Senior Product Manager, Governance Engineering

GSK•Cambridge, MA

5d•$147,675 - $246,125

About The Position

The Onyx Research Data Tech organization represents a major investment by GSK R&D and Digital & Tech, designed to deliver a step-change in our ability to leverage data, knowledge, and prediction to find new medicines. We are a full-stack shop consisting of product and portfolio leadership, data engineering, infrastructure and DevOps, data / metadata / knowledge platforms, and AI/ML and analysis platforms, all geared toward: - Building a next-generation data experience for GSK’s scientists, engineers, and decision-makers, increasing productivity and reducing time spent on “data mechanics” - Providing best-in-class AI/ML and data analysis environments to accelerate our predictive capabilities and attract top-tier talent - Aggressively engineering our data at scale to unlock the value of our combined data assets and predictions in real-time Onyx Product Management is at the heart of our mission, ensuring that everything from our infrastructure, to platforms, to end-user facing data assets and environments is designed to maximize our impact on R&D. The Product Management team partners with R&D stakeholders and Onyx leadership to develop a strategic roadmap for all customer-facing aspects of Onyx, including data assets, ontology, Knowledge Graph / semantic search, data / computing / analysis platforms, and data-powered applications. We are seeking an experienced Senior Product Manager who will be accountable for designing and delivering the roadmap for our Governance Engineering platform to support GSK Research and Development. This role will be pivotal in ensuring a cohesive enterprise-level strategy towards automated governance capabilities, ultimately empowering our scientists with best-in-class, secure, and compliant technology products to improve research productivity and deliver new medicines for our patients. You will achieve this by defining and delivering automated governance products and capabilities that underpin our entire cloud-native data, compute, and AIML/GenAI ecosystem, focusing on enabling secure, compliant, and efficient access to data, compute, and AI resources for engineers, developers, and scientists across GSK. You will own the vision, strategy, and execution for solutions that automate 'who can access what for what purpose,' ensuring our platforms are robust, scalable, and compliant, especially as we integrate advanced AI and agentic systems.

Requirements

PhD + 2 years, Masters + 4 years, or Bachelors + 6 years
5+ years of experience in product management, with a proven track record of shipping 0-to-1 technical products, preferably in platform, infrastructure, or security domains.
Experience defining product strategy for automated governance, Identity & Access Management (IAM), data access control, or platform security services.
Technical fluency with cloud-native architectures (e.g., AWS, GCP, Azure), API design, and the infrastructure required to build and scale secure, distributed systems.
Experience with security principles, compliance frameworks (e.g., GDPR, HIPAA), and data privacy regulations.

Nice To Haves

Master’s or PhD in a technical field, or a degree in Cybersecurity, Information Systems, Law (with a tech focus), or a related discipline.
Experience with specific governance technologies such as Policy as Code (e.g., Open Policy Agent - OPA), Attribute-Based Access Control (ABAC), or leading identity providers (e.g., Okta, Azure AD, AWS IAM).
Familiarity with GxP standards.
Direct product management experience with GenAI governance, including securing LLM models, data used by GenAI, and agentic workflows, especially "on-behalf" access patterns.
Prior hands-on experience in Security Engineering, Platform Engineering, DevOps, or Software Engineering roles.
Experience working in a highly regulated industry (e.g., Pharmaceuticals, Biotech, Finance) with an understanding of enterprise-level security and compliance challenges.
Exceptional communication skills, with the ability to articulate complex security and governance concepts to diverse audiences, from technical engineers to non-technical legal/compliance stakeholders.
Familiarity with data governance tools and concepts, including data classification, lineage, and discovery in a large enterprise setting.
Previous experience in life science industry or biopharma R&D is a plus.

Responsibilities

Product Vision & Strategy: Define and own the product vision and strategy for automated governance, focusing on delivering self-service, secure, and compliant access across our cloud platforms, including compute, AI/ML, GenAI, data and knowledge management, and scientific applications.
0-to-1 Product Leadership: Lead the end-to-end product lifecycle for new governance capabilities, from concept and user research to design, development, launch, and continuous iteration, balancing security needs with developer and scientist velocity.
Automated Access & Data Governance: Drive the development of intelligent, automated systems for fine-grained access control, data usage policies, and consent management. This includes capabilities for "who can access what data for what usage" to ensure regulatory compliance and ethical data practices.
Identity & Authentication Services: Own the product roadmap for robust authentication and authorization services for applications and platforms, including seamless integration with enterprise identity providers, secure API access, and single sign-on (SSO) capabilities.
GenAI Governance & Agentic Access: Pioneer product capabilities for governing GenAI applications and AI agents, including defining and implementing "on-behalf" data access patterns, secure delegation of agent permissions, auditable agent actions, and ensuring responsible AI policy enforcement.
User-Centric Design: Deeply understand the needs of our diverse user personas—engineers, developers, and scientists—to design governance products that are intuitive, minimize friction, and embed security by default without hindering innovation.
Technical Product Definition: Translate complex security, compliance, and governance requirements into clear, actionable technical specifications, user stories, and API designs for engineering teams, fostering a "governance as code" mindset.
Cross-Functional Collaboration: Partner closely with enterprise security architects, legal & compliance teams, platform engineering, product managers, and R&D stakeholders to align on requirements, ensure solution adoption, and drive a culture of secure development.
Performance & Metrics: Define and track key performance indicators (KPIs) for governance effectiveness, compliance adherence, operational efficiency, and user adoption to continuously optimize and demonstrate product value.