Cybersecurity Compliance Specialist

At Roche you can show up as yourself, embraced for the unique qualities you bring. Our culture encourages personal expression, open dialogue, and genuine connections,  where you are valued, accepted and respected for who you are, allowing you to thrive both personally and professionally. This is how we aim to prevent, stop and cure diseases and ensure everyone has access to healthcare today and for generations to come. Join Roche, where every voice matters.

The Position

Join our dynamic team in Sant Cugat, Barcelona, where data security and privacy are pivotal to driving our digital transformation and achieving our ambitious goals. As a key player in Roche Diagnostics, you will apply end-to-end Division-wide product security and privacy operations to safeguard our products and services throughout their entire lifecycle. Your passion for science, technology, data, and insights will help us improve the standard of care for humankind. You will manage the information security system to ensure compliance with security and privacy regulations, define and audit controls, conduct management reviews, support high-quality documentation, and continuously optimize processes and tools. Your role also involves promoting security and privacy programs across the organization, including medical devices and cloud solutions, and effectively communicating cybersecurity and privacy concepts to non-technical users. Embark on this exciting journey where your expertise will make a significant impact and help navigate uncharted territories to unlock the full potential of our innovations.

Key Challenges

• Maintain the information security management system (ISMS) in order to ensure compliance against security and privacy laws, regulations and standards throughout the product lifecycle. 

• Developing and supporting the implementation of a comprehensive product security and privacy risk management framework

• Defining, maintaining, and auditing security and privacy controls to meet compliance requirements

• Conducting periodic product management reviews to address risks, compliance issues, and metrics

• Supporting security audits for products, external and internal audits and certifications.

• Performing gap assessments to assess compliance against new laws, regulations or standards required by the business.

• Creating high-quality documentation for internal and external compliance

• Continuously optimizing security and privacy-related processes, playbooks, and tools

• Promoting security and privacy programs in various business areas, including medical devices and cloud solutions

• Communicating cybersecurity and privacy concepts to users with both technical and non-technical backgrounds

Who you are as our ideal candidate:

• BA/BS in Engineering, Computer Science or relevant area of study required.

• Security and privacy industry certifications such as ISO27001 Lead Auditor, CISSP, CISA, CRISC, CISM, etc.

 Professional Experience: 

• Demonstrated experience in supporting security and/or privacy audits and certification processes in large-scale systems in a fast-paced environment.

• Understanding of security and privacy standards, laws and regulations, like ISO 27000 family, SOC2, GDPR, etc.

• Minimum of 5+ years of experience in security and/or privacy audit and compliance related roles in multinational environments, especially in healthcare or regulated industries.

Other requirements: 

• Ability to develop and continuously optimize processes, playbooks and tools.

• Strong organizational skills and ability to prioritize and manage multiple projects simultaneously.

• Ability to “zoom out” (see the big picture and give strategic direction) as well as to “zoom in” (provide more granularity and details when talking to experts).

• Best in class attitude; challenge status constructively and contribute to improvements; results oriented; ability to influence; solution oriented mindset; problem solving, flexibility and adaptability.

• Excellent interpersonal skills with high cross-cultural sensitivity; ability to collaborate and communicate across multiple international teams; commitment to working as a team player across Business Areas and Divisions.

• Fluent in English on a business level with excellent verbal and written skills; other languages welcome, but not required.

• Travel % required (if applicable): maximum 20%

Who we are

A healthier future drives us to innovate. Together, more than 100’000 employees across the globe are dedicated to advance science, ensuring everyone has access to healthcare today and for generations to come. Our efforts result in more than 26 million people treated with our medicines and over 30 billion tests conducted using our Diagnostics products. We empower each other to explore new possibilities, foster creativity, and keep our ambitions high, so we can deliver life-changing healthcare solutions that make a global impact.

Let’s build a healthier future, together.

Roche is an Equal Opportunity Employer.