Information Security Governance Expert

Descripción del puesto:

At Roche you can show up as yourself, embraced for the unique qualities you bring. Our culture encourages personal expression, open dialogue, and genuine connections, where you are valued, accepted and respected for who you are, allowing you to thrive both personally and professionally. This is how we aim to prevent, stop and cure diseases and ensure everyone has access to healthcare today and for generations to come. Join Roche, where every voice matters.

The Position

As an Expert within the Information Security & Privacy Advisory (ISPA) team, you move beyond "checking boxes" to become a strategic partner for global Engineering hubs. You will lead high-impact security and privacy risk assessments, ensuring Roche's most ambitious digital projects-from GenAI to cloud-native platforms-are resilient, "Secure by Design," and compliant with global regulations.

The Team
The Information Security & Privacy Advisory (ISPA) team serves as the strategic bridge between IT, business, and legal functions at Roche. Our mission is to ensure that Roche's digital landscape-from cutting-edge GenAI platforms to global enterprise solutions-is secure by design and compliant with international standards. We act as a global center of excellence that translates complex regulatory requirements into actionable security architecture, providing the expert guidance necessary to navigate a rapidly evolving global risk landscape.

Key Responsibilities

* High-Risk Advisory: Lead Security Expert Reviews (SER) for complex architectures, performing deep-dive technical and privacy evaluations to identify and mitigate residual risks.
* Privacy: Bridge the gap between IT, Legal, and Data Protection Officers. Translate complex legal mandates (GDPR, CCPA etc.) into actionable technical and organizational controls.
* Information Security: Contribute to Security Design Patterns and Technical Baselines for emerging technologies like Generative AI and Cloud-native ecosystems.
* Risk Governance: Utilize ServiceNow IRM to ensure the integrity and traceability of security advisory, delivering data-driven, consistent, and audit-ready results.
* Peer Excellence: Foster a "Four-Eye" quality culture through peer reviews and collective knowledge exchange within a global team of experts.

Who You Are

Our Ideal Mindset: A proactive Expert & Influencer who brings deep industry experience to an established team. You have the confidence to lead initiatives independently while thriving in an environment of collective knowledge exchange.

Qualifications:
* Experience: 5-10 years in Information Security/GRC, with a proven track record in Information Risk Assessments and DPIAs in complex, global environments.
* Technical Savvy: Deep understanding of Security Architecture and the ability to translate "Legal-speak" into "Engineering-speak."
* Regulatory Mastery: Expert knowledge of international privacy frameworks (GDPR, CCPA, HIPAA, etc.) and security standards (ISO 27001, NIST).
* System Proficiency: Experienced in using ServiceNow IRM to execute and document risk assessments, utilizing the platform to ensure consistent, high-quality, and transparent security guidance.
* Education: Degree in Computer Science or Legal. Certifications like CISSP, CISM, CRISC, CIPP/E, CIPM or ISO27001 Lead Auditor are highly valued.
* Communication: Exceptional stakeholder management skills with the ability to drive consensus across a global organization.

Who we are

A healthier future drives us to innovate. Together, more than 100'000 employees across the globe are dedicated to advance science, ensuring everyone has access to healthcare today and for generations to come. Our efforts result in more than 26 million people treated with our medicines and over 30 billion tests conducted using our Diagnostics products. We empower each other to explore new possibilities, foster creativity, and keep our ambitions high, so we can deliver life-changing healthcare solutions that make a global impact.

Let's build a healthier future, together.

Roche is an Equal Opportunity Employer