Job Description

Welcome to Haleon. We’re a purpose-driven, world-class consumer company putting everyday health in the hands of millions. In just three years since our launch, we’ve grown, evolved and are now entering an exciting new chapter – one filled with bold ambitions and enormous opportunity.

Our trusted portfolio of brands – including Sensodyne®, Panadol®, Advil®, Voltaren®, Theraflu®, Otrivin®, and Centrum® – lead in resilient and growing categories. What sets us apart is our unique blend of deep human understanding and trusted science.

Now it’s time to fully realise the full potential of our business and our people. We do this through our Win as One strategy. It puts our purpose – to deliver better everyday health with humanity – at the heart of everything we do. It unites us, inspires us, and challenges us to be better every day, driven by our agile, performance-focused culture.

Role Purpose

The Data Platform & AI Vulnerability and Compliance LeadisresponsibleforData & AI Platform widesecurity vulnerability management, compliance governance, and risk remediation initiatives across modern Data Platforms, Analytics ecosystems, AI/ML solutions, and Generative AI environments.

This role will be responsible for establishing secure and compliant Data & AI ecosystems by integrating cybersecurity, governance, privacy, risk management, and regulatory compliance intoData Platforms and AI Operations

The ideal candidate will possess deep expertise in cloud-native data platforms, AI/GenAI security, vulnerability management, regulatory compliance frameworks, and secure engineering practices.

The role requires strong collaboration acrossEnterprise Vulnerability and Compliance teams, IT, Data, Security, Legal,and AI Engineering teams(data science/DevOpsMachine Learning Engineering)to ensuresecure, compliant and resilient environment

Key responsibilities:

Vulnerability Management

• Leadenterprisevulnerability management programs forall Data Office Towers including Data Engineering, Data Platforms, Data Science,AI/ML Platforms, Data innovation and Visualization

• Establish processes for vulnerability discovery, prioritization, remediation, validation, and reporting.

• Define,monitor& trackremediation SLAs, risk metrics, and security& ComplianceKPIs.

• Drive proactive risk reduction strategies across data and AI infrastructureand Applications.

• Collaborate with engineering teams to automate compliance validation and vulnerability remediation.

• Maintain SOPs, Runbooks and Knowledge Repositories.

• Ensure compliance with security, regulatory, and validation requirementsacross allGenAI Platforms and Services.

Data& AIPlatform Security Governance

• Secure enterprise data ecosystems includingbut not limited to: Data Lakes, Data Warehouses,ETL/ELT Pipelines, Analytics Platforms, Data APIs,Gen AI Applications and Services.

• Conduct Security Assessmentand Configuration Reviews for: Microsoft Fabric, Azure Data Services, Databricks, Snowflake,enterprise Data & AI platforms and Applications.

• Ensureimplementation of secure data access, encryption, masking, retention, and governance controls.

• Integrate security and compliance controls intoDevSecOpsandMLOpspipelines

• Conduct risk assessments, threatmodeling, and compliance impact analysis.

• Present risk posture, remediation progress, and compliance dashboards totheleadership.

• Ensure high availability, performance, and stability ofGenAI BAU Platforms and Applications.

• Maintain risk registers and governance reporting mechanisms.

• Incident Response & Security Operations

• Support investigations and remediation activities related to Data & AI platform incidents.

• Collaborate with SOC, Threat Intelligence, and Infrastructure Security teams.

• Perform root cause analysis and define preventive security controls.

• Ensure continuous compliance monitoring across cloud environments.

AI / GenAI Security & Compliance

• Leadsecurity and governancegovernancefor AI/ML Platforms,Generative AI Solutions and Applications, Large Language Models (LLMs), RAG Architecture,AI APIs and Model Deployment Platforms etc.

• Identify and mitigateAI-Specific risks including Prompt Injection, Data Leakage,Hallucination Risks, Unauthorized Data Exposure, Adversarial Attacks

• Closely working with AI Governance & Responsible AIcentral teams to align with enterprise policies and regulatory expectations.

• Lead ComplianceInitiatives aligned with ISO 27001, SOC2, GDPR, PCI-DSS, HIPPA,DPDP and AI Governance Frameworks.

• Coordinate audits, assessments, and evidence management activities.

• Maintain enterprise security policies, standards, and control frameworks

• Partner with Legal, Privacy, Risk, and Audit teams to ensure regulatory adherence

• Contribute directlytohands‑on capacitytoGen AI Operationstroubleshooting, and optimisation.

Leadership& Stakeholder Engagement

• Act as a trusted advisor to Data, AI, Security, Compliance, and Technology leadership teams.

• Mentor security and governance professionals.

• Lead awareness and training programs related to AI security and compliance best practices.

• Escalate and remove blockers in a complex, matrix organisation, engaging senior stakeholders as required.

• Act as the primary point of contact forData & AI Vulnerability and Compliance Management Programs.

• Drive user adoption, service awareness, training coordination, and feedback management.

• PresentVulnerabilitydashboards, risk& compliancereports, and improvement plans to leadership.

• Ensure TimelyCommunication to stakeholders duringVulnerabilities, Compliance shortfalls,High Impact Incidents and Changes.

• SupportAI Governance and Responsible AIprocesses through engagement with Architecture Review Boards andAI/MLArchitects

• Ensuring close alignment to internal & external regulatory and compliance requirements,Quality, Governance& Data Lifecycle Auditswith no critical or high findings or violation against them.

Key Skills

• Vulnerability Management

• AI & GenAI Security

• Compliance & Governance

• Data Platform& CloudSecurity

• DevSecOps&MLOps

• Risk Management

• Security Architecture

• Regulatory Compliance

• API & Container Security

• Security, Risk and Compliance Audit Management

• Stakeholder Management

Qualifications&Experience

• Bachelor’s ormaster’sdegree in Cybersecurity, Computer Science, Information Systems, Data Engineering, or related field.

• 10+ Years of experience in:

• Cybersecurity

• Enterprise Vulnerability Management

• Compliance and Governance

• Cloud Security

• Data Platform Security

• Proven track record of enterprise Vulnerability and Compliance Management.

• Strong experience in representing the organization to Internal and External Security, Risk and Compliance Audits.

• Proven record of Vulnerability Remediation and Audit Finding mitigation within agreed SLAs

• Strong Experience with Enterprise Data, AIand Analytics Ecosystem

• Hands On Experience with AI/ML or Generative AI Security.

• Knowledge ofDevSecOps,MLOps, CI/CD, API security, and container security.

• Deep understanding of cloud platforms (Azure, AWS, Google Cloud)

• Experience withat least 2security and compliance tool like:

• Tenable

• Qualys

• Wiz

• Prisma Cloud

• Microsoft Defender

• Snyk

• Strong strategic and operational leadership skills.

• Excellent communication and executive presentation abilities.

• Ability to influence global cross-functional teams.

• Strong analytical and problem-solving capabilities.

• Passion for emerging technologies, cybersecurity innovation, and responsible AI governance.

Preferred Certifications

• CISSP, CISM,CCSP, CRISC, CEH, Azure Security Engineer,ISO 27001

Job Posting End Date

2026-05-30

Equal Opportunities

Haleon are committed to mobilising our purpose in a way that represents the diverse consumers and communities who rely on our brands every day. It guides us in creating an inclusive culture, where different backgrounds and views are valued and respected – all in support of understanding and best serving the needs of our consumers and unleashing the full potential of our people. It’s important to us that Haleon is a place where all our employees feel they truly belong.

During the application process, we may ask you to share some personal information, which is entirely voluntary. This information ensures we meet certain regulatory and reporting obligations and supports the development, refinement, and execution of our inclusion and belonging programmes that are open to all Haleon employees.

The personal information you provide will be kept confidential, used only for legitimate business purposes, and will never be used in making any employment decisions, including hiring decisions.

Adjustment or Accommodations Request

If you require a reasonable adjustment or accommodation or other assistance to apply for a job at Haleon at any stage of the application process, please let your recruiter know by providing them with a description of specific adjustments you are requesting. We’ll provide all reasonable adjustments to support you throughout the recruitment process and treat all information you provide us in confidence.

Note to candidates

The Haleon recruitment team will contact you using a Haleon email account (@haleon.com). If you are not sure whether the email you received is from Haleon, please get in touch.