Cybersecurity Risk Program Manager

Roche fosters diversity, equity and inclusion, representing the communities we serve. When dealing with healthcare on a global scale, diversity is an essential ingredient to success. We believe that inclusion is key to understanding people’s varied healthcare needs. Together, we embrace individuality and share a passion for exceptional care. Join Roche, where every voice matters.

The Position

At Roche, we are passionate about transforming patients’ lives and we are fearless in both decision and action - we believe that good business means a better world. That is why we come to work each day. We commit ourselves to scientific rigor, unassailable ethics, and access to medical innovations for all. We do this today to build a better tomorrow.

Data security and privacy are key success factors in our digital transformation and essential to reach our ambitions. You are inspired to contribute to the overall Roche Diagnostics vision by applying end-to-end Division-wide product security and privacy operations to keep our products and services secure throughout the entire lifecycle. You believe in the potential of science, technology, data and insights to improve the standard of care for humankind and you are eager to help navigate through unchartered territory to lift this potential.

The Position

The Cybersecurity Risk Program Manager will drive the design, building and execution of a risk management governance program, including risk assessments, risk modeling, risk treatment strategies, reporting and monitoring including:

• Conduct Risk assessments by analyzing the current risks and identifying potential risks that are affecting the business and product groups.

• Prepare reports of identified and assessed risks to the management.

• Support the process for determining appropriate risk tolerance across our risk profile.

• Providing thought partnership, risk analytics (e.g. return on Risk Mitigation investments), and recommendations around remediation, risk mitigation, or process improvement to risk owners, Compliance or other control-related functions, as well as Leadership.

• Consult and coordinate with global Privacy, Risk, Security and Compliance teams on the creation and monitoring of risk mitigation or treatment plans.

Minimum Qualifications:

• Bachelor degree in a field with a strong emphasis on information security, computer, communication, or related majors, master degree as a plus.
• 1+ years cybersecurity and/or privacy program management experience and exposure to large-scale systems in fast-paced environment.
• Audit and/or compliance related roles experience in multinational environments.
• Experience in using data and metrics to define business strategy and gain executive support for new visions.
• Preferable related experience in the healthcare, diagnostics, and / or pharmaceutical industry, preferred.
• Knowledge cybersecurity standards and privacy relevant legislation (GDPR, HIPAA...).
• Demonstrate data analytical skills, creativity, and experience working with attention to detail
• Excellent Verbal/Written communication & data presentation skills, proved ability to effectively communicate with both business and technical teams.
• Ability to work in and with globally distributed and multi-cultural teams.
• Best in class attitude; challenge status constructively and contribute to improvements; results oriented; ability to influence; solution oriented mindset.

Preferred Qualifications:

• Experience working in a Software Development environment.
• Valuable certifications: ISO 27001 Lead Auditor, CISA, CISM, CISSP, GIAC, OSCP, SSCP or equivalent certification
• Proven ability to influence change at all levels within an organization
• Expert planner with business process definition experience and a strong IT aptitude
• Working knowledge or willingness to quickly learn the content and requirements of various laws, regulations, industry guidance, and company compliance policies, particularly related to privacy, data disclosure, and cybersecurity
• Experience maintaining open, candid, and trusting work relationships
• Ability to “Zoom Out” (see the big picture and give strategic direction) as well as to “Zoom in” (to provide more granularity when exchanging with a wide range of experts.
• Strong business acumen; sensitive to business needs; view change as an opportunity; eager to work in a fast-paced environment.
• Strong organizational skills and ability to prioritize and manage multiple projects simultaneously.

Who we are

At Roche, more than 100,000 people across 100 countries are pushing back the frontiers of healthcare. Working together, we’ve become one of the world’s leading research-focused healthcare groups. Our success is built on innovation, curiosity and diversity.

Roche is an Equal Opportunity Employer.