Privacy & Compliance Expert

Roche fosters diversity, equity and inclusion, representing the communities we serve. When dealing with healthcare on a global scale, diversity is an essential ingredient to success. We believe that inclusion is key to understanding people’s varied healthcare needs. Together, we embrace individuality and share a passion for exceptional care. Join Roche, where every voice matters.

The Position

The team:

We are the global product security and privacy center of Roche Diagnostics worldwide. Our vision: 

• To build a solid Global Product Security and Privacy Operations function, provide strategic security insight across Roche Diagnostics to ensure our devices are what our regulators require and our patients deserve.

Our priorities: 

• Understanding our customers and Stakeholder needs to deliver effective security on testing solutions

• Develop an agile and sustainable operating business model to deploy security concepts that enable confident healthcare decisions. 

• Institutionalize security role models to provide guidance, education and awareness to maximize the security of Roche Diagnostics solutions and create trust along the patients journeys

Data security and privacy are key success factors in our digital transformation and essential to reach our ambitions. You are inspired to contribute to the overall Roche Diagnostics vision by applying end-to-end Division-wide product security and privacy operations to keep our products and services secure and privacy compliant throughout the entire lifecycle. You believe in the potential of science, technology, data and insights to improve the standard of care for humankind and you are eager to help navigate through unchartered territory to lift this potential. 

The Position:

The Privacy & Compliance Expert will: 

• Manage ongoing security & privacy compliance audits, and certification programs.

• Establish and promote business compliance implementation process, and ensure the risk convergence and privacy protection technology for business scenarios;

• Support legal and technology teams in drafting privacy-related policies, standards, guidelines, and processes.

• Promote privacy program implemented in all business areas, including medical devices and cloud solutions

• Promote the development and utilization of privacy protection and automation tools.

• Communicate and evangelize the importance of security & privacy and support Roche and Roche leadership to expand our influence in industry on security & privacy topics.

• Maintaining Information Security program and compliance focusing in privacy related topics

• Help to create a knowledge base of likely inspection behavior of the privacy regulators (e.g. Germany, Spain, France, US, China), including ongoing analysis of reported inspections, published material, etc. (e.g. Audit SOP of the CNIL, survey activities of the German DPAs)

• Define and maintain the internal key processing activities related to Privacy Governance, including but not limited to: data protection impact assessments (DPIA’s), data processing agreements, data retention, data deletion approach, training records, etc.

• Spot-check reviews of contracts and security and privacy controls listed in DPIAs.

• Prepare privacy certifications (by role playing certification body).

• Manage the Privacy and Information Security Management System (PIMS).

Minimum Qualifications:

• Bachelor degree in a field with a strong emphasis on information security, computer, communication, or related majors, master degree as a plus.

• 6+ years cybersecurity and/or privacy program management experience and exposure to large-scale systems in fast-paced environment.

• Audit and/or compliance related roles experience in multinational environments.

• Experience in using data and metrics to define business strategy and gain executive support for new visions.

• Strong understanding of software engineering project management.

• Familiar with key laws and regulations in privacy, such as GDPR, CCPA, COPPA, etc.

• Superior Verbal/Written communication & data presentation skills, proved ability to effectively communicate with both business and technical teams.

• Demonstrated track record of cultivating strong working relationships and collaborating across multiple teams.

• Ability to thrive in a fast-paced, startup-like, agile development environment.

Preferred Qualifications:

• Experience working in a Software Development environment.

• Proven ability to influence change at all levels within an organization

• Expert planner with business process definition experience and a strong IT aptitude

• Knowledge of Product Development Life Cycles (PDLC)

• Industry certifications relating to security, privacy, and risk management, such as CIPP, CIPM, CIPT or Information security certifications such as CISM, CISSP, CISA, and CRISC

• Working knowledge or willingness to quickly learn the content and requirements of various laws, regulations, industry guidance, and company compliance policies, particularly related to privacy, data disclosure, and cybersecurity

• Demonstrate data analytical skills, creativity, and experience working with attention to detail

• Experience maintaining open, candid, and trusting work relationships

• Ability to “Zoom Out” (see the big picture and give strategic direction) as well as to “Zoom in” (to provide more granularity when exchanging with a wide range of experts.

• Strong business acumen; sensitive to business needs; view change as an opportunity; eager to work in a fast-paced environment.

• Best in class attitude; challenge status constructively and contribute to improvements; results oriented; ability to influence; solution oriented mindset.

• Strong organizational skills and ability to prioritize and manage multiple projects simultaneously.

Apply if you are:

• Self-organized and an owner; since we have flexible remote working we believe in trust and individual accountability for getting things done
• A team player, who listens to your colleagues and, at the same time, you are not afraid to be assertive when needed
• A proactive person who is comfortable speaking up constructively.
• Able to handle uncertainty
• Looking for a purpose where your work will have a real impact on patient lives. Your work is meaningful to you
• Passionate and naturally curious
• Looking for solving real-world problems and proposing actual plans
• Not afraid to fail and learn.

Location:

We offer a hybrid model with a lot of flexibility between the Sant Cugat office and the home office.

What else:

This role offers a competitive salary, plus an excellent benefits package that includes (among others):

• Fascinating opportunities for your professional growth
• Additional holidays per labor agreement
• Wide range of options and platforms for learning and development
• Agile and flexible working policy, working from home
• An exceptional and modern office space (canteen, parking,... and free coffee!)
• Private medical insurance
• Pension plan
• Life insurance
• Roche stock options

At Roche, diversity and inclusion are essential values for our success. We have a special interest in integrating people with disabilities into our teams. If you have a disability, for us it is a plus, and we have special benefits for you: Go ahead and join us!

Who we are

At Roche, more than 100,000 people across 100 countries are pushing back the frontiers of healthcare. Working together, we’ve become one of the world’s leading research-focused healthcare groups. Our success is built on innovation, curiosity and diversity.

Roche is an Equal Opportunity Employer.