Cybersecurity & Privacy Risk Manager

At Roche you can show up as yourself, embraced for the unique qualities you bring. Our culture encourages personal expression, open dialogue, and genuine connections,  where you are valued, accepted and respected for who you are, allowing you to thrive both personally and professionally. This is how we aim to prevent, stop and cure diseases and ensure everyone has access to healthcare today and for generations to come. Join Roche, where every voice matters. The Position A healthier future. It's what drives us to innovate. To continuously advance science and ensure everyone has access to the healthcare they need today and for generations to come. Creating a world where we all have more time with the people we love. That's what makes us Roche. Who we are At Roche, we are passionate about transforming patients' lives and we are fearless in both decision and action - we believe that good business means a better world. That is why we come to work each day. We commit ourselves to scientific rigor, unassailable ethics, and access to medical innovations for all. We do this today to build a better tomorrow. Data security and privacy are key success factors in our digital transformation and essential to reach our ambitions. You are inspired to contribute to the overall Roche Diagnostics vision by applying end-to-end Division-wide product security and privacy operations to keep our products and services secure throughout the entire lifecycle. You believe in the potential of science, technology, data and insights to improve the standard of care for humankind and you are eager to help navigate through unchartered territory to lift this potential. The Opportunity The Cybersecurity Risk Program Manager will drive the design, building and execution of a risk management governance program, including risk assessments, risk modeling, risk treatment strategies, reporting and monitoring including: Conduct Risk assessments by analyzing the current risks and identifying potential risks that are affecting the business and product groups. Prepare reports of identified and assessed risks to the management. Support the process for determining appropriate risk tolerance across our risk profile. Providing thought partnership, risk analytics (e.g. return on Risk Mitigation investments), and recommendations around remediation, risk mitigation, or process improvement to risk owners, Compliance or other control-related functions, as well as Leadership. Consult and coordinate with global Privacy, Risk, Security and Compliance teams on the creation and monitoring of risk mitigation or treatment plans. Who you are Educational Background & Program Management: Bachelor's degree in a relevant field like information security, computer, or communications science, with a Master's degree being a plus. You should have at least 1 year of experience in cybersecurity and/or privacy program management within a fast-paced environment. Compliance & Analytics: Experience in audit or compliance roles within multinational companies is required. You should also be proficient in using data and metrics to define business strategies and gain executive support. Industry & Knowledge: Preferred experience in the healthcare, diagnostics, or pharmaceutical industry. You must have a strong working knowledge of cybersecurity standards and relevant privacy legislation like GDPR and HIPAA. Communication & Collaboration: You must possess excellent verbal and written communication skills and a proven ability to present data and effectively communicate with both business and technical teams. The ability to work within globally distributed, multicultural teams is essential. Mindset & Skills: This role requires a results-oriented, solution-driven mindset with a "best in class" attitude. You should be able to constructively challenge the status quo, influence others, and demonstrate strong data analytical skills and creativity, all while maintaining a keen attention to detail. Qualifications Experience working in a Software Development environment. Valuable certifications: ISO 27001 Lead Auditor, CISA, CISM, CISSP, GIAC, OSCP, SSCP or equivalent certification Expert planner with business process definition experience and a strong IT aptitude Working knowledge or willingness to quickly learn the content and requirements of various laws, regulations, industry guidance, and company compliance policies, particularly related to privacy, data disclosure, and cybersecurity Ability to "Zoom Out" (see the big picture and give strategic direction) as well as to "Zoom in" (to provide more granularity when exchanging with a wide range of experts. Who we are A healthier future drives us to innovate. Together, more than 100'000 employees across the globe are dedicated to advance science, ensuring everyone has access to healthcare today and for generations to come. Our efforts result in more than 26 million people treated with our medicines and over 30 billion tests conducted using our Diagnostics products. We empower each other to explore new possibilities, foster creativity, and keep our ambitions high, so we can deliver life-changing healthcare solutions that make a global impact. Let's build a healthier future, together. Roche is an Equal Opportunity Employer.