IT Strategic Risk & Audit Manager

Roche


Job Location:

Madrid - Spain

Monthly Salary: Not Disclosed
Posted on: 12 hours ago
Vacancies: 1 Vacancy

Job Summary

At Roche you can show up as yourself embraced for the unique qualities you bring. Our culture encourages personal expression open dialogue and genuine connections where you are valued accepted and respected for who you are allowing you to thrive both personally and professionally. This is how we aim to prevent stop and cure diseases and ensure everyone has access to healthcare today and for generations to come. Join Roche where every voice matters.

The Position

At Roche we believe every patient deserves a personalized healthcare solution. As the IT Strategic Risk & Audit Manager you will play a pivotal role in ensuring that our digital evolutionfrom AI-driven drug discovery to personalized healthcare appsis built on a foundation of trust and resilience. You will act as a strategic partner to Digital Technology leaders ensuring that risks are managed proactively rather than reactively.

This role moves beyond tactical checkbox auditing to focus on strategic foresightanticipating shifts in the threat landscape regulatory environment and emerging technologies (like AI and Cloud architecture)

Job Responsibilities

Scope / (Content Leadership): Defines the strategic vision for IT risk audit and compliance and drives strategic initiatives for long-term risk management success. Initiates and leads large complex projects with a significant impact on the organization. Leads the development of enterprise-wide risk and compliance policies and advises on emerging trends and best practices.

  • Strategic Risk Architecture & Vision: Define and architect the global IT Enterprise Risk Management (ERM) framework (NIST ISO 27001 COBIT) aligning long-term digital strategy with Roches risk appetite to ensure Compliance by Design across complex interconnected global portfolios.

  • Accountability/Problem Solving: Leads the analysis of highly complex business and risk challenges with significant organizational impact proactively identifying potential strategic issues within your sphere of influence. Develops comprehensive risk management and compliance policies implements proactive measures to avoid repeated issues and leads initiatives to anticipate and mitigate future risks. Contributes to framing strategic questions and facilitates strategic decision-making at the executive level.

  • Stakeholder Management: Identifies and engages key stakeholders at the executive level and external partners analyzing enterprise-wide stakeholder landscapes. Leads enterprise-wide risk audit and compliance initiatives presenting them to executive leadership to secure support and strategic alignment for risk-related investments. Navigates highly complex and politically sensitive landscapes acting as an organizational trust builder and providing expert counsel on critical strategic decisions.

  • E2E Audit & Compliance Leadership: Lead the full lifecycle of complex IT audits and continuous monitoring programs across infrastructure and applications ensuring the organization meets global regulatory requirements while proactively identifying systemic issues to prevent recurrence.

  • Inspection Command & Control: Serve as the primary IT liaison during complex Health Authority inspections (FDA EMA etc.) leading Front-Room/Back-Room operations coaching SMEs in regulatory interview techniques and ensuring the rapid delivery of high-quality validated evidence.

  • Data Integrity & ALCOA Systematically audit and enforce the Digital Thread to ensure all health-regulated data remains Attributable Legible Contemporaneous Original and Accurate maintaining the integrity of life-saving digital health solutions.

  • Global Stakeholder & Transformation Management: Navigate sensitive landscapes to lead enterprise-wide risk initiatives partnering with IT owners to develop robust remediation CAPAs and innovating risk management approaches to drive lasting transformative impact across the global organization.

Qualifications

Education / Experience

  • 15 years of experience in IT Risk/Audit preferably within a global highly regulated industry (Pharma MedTech or Finance).

  • Deep mastery of GxP (GLP GCP GMP) CSV (Computer System Validation) and Data Integrity principles (ALCOA).

  • Expert knowledge of global risk frameworks (NIST ISO 27001 COBIT) and privacy regulations (GDPR HIPAA).

  • Strong understanding of modern technology stacks including Cloud Security (AWS/Azure) AI/ML governance and Agile/DevSecOps methodologies.

  • Demonstrated experience presenting to and influencing Executive Leadership (C-suite) and Board-level stakeholders.

  • Proven ability to navigate a complex global matrixed environment and steer senior leadership toward risk-aware decision-making through technical credibility.

  • Drives a culture of shared accountability ensuring that compliance and risk management are viewed as strategic enablers rather than organizational hurdles.

  • Certifications: Mandatory possession of at least two of the following: CISA CRISC CISM or CISSP.

#RDT2026

Where pay transparency applies details are provided based on the primary posting location. For this role the primary location is Madrid. If you are interested in additional locations where the role may be available we will provide the relevant compensation details later in the hiring process.

Who we are

A healthier future drives us to innovate. Together more than 100000 employees across the globe are dedicated to advance science ensuring everyone has access to healthcare today and for generations to come. Our efforts result in more than 26 million people treated with our medicines and over 30 billion tests conducted using our Diagnostics products. We empower each other to explore new possibilities foster creativity and keep our ambitions high so we can deliver life-changing healthcare solutions that make a global impact.


Lets build a healthier future together.

Roche is an Equal Opportunity Employer.


Required Experience:

Manager

At Roche you can show up as yourself embraced for the unique qualities you bring. Our culture encourages personal expression open dialogue and genuine connections where you are valued accepted and respected for who you are allowing you to thrive both personally and professionally. This is how we aim...

About Company

Company Logo

F. Hoffmann-La Roche AG is a Swiss multinational healthcare company that operates worldwide under two divisions: Pharmaceuticals and Diagnostics. Its holding company, Roche Holding AG, has bearer shares listed on the SIX Swiss Exchange. The company headquarters are located in Basel.

View Profile View Profile