SAP Authorizations & Compliance Expert - Data Platforms

Description du poste:

At Roche you can show up as yourself, embraced for the unique qualities you bring. Our culture encourages personal expression, open dialogue, and genuine connections, where you are valued, accepted and respected for who you are, allowing you to thrive both personally and professionally. This is how we aim to prevent, stop and cure diseases and ensure everyone has access to healthcare today and for generations to come. Join Roche, where every voice matters.

The Position

SAP Authorizations & Compliance Expert - Data Platforms

Are you passionate about Information Security and Compliance, specifically in ERP environments with a focus on data integrity and governance? Join a global team where you'll lead the change as a Authorizations & Compliance Expert in optimizing processes through experience and automation.

Your primary mission is to ensure that the organization's technology landscape, data practices, and security measures do not expose the business to legal penalties, financial loss, or reputational damage. As a recognized expert, you will implement and maintain security, authorization, and compliance standards for SAP ERP platform systems and data products, providing leadership across both on-premise and cloud SAP Data platform ecosystems.

At Roche, we offer a hybrid work model that combines flexibility with in-person collaboration. For now, we require our employees to be in our offices on average two days per week. The specific office days may vary depending on business needs, such as workshops, conferences, town halls, team meetings, and other collaborative events.

The Opportunity:
* Platform Security: Implement and maintain security, authorization, and compliance standards for SAP platforms (SAP BW 7.5 HANA, SAP BW4HANA, and SAP Datasphere). Develop and mature capabilities in cloud compliance and security, particularly within SAP Datasphere.
* Regulatory Alignment & Framework Management: Continuously monitor relevant regulations (e.g., GDPR, CCPA, HIPAA, SOX) and industry standards (e.g., ISO 27001, SOC 2, NIST) to ensure the platform remains ahead of global compliance requirements.
* Policy Development & Data Governance: Drive the creation and refinement of internal policies and data governance frameworks to maintain high standards of integrity, security, and structured data handling.
* ICFR & Control Ownership: Act as the System Owner Deputy and Control Owner, taking accountability for the end-to-end ICFR (Internal Control over Financial Reporting) lifecycle, GxP controls, and other relevant regulations.
* Monitoring & Remediation: Lead weekly and monthly monitoring of SoD (Segregation of Duties) conflicts via GRC dashboards, work with SoD Champions to mitigate risks, and address non-compliant items flagged in the SAP Security Standards Roche documentation.
* System Integrity: Oversee application error reviews (e.g., failed jobs) and sign off on monitoring results in tools like ICAt to provide evidence for control checks.
* Access Governance: Perform quarterly reviews of Critical access, GRC FireFighter roles (Controllers, Owners, Admins), and HANA DB users, initiating timely removals to maintain a "least privilege" environment.
* Audit Leadership: Lead ICFR IT audit support by defining control activities, approving auditor documentation, and acting as the primary point of contact for auditors during peak cycles (Sep/Oct).
* Strategic Direction: Set technological development directions by analyzing and implementing new solutions, tools, and IT standards, with a focus on data governance, validation, and automation.
* Risk Assessment: Annually review and update the System Risk Assessment (SRA) and Data Classification to ensure alignment with the Minimum Security Baseline.
* Process Optimization: Actively conduct innovation projects to optimize processes, introduce new solutions, and increase efficiency through automation in Data products.
* Collaboration: Partner with system teams and stakeholders to ensure task ownership, bridge data privacy awareness gaps, and onboard/train new team members on ICFR control activities.

Who You Are:
* Education & Experience: Bachelor's Degree in Computer Science, IT, or Engineering with a minimum of 5 years' post-secondary experience in SAP Security and a deep understanding of Compliance.
* Compliance Expert: Proven track record in IT security/authorization and compliance projects, specifically acting as a Subject Matter Expert (SME) for ICFR, GxP, and GRC environments.
* Technical Proficiency: Working knowledge of SAP BW, HANA Studio, SAP BI, and SAP Datasphere. Familiarity with new trends in SAP Analytics and the AI space.
* Control Mastery: Strong understanding of SoDs, Critical access, Access Controls, and Pharmaceutical industry best practices including SAP audit guidelines.
* Data Governance: Experience with Data Products and Data Governance principles and practices.
* Risk Management: Experience in IT system validation processes and conducting System Risk Assessments (SRA), including Data Privacy requirements.
* Analytical Leader: Strong ability in root cause analysis, providing solutions to complex system processes, and driving remediation to completion.
* Operational Excellence: Ability to manage an external workforce/squad, adhering to dynamic targets and timelines in an Agile (SAFe/Scrum) environment.
* Communication: English proficiency with excellent interpersonal skills to collaborate effectively with diverse teams and lead training sessions for ICFR onboarding.
* Adaptability: Ability to quickly learn new technologies and compliance frameworks in a fast-paced, regulated global organization.

What you get:
* Salary range 14,000 - 26,000 PLN gross based on the employment contract.
* Annual bonus payment based on your performance (target 15%).
* Dedicated training budget (training, certifications, conferences, diversified career paths etc.).
* Recharge Fridays (2 Fridays off per quarter available).
* Take time Program (up to 3 months of leave to use for any purpose).
* Vacation subsidy available.
* Flex Location (possibility to perform our work from different places in the world for a certain period of time).
* Take Time for Charity (additional paid leave of maximum 2 weeks to engage in the charity action of your choice).
* Private healthcare (LuxMed packages), group life insurance (UNUM) and Multisport.
* Stock share purchase additions.
* Yearly sales of company laptops and cars and many more!

Apply directly and join us in shaping the future of healthcare.

#RDT2026

--
The controller of your personal data is Roche Polska Sp. z o.o., ul. Domaniewska 28, 02-672 Warsaw. The data is processed for the purpose of recruitment. You have the right to access your data, rectify it, delete it, limit processing, transfer it and - if processing is based on your consent - withdraw this consent at any time. Contact the Data Protection Officer at: Ochrona.danych@roche.com. More information on the principles of processing your personal data by Roche at the link:
https://www.roche.pl/pl/content/klauzula-informacyjna-rekrutacja-en.html

Roche Polska sp. z o.o. operates in full compliance with the law and does not tolerate any violations. Roche Polska sp. z o.o. has implemented a Procedure for Reporting Violations of Law. If you wish to report any irregularities related to our activities, all necessary information regarding the reporting process can be found on our website: https://www.roche.pl/kontakt/ochrona-sygnalistow-zglaszanie-naruszen.

Compensation & Benefits
The expected salary range for this position, based on the primary location of Warsaw Grafit is 170,100.00 PLN-315,900.00 PLN. Final compensation will be determined by a number of factors, including your skills, experience, qualifications, and location. In addition to base pay, this role may be eligible for a discretionary annual bonus with a target of 15% subject to both individual and company performance.

This position also offers an attractive benefits package.

Learn more about how we reward our employees at Roche.

Who we are

A healthier future drives us to innovate. Together, more than 100'000 employees across the globe are dedicated to advance science, ensuring everyone has access to healthcare today and for generations to come. Our efforts result in more than 26 million people treated with our medicines and over 30 billion tests conducted using our Diagnostics products. We empower each other to explore new possibilities, foster creativity, and keep our ambitions high, so we can deliver life-changing healthcare solutions that make a global impact.

Let's build a healthier future, together.

Roche is an Equal Opportunity Employer