Information Security Governance Expert

At Roche you can show up as yourself embraced for the unique qualities you bring. Our culture encourages personal expression open dialogue and genuine connections where you are valued accepted and respected for who you are allowing you to thrive both personally and professionally. This is how we aim to prevent stop and cure diseases and ensure everyone has access to healthcare today and for generations to come. Join Roche where every voice matters.

The Position

As an Expert within the Information Security & Privacy Advisory (ISPA) team you move beyond checking boxes to become a strategic partner for global Engineering hubs. You will lead high-impact security and privacy risk assessments ensuring Roches most ambitious digital projectsfrom GenAI to cloud-native platformsare resilient Secure by Design and compliant with global regulations.

The Team
The Information Security & Privacy Advisory (ISPA) team serves as the strategic bridge between IT business and legal functions at Roche. Our mission is to ensure that Roches digital landscapefrom cutting-edge GenAI platforms to global enterprise solutionsis secure by design and compliant with international standards. We act as a global center of excellence that translates complex regulatory requirements into actionable security architecture providing the expert guidance necessary to navigate a rapidly evolving global risk landscape.

Key Responsibilities

• High-Risk Advisory: Lead Security Expert Reviews (SER) for complex architectures performing deep-dive technical and privacy evaluations to identify and mitigate residual risks.

• Privacy: Bridge the gap between IT Legal and Data Protection Officers. Translate complex legal mandates (GDPR CCPA etc.) into actionable technical and organizational controls.

• Information Security: Contribute to Security Design Patterns and Technical Baselines for emerging technologies like Generative AI and Cloud-native ecosystems.

• Risk Governance: Utilize ServiceNow IRM to ensure the integrity and traceability of security advisory delivering data-driven consistent and audit-ready results.

• Peer Excellence: Foster a Four-Eye quality culture through peer reviews and collective knowledge exchange within a global team of experts.

Who You Are

Our Ideal Mindset: A proactive Expert & Influencer who brings deep industry experience to an established team. You have the confidence to lead initiatives independently while thriving in an environment of collective knowledge exchange.

Qualifications:

• Experience: 510 years in Information Security/GRC with a proven track record in Information Risk Assessments and DPIAs in complex global environments.

• Technical Savvy: Deep understanding of Security Architecture and the ability to translate Legal-speak into Engineering-speak.

• Regulatory Mastery: Expert knowledge of international privacy frameworks (GDPR CCPA HIPAA etc.) and security standards (ISO 27001 NIST).

• System Proficiency: Experienced in using ServiceNow IRM to execute and document risk assessments utilizing the platform to ensure consistent high-quality and transparent security guidance.

• Education: Degree in Computer Science or Legal. Certifications like CISSP CISM CRISC CIPP/E CIPM or ISO27001 Lead Auditor are highly valued.

• Communication: Exceptional stakeholder management skills with the ability to drive consensus across a global organization.

Who we are

A healthier future drives us to innovate. Together more than 100000 employees across the globe are dedicated to advance science ensuring everyone has access to healthcare today and for generations to come. Our efforts result in more than 26 million people treated with our medicines and over 30 billion tests conducted using our Diagnostics products. We empower each other to explore new possibilities foster creativity and keep our ambitions high so we can deliver life-changing healthcare solutions that make a global impact.

Lets build a healthier future together.

Roche is an Equal Opportunity Employer.