AI and Automation Engineer - Information Security Governance

The Information Security & Privacy By Design team makes Roche's information security governance accessible through actionable processes. The capabilities we provide enable Roche to identify, assess, monitor, and mitigate information risks, manage regulatory compliance, and oversee third-party and personal data processing risks. Our processes are primarily instantiated in the ServiceNow IRM Platform. We work closely with Information Security, Privacy, Risk & Compliance, and IT teams to provide enterprise visibility into Roche's information risk posture.

You'll be working within the Information Security Governance (ISG) area. ISG is responsible for defining the strategic agenda for information security and privacy topics at the Roche Group level. This is realized within the global Information Security Management System (ISMS) which aligns business and IT strategies, business and technical projects, policies, standards, directives, procedures, governance, legal / regulatory, compliance, and other requirements at a global level.

The Information Security & Privacy by Design area is accountable for co-developing, in collaboration with key stakeholders, and stewardship of the strategic direction of the Information Risk Assessment processes based on organizational objectives, industry practices and legal / regulatory requirements - e.g. IRAAM, PETRA, OIA. This includes oversight, awareness, direction and continuous improvement to the end-to-end processes and their relevant risk modules in alignment with the global ISMS, corporate directives and Roche management systems (e.g. privacy, quality, risk)., 1. AI Solution Development & Knowledge Engineering

• Security AI Stewardship: Own the development and roadmap of internal AI-based advisory tools. You will transform static security policies and KB articles into interactive, intelligent agents.
• Retrieval Augmented Generation (RAG): Build and optimize data pipelines to ingest diverse sources-including Google Docs, ServiceNow KB articles, and slide decks-into AI models to ensure accurate, grounded advisory.
• Prompt Engineering & Tuning: Continuously refine LLM performance to ensure security and privacy advice is technically sound, brand-aligned, and user-friendly.

2. Low-Code & Automation Engineering

• Self-Service Platforms: Leverage Roche's low-code platforms (e.g. LEAP Outsystems or similar) to build front-end interfaces that provide employees with 24/7 security guidance.
• Workflow Automation: Identify manual bottlenecks in the IRAAM/PETRA/OIA workflows and engineer automated solutions to streamline the user journey.
• Infrastructure Maintenance: Maintain and optimize essential operational tools (e.g. Google Apps Script used for the Security Expert Review Triage) ensuring reliable data aggregation from Snowflake, Thoughtspot, and ServiceNow.

3. Operational Excellence & Support

• Technical Support: Act as the primary technical contact for AI and automation tool incidents, troubleshooting issues and coordinating with platform teams for permanent fixes.
• User Enablement: Support the Information Security Coordinator (ISC) network and end-users, ensuring they understand how to maximize the value of our automated security tools.
• Performance Monitoring: Analyze tool usage and AI response accuracy, using data insights to propose continuous feature enhancements.

4. Evangelism & Partnership

• Expert Collaboration: Partner with Security and Privacy Experts to "translate" their deep knowledge into logic-based automation and AI workflows.
• AI Frontier Leadership: Act as a subject matter expert within the team, researching emerging AI trends and machine learning applications that can assist in threat identification and policy analysis.

• AI/ML Engineering: 3-5 years of hands-on experience in AI/ML applications and workflow automation.
• RAG & LLM Integration: Proven ability to engineer data pipelines and mitigate AI hallucinations to ensure highly accurate, grounded outputs.
• Low-Code Development: Prior experience with Outsystems (Roche LEAP) or similar enterprise-grade low-code technologies.
• Regulated Industry: Experience working in regulated environments (Pharmaceutical, Healthcare, or Finance) is a plus., * Bachelor's degree in Computer Science, Software Engineering, Information Systems, or a related technical field.

Technical & Business Skills

• Architectural Mindset: Ability to design complex data flows that connect unstructured documents to structured AI outputs.
• Automation Mastery: Proficiency in JavaScript/ Google Apps Script, Python and experience with Data Visualization tools (e.g., Snowflake, Thoughtspot, or Tableau).
• Platform Knowledge: Foundational knowledge of ServiceNow (GRC and ITSM) is a significant advantage.
• Security Foundation: Notions of Information Security principles and data privacy (understanding the "why" behind risk controls).
• Analytical Problem Solving: A knack for debugging complex automation failures and identifying "root causes" in AI hallucinations or data mismatches.
• User-Centric Design: A passion for building tools that are intuitive and desirable for employees to use.

Leadership Skills

• Communication: Strong ability to build trust with security experts and explain technical AI/automation concepts to non-technical stakeholders.
• Innovation & Curiosity: A relentless passion for applying GenAI/LLMs to solve real-world productivity challenges.
• Thriving in Ambiguity: Ability to navigate complexity and drive clarity when translating strategic advice into functional tools.
• Self-Starter: Proven ability to manage technical workstreams from concept to production with minimal supervision.