Responsible for third party risk assessments to evaluate cyber resiliency of vendors and their ability to comply with security and privacy laws, as well as regulatory requirements when processing or hosting Roche data. Support of the ongoing development, implementation and management of information security policies, procedures and technical systems in order to maintain the confidentiality, integrity, and availability of electronic Protected Health Information (PHI) and of global information systems containing electronic PHI where HIPAA requirements apply.
Early career professional with experience in IT audit, risk and compliance management as well as data privacy. Deals with diverse and often times complex issues, where analysis may require in-depth evaluation of many factors. Exercises judgment in evaluating methods and may determine criteria for obtaining solutions together with security experts. Networks with senior internal and external personnel in area of expertise as well as some key contacts outside area of expertise.
Responsible for maintaining and continuously improving the quality system and achieving quality objectives through daily actions.
- Implementing and managing governance processes to identify, assess and monitor security and compliance risks associated with 3rd parties
- Conducting risk-based vendor security audits and assessments, as well as internal system assessments for Group Informatics
- Support risk assessment to evaluate controls for Protected Health Information are implemented to ensure compliance with data privacy regulations (e.g. HIPAA, GDPR, CCPA)
- Develop and implement monitoring processes for HIPAA compliance of operations and systems
- Facilitating execution of corrective actions ensuring that weaknesses identified in the IT management system are recorded, prioritized and addressed appropriately
- Preparing IT teams for audits and inspections using your knowledge of IT controls and auditing
- Driving the optimization of processes and tools for assessing and monitoring compliance of IT systems
- Developing strong working relationships and partnering effectively with IT delivery teams, global Business Quality, Corporate Audit, Finance and the IT security organizations
- Maintaining industry knowledge and skills in the areas of compliance, audit, and risk management and applying them to improve internal processes and practices
- Forster information security awareness for employees and others with access to electronic PHI and HIPAA
Who you are:
- Bachelor degree in informatics, life-sciences or equivalent work experience
- Industry recognized certifications in the relevant area like CISSP, CISA or CISM are required, CRISC or CGEIT are a plus
- 4+ years’ experience in large global enterprise IT environment within the information security organization
- Knowledge of GxP, health authority regulations, systems financial controls, software development lifecycle, computer systems validation, infrastructure qualification, information security, and ITIL processes
- Experience in data protection and data privacy regulations
- Strong project management and analytical skills
- Ability to travel as required up to 20%
- Experience in working in an international environment with people from multiple cultures