Information Security Governance Expert
Role details
Job location
Tech stack
Job description
As an Expert within the Information Security & Privacy Advisory (ISPA) team, you move beyond "checking boxes" to become a strategic partner for global Engineering hubs. You will lead high-impact security and privacy risk assessments, ensuring Roche's most ambitious digital projects-from GenAI to cloud-native platforms-are resilient, "Secure by Design," and compliant with global regulations.
The Team
The Information Security & Privacy Advisory (ISPA) team serves as the strategic bridge between IT, business, and legal functions at Roche. Our mission is to ensure that Roche's digital landscape-from cutting-edge GenAI platforms to global enterprise solutions-is secure by design and compliant with international standards. We act as a global center of excellence that translates complex regulatory requirements into actionable security architecture, providing the expert guidance necessary to navigate a rapidly evolving global risk landscape., * High-Risk Advisory: Lead Security Expert Reviews (SER) for complex architectures, performing deep-dive technical and privacy evaluations to identify and mitigate residual risks.
- Privacy: Bridge the gap between IT, Legal, and Data Protection Officers. Translate complex legal mandates (GDPR, CCPA etc.) into actionable technical and organizational controls.
- Information Security: Contribute to Security Design Patterns and Technical Baselines for emerging technologies like Generative AI and Cloud-native ecosystems.
- Risk Governance: Utilize ServiceNow IRM to ensure the integrity and traceability of security advisory, delivering data-driven, consistent, and audit-ready results.
- Peer Excellence: Foster a "Four-Eye" quality culture through peer reviews and collective knowledge exchange within a global team of experts.
Who You Are
Our Ideal Mindset: A proactive Expert & Influencer who brings deep industry experience to an established team. You have the confidence to lead initiatives independently while thriving in an environment of collective knowledge exchange.
Requirements
- Experience: 5-10 years in Information Security/GRC, with a proven track record in Information Risk Assessments and DPIAs in complex, global environments.
- Technical Savvy: Deep understanding of Security Architecture and the ability to translate "Legal-speak" into "Engineering-speak."
- Regulatory Mastery: Expert knowledge of international privacy frameworks (GDPR, CCPA, HIPAA, etc.) and security standards (ISO 27001, NIST).
- System Proficiency: Experienced in using ServiceNow IRM to execute and document risk assessments, utilizing the platform to ensure consistent, high-quality, and transparent security guidance.
- Education: Degree in Computer Science or Legal. Certifications like CISSP, CISM, CRISC, CIPP/E, CIPM or ISO27001 Lead Auditor are highly valued.
- Communication: Exceptional stakeholder management skills with the ability to drive consensus across a global organization.