Global Information Security Management System (ISMS)

Roche fosters diversity, equity and inclusion, representing the communities we serve. When dealing with healthcare on a global scale, diversity is an essential ingredient to success. We believe that inclusion is key to understanding people’s varied healthcare needs. Together, we embrace individuality and share a passion for exceptional care. Join Roche, where every voice matters.

The Position

What you'll be working on:

You’ll be working within the Information Security & Privacy Governance Product Line as part of the Information Security Domain. Information Security and Privacy Governance is responsible for the comprehensive, risk-based Information Security framework for the Roche Group. This is realized for the enterprise within the global Information Security Management System.

The Global Information Security Management System (ISMS) product is accountable for co-developing, in collaboration with key stakeholders, and stewardship of the Information Security strategy - as part of the Information Security Program - in alignment with organizational objectives, industry security & privacy standards / frameworks and legal / regulatory requirements. This includes lifecycle management and continuous improvement of the Information Security framework (e.g. policy, directives, standards, procedures, guidelines) in alignment with corporate directives and other Roche management systems (e.g. privacy, quality, risk).

Additional accountabilities:

• Assemble and lead an agile team of Information Security Governance experts to deliver on the product's accountabilities  

• Oversee the efficiency of the Information Security Program, in collaboration with risk and compliance teams. 

• Monitor the legal and regulatory landscape, in partnership with Roche legal teams and other 2nd line functions, and sponsor, lead and/or advise in requirements relevant to Information Security 

• Monitor security and technical trends, in collaboration with internal and external partnerships, to ensure efficiency continuous improvement to the global ISMS  

• Support Roche commercial strategy with dependencies on Information Security (e.g. business area specific certifications, position papers, tenders).

• Represent - via direct involvement or delegation - the Roche global ISMS in activities such as internal and external audits, investigations and inspections.

• Manage the execution of the security policy exception management process and security change board

• Creation and delivery of global ISMS-related training and awareness

Stakeholder Management and Partnering 

• Deeply connect and understand the customer and business needs and closely partner with stakeholders (and business process management where applicable) to develop the strategic direction of the product and craft the digital roadmap and portfolio to quickly deliver highest value outcomes for Patients, Society and Roche.

• Drive co-creation of product vision and strategy, including contribution to the development and implementation of cross Products and Product Line strategies, through deep partnership and collaboration with product stakeholders.

• Define and deliver the product roadmap and manage the end-to-end product lifecycle (including continuously facilitating product discovery), ensuring it delivers tangible and meaningful value aligned with customer needs and encouraged business outcomes, overarching Product Line strategy and Enterprise Architecture and Sustainability principles to enable the Business to leverage the full Informatics offering.

Leadership and Influence

• Lead, manage and mobilize agile product teams. Lead and influence in a matrix environment; create an environment of teamwork and partnering within the area and across business organizations and Informatics.

• Work closely with Product Line Leads and Chapters to ensure the workforce strategy supports the future product needs and that the product fosters agile working.

• Ensure security, quality and privacy practices are embedded into product lifecycle in alignment with the global Information Security Management System.

• Coordinate, connect and collaborate across informatics to foster a spirit of "One Roche".

Impact and Complexity

• Support Product Line Lead in portfolio prioritization; lead strategic planning for the product and collaborate with other Product Managers and the Product Line Lead for the definition of end-to-end service levels, monitoring of KPIs and OKRs.

• Accountable for the total cost of your product, including budgeting and financial management 

• Define and manage product service levels, governance and operational support model(s) aligned with stakeholder needs.

• Lead or coordinate technical discussions and vendor negotiations.

• Ensure stability, quality and transparency in all aspects of the product governance and partner with senior/global leaders to ensure compliance with existing and changing regulations (e.g. Informatics Quality, Information Security, Finance).

Information Security, Privacy and Regulatory

• Demonstrate a solid understanding and implications of general and Roche-specific information security, privacy and regulatory principles and requirements.

• Accountable that product and services are designed, delivered and maintained in accordance with applicable information security, privacy and regulatory requirements.

• Ensure information risk assessment process and implementation guidelines are followed.

What you’ll need to be successful

• 5+ years of leadership experience in Information Security Management 

• Bachelor, advanced degree or demonstrable experience in Information Security Management (e.g. an accumulation of certifications or related experience in  CISSP, CISM, CRISC, CISA, ISO/IEC 27001 Lead Implementer / Lead Auditor). 

• Deep understanding of Information Security frameworks (e.g. ISO 27001), cybersecurity & data privacy laws and regulations. Good understanding of health regulatory frameworks (e.g. GxP).

• Experience in Information Security management (e.g. developing policy, directives), industry certifications, audits, risk management, security architecture and solutions, and security/privacy risks, threats & mitigations

• Has a keen IT market focus: you are passionate about major trends for the specific discipline

• Demonstrates an executive presence, strong business acumen, ability to navigate ambiguity, and manages complexity

• Has an enterprise mindset that can break down silos. Focus on continuous delivery through collaboration, and bringing people together to work towards the same purpose across organizational boundaries.

• Exhibits ability to empower teams and individuals to act autonomously and hold them accountable.

• Exhibits ability to manage and account for budgets

• Exhibits intellectual curiosity and integrity and has a strong passion for innovation

Who we are

At Roche, more than 100,000 people across 100 countries are pushing back the frontiers of healthcare. Working together, we’ve become one of the world’s leading research-focused healthcare groups. Our success is built on innovation, curiosity and diversity.

Roche Kaiseraugst is a cornerstone of Roche's global production and logistics network. It employs some 1900 people out of the 10,700 employees at our Basel/Kaiseraugst site and is Roche's largest and most innovative packaging facility worldwide. Read more.

Besides extensive development and training opportunities, we offer flexible working options, 18 weeks of maternity leave and 10 weeks of gender independent partnership leave. Our employees also benefit from multiple services on site such as child-care facilities, medical services, restaurants and cafeterias, as well as various employee events.

We believe in the power of diversity and inclusion, and strive to identify and create opportunities that enable all people to bring their unique selves to Roche.

Roche is an Equal Opportunity Employer.