Process Operations Coordinator - Information Security Governance

As aProcess Operations Coordinator, you are the "Chef d'Orchestre" of our technical execution. Your mission is to facilitate the seamless flow of our security frameworks, ensuring that process deliverables are triggered on time, users are supported, and reporting is accurate. You are the operational backbone that ensures our security processes are not just defined, but are actively understood, automated, and data-driven. You are a proactive facilitator who enjoys "connecting the dots" between complex technical systems and human workflows. You believe that security governance only works when the user experience is smooth and the data is reliable.

Description of the Area

The Information Security& Privacy By Design team makes Roche'sinformation security governanceaccessible through actionable processes. The capabilities we provide enable Roche to identify, assess, monitor, and mitigate information risks, manage regulatory compliance, and oversee third-party and personal data processing risks. Our processes are primarily instantiated in theServiceNow IRM Platform. We work closely with Information Security, Privacy, Risk& Compliance, and IT teams to provide enterprise visibility into Roche's information risk posture. You'll be working within the Information Security Governance (ISG) area. ISG is responsible for defining the strategic agenda for information security and privacy topics at the Roche Group level. This is realized within the global Information Security Management System (ISMS) which aligns business and IT strategies, business and technical projects, policies, standards, directives, procedures, governance, legal / regulatory, compliance, and other requirements at a global level. The Information Security& Privacy by Design area is accountable for co-developing, in collaboration with key stakeholders, and stewardship of the strategic direction of the Information Risk Assessment processes based on organizational objectives, industry practices and legal / regulatory requirements - e.g IRAAM, PETRA, OIA. This includes oversight, awareness, direction and continuous improvement to the end-to-end processes and their relevant risk modules in alignment with the global ISMS, corporate directives and Roche management systems (e.g. privacy, quality, risk).

Job Responsibilities

1. Operational Facilitation& Workflow Orchestration

• IRAAM Fulfillment: Actively "chase" and monitor the delivery of critical artifacts, such as control attestations, to ensure the process flow remains uninterrupted.
• SER Triage Management: Facilitate the Security Expert Review (SER) Triage process, prioritizing and coordinating the assignment of Information Security& Privacy Advisors (ISPA) to execute reviews.
• Process Lifecycle Oversight: Monitor the end-to-end execution of IRAAM, PETRA and OIA processes, ensuring milestones are met and bottlenecks are addressed proactively.

2. Request Management& Platform Support

• ServiceNow Orchestration: Manage and maintain the service request management tool and its related artifacts within ServiceNow.
• User Advocacy: Serve as the first point of contact for end-users, clarifying process expectations and resolving issues related to IRAAM, PETRA, and OIA.
• Incident& Triage: Manage incident tickets and provide hands-on support for user issues, identifying root causes and coordinating with the Platform Team for technical fixes.
• Knowledge Enablement: Support the Information Security Coordinator (ISC) network, providing them with the necessary process awareness and documentation to support their local domains.

3. Monitoring, Reporting& Data Maintenance

• Infrastructure Maintenance: Maintain and optimize essential operational tools (e.g., Google Sheets/Apps Script) used for SER Triage, ensuring they effectively aggregate data from Snowflake, Thoughtspot, and ServiceNow.
• Process Health Monitoring: Continuously monitor tool-driven process flows to identify dysfunctions or "mis-use" by end-users, proposing and tracking remediations.
• Compliance Oversight: Track the implementation (Service Request tracking, integration logs) of selected controls triggered by SRAs (System Risk Assessment) and report on the global status to leadership.

4. Representation& Partnership

• Stakeholder Interface: Represent the Information Security& Privacy by Design team in process discussions with cross-functional stakeholders and process consumers.
• Bridge to Development: Work in close contact with the IRM Platform Management team to ensure operational issues are translated into platform improvements.

Do you have experience in Tableau?, Do you have a Bachelor's degree?, * Process Operations: 3-5 years of hands-on experience in Business Process Support or Operations, specifically managing technical applications or workflow automations.

• Lifecycle Management: Demonstrated experience in "chasing" deliverables and managing triage or ticket-based workflows in a global environment.
• Stakeholder Coordination: Proven track record of coordinating with technical teams (developers) and non-technical business users.
• Regulated Industry: Experience working in regulated industries (pharmaceutical, biotechnology, healthcare, or similar) is a plus., * Bachelor's degree in Computer Science,Information Systems,Engineering, or a related technical field.

Technical& Business Skills

• Operational Rigor: A "Chef d'Orchestre" mindset-meticulous about timing, follow-ups, and ensuring all parties meet their deadlines.
• Analytical Problem Solving: Ability to leverage data products to create operational reports and find creative solutions to user issues without compromising process integrity.
• Systems Thinking: Ability to understand how a single operational delay impacts downstream security posture across the entire organization.
• Automation& Data: Intermediate proficiency in Low-Code/No-Code environments and Data Visualization tools (e.g.,Google Apps Script,Snowflake,Thoughtspot, or Tableau).
• Platform Expertise: Foundational knowledge ofServiceNow GRC/IRM andITSM modules is a significant advantage.
• Security Foundation: Notions of Information Security principles and data privacy (understanding the "why" behind risk controls).

Leadership Skills

• Communication: Strong ability to build trust and explain complex technical process requirements to a diverse global audience.
• Coordination& Influence: Ability to drive delivery outcomes across cross-functional teams without direct authority.
• Thriving in Ambiguity: Ability to navigate complexity, manage ambiguity, and drive clarity in delivery.
• Innovation Mindset: Intellectual curiosity and a passion for applying GenAI/LLMs to improve productivity and automate manual tasks.

Bei Roche kannst du ganz du selbst sein und wirst für deine einzigartigen Qualitäten geschätzt. Unsere Kultur fördert persönlichen Ausdruck, offenen Dialog und echte Verbindungen. Hier wirst du für das, was du bist, wertgeschätzt, akzeptiert und respektiert. Dies schafft ein Umfeld, in dem du sowohl persönlich als auch beruflich wachsen kannst. Gemeinsam wollen wir Krankheiten vorbeugen, stoppen und heilen und sicherstellen, dass jeder Zugang zur Gesundheitsversorgung hat - heute und in Zukunft. Werde Teil von Roche, wo jede Stimme zählt.