Chapter Lead Compliance/Privacy, Product Security and Privacy Operations (PSPO)

Switzerland, Zug, Rotkreuz
Spain, Barcelona, Sant Cugat del Vallès
United States of America, California, Santa Clara

de fr es ru tr it pt zh ja

At Roche, we are passionate about transforming patients’ lives and we are fearless in both decision and action - we believe that good business means a better world. That is why we come to work each day. We commit ourselves to scientific rigor, unassailable ethics, and access to medical innovations for all. We do this today to build a better tomorrow. 

Data security and privacy are key success factors in our digital transformation and essential to reach our ambitions. You are inspired to contribute to the overall Roche Diagnostics vision by applying end-to-end Division-wide product security and privacy operations to keep our products and services secure and privacy compliant throughout the entire lifecycle. You believe in the potential of science, technology, data and insights to improve the standard of care for humankind and you are eager to help navigate through unchartered territory to lift this potential.

As a member of the Product Security and Privacy Operations (PSPO) function you are given this opportunity in a team with a strong focus on collaboration and teamwork to support the Diagnostics Division with state of the art and innovative security and privacy concepts.     

Areas of Responsibility

  • Lead the PSPO Compliance/Privacy chapter, including hiring, developing, and mentoring a team of highly technical security engineers and intelligence analysts.

  • Work with groups within and outside Roche to identify and categorize areas of information risk involving customer/confidential data, systems and processes.

  • Define and implement security and privacy  risk management governance and insights.

  • Define and implement security and privacy partner, vendor and supply chain due diligence. 

  • Track, measure, and report on the status of risk mitigation efforts based on the mitigation plans.

  • Contribute to and drive to the embedding of security and privacy controls into QMS and other processes to ensure their adoption and usage across the Dia Division.

  • Leverage strong risk control design to develop and implement data driven risk opportunity insights for privacy and security across the Division. 

  • Define and implement ISMS certification strategy and roadmap. 

  • Perform internal control procedures and security review for systems under development and/or enhancements to current systems

  • Support audits (internal and external) as necessary as SPOC. 

  • Generate security and privacy related documentation with high quality for internal and external compliance

  • Maintain the product security controls and awareness supporting other PSPO Chapters (Solution Architecture, Cyber Defense Intelligence and Compliance).

  • Translate policy (laws, regulations, standards etc) into outcomes and drive their implementation across the Division through collaboration with stakeholders and adjacent Chapters.

  • Develop and Implement Security and Privacy awareness and training programs for the Dia Division in alignment with other functions. 

Qualifications

  • BA/BS in Business, Information Systems, Computer Science, Law or relevant area of study, required.

  • Fluent in English on a business level with excellent verbal and written skills; German is a plus; other languages welcome, but not required.

  • Minimum of 5+ years related work experience in Information Security, Privacy & Risk Management, Audit, controls

  • Demonstrated experience conducting or being the subject of security and/or privacy audits

  • Demonstrated experience working with cloud environments required

  • In-depth experience in system hardening, analysis and vulnerability management

  • Strong understanding of applicable and accepted audit and risk frameworks (such as COBIT, NIST, and ISO), standards (ISO 27000 family, HITRUST) and government guidelines and laws (HIPAA, GDPR)

  • Experience with clinical workflow solutions or in a clinical environment a plus

Communication and Leadership:

  • Pro-active and confident individual who is committed to driving change.

  • Strong verbal and written communication skills.

  • Ability to communicate complex and highly technical information clearly and concisely.

  • Commitment to working as a team player across Business Areas and Divisions.

  • Excellent interpersonal skills with high cross-cultural sensitivity.

Our Expectations

  • Strong business acumen; sensitive to business needs; view change as an opportunity; eager to work in fast paced environment.

  • Best in class attitude; challenge status constructively and contribute to improvements; results oriented; ability to influence; solution oriented mindset.

  • Strong organizational skills and ability to prioritize and manage multiple projects simultaneously

  • Demonstrated ability to adapt to new technologies and learn quickly

  • Effective at engaging with teams in various functions and across different levels

  • Strong organizational skills and ability to prioritize and manage multiple projects simultaneously

  • Healthcare software experience preferred