Cybersecurity & Privacy Risk Manager

Overview Bei Roche kannst du ganz du selbst sein und wirst für deine einzigartigen Qualitäten geschätzt. Unsere Kultur fördert persönlichen Ausdruck, offenen Dialog und echte Verbindungen. Hier wirst du für das, was du bist, wertgeschätzt, akzeptiert und respektiert. Dies schafft ein Umfeld, in dem du sowohl persönlich als auch beruflich wachsen kannst. Gemeinsam wollen wir Krankheiten vorbeugen, stoppen und heilen und sicherstellen, dass jeder Zugang zur Gesundheitsversorgung hat – heute und in Zukunft. Werde Teil von Roche, wo jede Stimme zählt. Die Position A healthier future. It’s what drives us to innovate. To continuously advance science and ensure everyone has access to the healthcare they need today and for generations to come. Creating a world where we all have more time with the people we love. That’s what makes us Roche. Who we are At Roche, we are passionate about transforming patients’ lives and we are fearless in both decision and action - we believe that good business means a better world. That is why we come to work each day. We commit ourselves to scientific rigor, unassailable ethics, and access to medical innovations for all. We do this today to build a better tomorrow. Data security and privacy are key success factors in our digital transformation and essential to reach our ambitions. You are inspired to contribute to the overall Roche Diagnostics vision by applying end-to-end Division-wide product security and privacy operations to keep our products and services secure throughout the entire lifecycle. You believe in the potential of science, technology, data and insights to improve the standard of care for humankind and you are eager to help navigate through unchartered territory to lift this potential. The Opportunity The Cybersecurity Risk Program Manager will drive the design, building and execution of a risk management governance program, including risk assessments, risk modeling, risk treatment strategies, reporting and monitoring including: Conduct Risk assessments by analyzing the current risks and identifying potential risks that are affecting the business and product groups. Prepare reports of identified and assessed risks to the management. Support the process for determining appropriate risk tolerance across our risk profile. Provide thought partnership, risk analytics (e.g. return on Risk Mitigation investments), and recommendations around remediation, risk mitigation, or process improvement to risk owners, Compliance or other control-related functions, as well as Leadership. Consult and coordinate with global Privacy, Risk, Security and Compliance teams on the creation and monitoring of risk mitigation or treatment plans. Who you are Educational Background & Program Management: Bachelor's degree in a relevant field like information security, computer, or communications science, with a Master’s degree being a plus. You should have at least 1 year of experience in cybersecurity and/or privacy program management within a fast-paced environment. Compliance & Analytics: Experience in audit or compliance roles within multinational companies is required. You should also be proficient in using data and metrics to define business strategies and gain executive support. Industry & Knowledge: Preferred experience in the healthcare, diagnostics, or pharmaceutical industry. You must have a strong working knowledge of cybersecurity standards and relevant privacy legislation like GDPR and HIPAA. Communication & Collaboration: You must possess excellent verbal and written communication skills and a proven ability to present data and effectively communicate with both business and technical teams. The ability to work within globally distributed, multicultural teams is essential. Mindset & Skills: This role requires a results-oriented, solution-driven mindset with a "best in class" attitude. You should be able to constructively challenge the status quo, influence others, and demonstrate strong data analytical skills and creativity, all while maintaining a keen attention to detail. Qualifications Experience working in a Software Development environment. Valuable certifications: ISO 27001 Lead Auditor, CISA, CISM, CISSP, GIAC, OSCP, SSCP or equivalent certification Expert planner with business process definition experience and a strong IT aptitude Working knowledge or willingness to quickly learn the content and requirements of various laws, regulations, industry guidance, and company compliance policies, particularly related to privacy, data disclosure, and cybersecurity Ability to “Zoom Out” (see the big picture and give strategic direction) as well as to “Zoom in” (to provide more granularity when exchanging with a wide range of experts). Wer wir sind Eine gesündere Zukunft treibt uns zur Innovation an. Mehr als 100.000 Mitarbeiter weltweit arbeiten gemeinsam daran, wissenschaftliche Fortschritte zu erzielen und sicherzustellen, dass jeder Zugang zur Gesundheitsversorgung hat – heute und für zukünftige Generationen. Durch unser Engagement werden über 26 Millionen Menschen mit unseren Medikamenten behandelt und mehr als 30 Milliarden Tests mit unseren Diagnostik-Produkten durchgeführt. Wir ermutigen uns gegenseitig, neue Möglichkeiten zu erkunden, Kreativität zu fördern und hohe Ziele zu setzen, um lebensverändernde Gesundheitslösungen zu liefern. Gemeinsam können wir eine gesündere Zukunft gestalten. Roche ist ein Arbeitgeber, der die Chancengleichheit fördert. #J-18808-Ljbffr