About this role
Welcome to Haleon. We’re a purpose-driven, world-class consumer company putting everyday health in the hands of millions. In just three years since our launch, we’ve grown, evolved and are now entering an exciting new chapter – one filled with bold ambitions and enormous opportunity.
Our trusted portfolio of brands – including Sensodyne®, Panadol®, Advil®, Voltaren®, Theraflu®, Otrivin®, and Centrum® – lead in resilient and growing categories. What sets us apart is our unique blend of deep human understanding and trusted science.
Now it’s time to fully realise the full potential of our business and our people. We do this through our Win as One strategy. It puts our purpose – to deliver better everyday health with humanity – at the heart of everything we do. It unites us, inspires us, and challenges us to be better every day, driven by our agile, performance-focused culture.
Role Purpose
The Data Platform & AI Vulnerability and Compliance Lead is responsible for Data & AI Platform wide security vulnerability management, compliance governance, and risk remediation initiatives across modern Data Platforms, Analytics ecosystems, AI/ML solutions, and Generative AI environments.
This role will be responsible for establishing secure and compliant Data & AI ecosystems by integrating cybersecurity, governance, privacy, risk management, and regulatory compliance into Data Platforms and AI Operations.
The ideal candidate will possess deep expertise in cloud-native data platforms, AI/GenAI security, vulnerability management, regulatory compliance frameworks, and secure engineering practices.
The role requires strong collaboration across Enterprise Vulnerability and Compliance teams, IT, Data, Security, Legal, and AI Engineering teams (data science/DevOps/Machine Learning Engineering) to ensure secure, compliant and resilient environment
Key responsibilities:
Vulnerability Management
Lead enterprise vulnerability management programs for all Data Office Towers including Data Engineering, Data Platforms, Data Science, AI/ML Platforms, Data innovation and Visualization.
Establish processes for vulnerability discovery, prioritization, remediation, validation, and reporting.
Define, monitor & track remediation SLAs, risk metrics, and security & Compliance KPIs.
Drive proactive risk reduction strategies across data and AI infrastructure and Applications.
Collaborate with engineering teams to automate compliance validation and vulnerability remediation.
Maintain SOPs, Runbooks and Knowledge Repositories.
Ensure compliance with security, regulatory, and validation requirements across all GenAI Platforms and Services.
Data & AI Platform Security Governance
Secure enterprise data ecosystems including but not limited to: Data Lakes, Data Warehouses, ETL/ELT Pipelines, Analytics Platforms, Data APIs, Gen AI Applications and Services.
Conduct Security Assessment and Configuration Reviews for: Microsoft Fabric, Azure Data Services, Databricks, Snowflake, enterprise Data & AI platforms and Applications.
Ensure implementation of secure data access, encryption, masking, retention, and governance controls.
Integrate security and compliance controls into DevSecOps and MLOps pipelines.
Conduct risk assessments, threat modeling, and compliance impact analysis.
Present risk posture, remediation progress, and compliance dashboards to the leadership.
Ensure high availability, performance, and stability of GenAI BAU Platforms and Applications.
Maintain risk registers and governance reporting mechanisms.
Incident Response & Security Operations
Support investigations and remediation activities related to Data & AI platform incidents.
Collaborate with SOC, Threat Intelligence, and Infrastructure Security teams.
Perform root cause analysis and define preventive security controls.
Ensure continuous compliance monitoring across cloud environments.
AI / GenAI Security & Compliance
Lead security and governance governance for AI/ML Platforms, Generative AI Solutions and Applications, Large Language Models (LLMs), RAG Architecture, AI APIs and Model Deployment Platforms etc.
Identify and mitigate AI-Specific risks including Prompt Injection, Data Leakage, Hallucination Risks, Unauthorized Data Exposure, Adversarial Attacks
Closely working with AI Governance & Responsible AI central teams to align with enterprise policies and regulatory expectations.
Lead Compliance Initiatives aligned with ISO 27001, SOC2, GDPR, PCI-DSS, HIPPA, DPDP and AI Governance Frameworks.
Coordinate audits, assessments, and evidence management activities.
Maintain enterprise security policies, standards, and control frameworks
Partner with Legal, Privacy, Risk, and Audit teams to ensure regulatory adherence.
Contribute directly to hands‑on capacity to Gen AI Operations troubleshooting, and optimisation.
Leadership & Stakeholder Engagement
Act as a trusted advisor to Data, AI, Security, Compliance, and Technology leadership teams.
Mentor security and governance professionals.
Lead awareness and training programs related to AI security and compliance best practices.
Escalate and remove blockers in a complex, matrix organisation, engaging senior stakeholders as required.
Act as the primary point of contact for Data & AI Vulnerability and Compliance Management Programs.
Drive user adoption, service awareness, training coordination, and feedback management.
Present Vulnerability dashboards, risk & compliance reports, and improvement plans to leadership.
Ensure Timely Communication to stakeholders during Vulnerabilities, Compliance shortfalls, High Impact Incidents and Changes.
Support AI Governance and Responsible AI processes through engagement with Architecture Review Boards and AI/ML Architects
Ensuring close alignment to internal & external regulatory and compliance requirements, Quality, Governance & Data Lifecycle Audits with no critical or high findings or violation against them.
Key Skills:
Vulnerability Management
AI & GenAI Security
Compliance & Governance
Data Platform & Cloud Security
DevSecOps & MLOps
Risk Management
Security Architecture
Regulatory Compliance
API & Container Security
Security, Risk and Compliance Audit Management
Stakeholder Management
Qualifications & Experience:
Bachelor’s or master’s degree in Cybersecurity, Computer Science, Information Systems, Data Engineering, or related field.
10+ Years of experience in:
Cybersecurity
Enterprise Vulnerability Management
Compliance and Governance
Cloud Security
Data Platform Security
Proven track record of enterprise Vulnerability and Compliance Management.
Strong experience in representing the organization to Internal and External Security, Risk and Compliance Audits.
Proven record of Vulnerability Remediation and Audit Finding mitigation within agreed SLAs.
Strong Experience with Enterprise Data, AI and
About Haleon
Consumer healthcare company spun off from GSK, making brands like Sensodyne, Advil, and Centrum. Based in Weybridge, UK.
Similar jobs you might like
