sexual orientation, gender identity/expression, age, disability, genetic information, military service, covered/protected veteran status or any other federal, state or local protected class(US only).

We believe in an agile working culture for all our roles. If flexibility is important to you, we encourage you to explore with our hiring team what the opportunities are.

Should you require any adjustments to our process to assist you in demonstrating your strengths and capabilities contact us on or Please note should your enquiry not relate to adjustments, we will not be able to support you through these channels

As you apply, we will ask you to share some personal information which is entirely voluntary. We want to have an opportunity to consider a diverse pool of qualified candidates and this information will assist us in meeting that objective and in understanding how well we are doing against our inclusion and diversity ambitions. We would really appreciate it if you could take a few moments to complete it. Rest assured, Hiring Managers do not have access to this information and we will treat your information confidentially.

Important notice to Employment businesses/ Agencies

GSK does not accept referrals from employment businesses and/or employment agencies in respect of the vacancies posted on this site. All employment businesses/agencies are required to contact GSK's commercial and general procurement/human resources department to obtain prior written authorization before referring any candidates to GSK. The obtaining of prior written authorization is a condition precedent to any agreement (verbal or written) between the employment business/ agency and GSK. In the absence of such written authorization being obtained any actions undertaken by the employment business/agency shall be deemed to have been performed without the consent or contractual agreement of GSK. GSK shall therefore not be liable for any fees arising from such actions or any fees arising from any referrals by employment businesses/agencies in respect of the vacancies posted on this site.

Please note that if you are a US Licensed Healthcare Professional or Healthcare Professional as defined by the laws of the state issuing your license, GSK may be required to capture and report expenses GSK incurs, on your behalf, in the event you are afforded an interview for employment. This capture of applicable transfers of value is necessary to ensure GSK's compliance to all federal and state US Transparency requirements. For more information, please visit GSK's Transparency Reporting For the Record site.