Sub Chapter Lead Product Support

Roche fosters diversity, equity and inclusion, representing the communities we serve. When dealing with healthcare on a global scale, diversity is an essential ingredient to success. We believe that inclusion is key to understanding people’s varied healthcare needs. Together, we embrace individuality and share a passion for exceptional care. Join Roche, where every voice matters.

The Position

The Sub-Chapter Lead Product Security Support will lead the team conducting product security and privacy validation and compliance activities across the Diagnostics division. As a member of the Product Security and Privacy Organization (PSPO) function you are given this opportunity in a team with a strong focus on collaboration and teamwork to support the Diagnostics Division with state of the art and innovative security and privacy concepts.

You will be responsibleto:

• Lead the PSPO Product Security Support Subchapter, including hiring, developing, and mentoring a team of highly technical product cybersecurity experts

• Develop, maintain and implement product security validation strategies and frameworks in alignment with industry best practices and regulatory requirements to obtain the right validation (internally and externally) to prove Dia products’ security posture

• Coordinate the execution of security validation tests, including vulnerability assessments, penetration testing, and code reviews

• Work with cross-functional teams, including product development, engineering and platforms teams to orchestrate application and infrastructure cybersecurity controls into their SDLC to ensure consistent integration and implementation of security and privacy into the product development lifecycle

• Conduct thorough product security assessments of Dia products to evaluate product security and data privacy posture in terms of requirements and standards, identify and evaluate potential security risks and vulnerabilities in products and solutions and provide guidance on appropriate mitigation measures to development teams

• Champion the Security Software Development Lifecycle (SSDLC) by discovering and raising security concerns in the existing development workflow and coach the development team to build security awareness and thinking into every stage of the software development process to achieve better security/privacy outcomes

• Implement metrics to support the Risk reporting and show stakeholders the security strengths and weaknesses of the products in their purview, and, provide options for them to improve their security posture

• Participate in industry engagement as necessary as well as collaborate with external security experts and organizations to stay up to date with the latest security threats and solutions

• Support the development of a strong security community by leveraging on security and privacy skilled individuals within the organization

• Support the management of security-related events, including webinars, conferences, and hackathons

• Keep abreast of emerging trends and technologies in product security to continuously improve security validation processes

• Travel required: maximum 30%

Your profile:

Education:

• BA/BS in Business, Information Systems, Computer Science or relevant area of study, required

• Industry certifications relating to security and privacy, such as CIPP, CIPM, CIPT, CISM, CISSP, CISA, and CRISC
  

Professional experience and specialist knowledge:

• Minimum 8+ years of related work experience in Security Engineering with at least 5+ years of related work experience with SDLC, application security and cloud environments

• Demonstrable experience managing a security architecture or security engineering function in an organization working with Developers and DevOps Engineers and securing the Software Development LifeCycle (SDLC)

• Demonstrated experience in application security and OWASP framework with a in-depth experience in vulnerability handling, system hardening, analyzing and managing information security and privacy risks and threat modeling

• Strong understanding of security industry standards (ISO 27000 family and HITRUST) as well as security and privacy laws (like HIPAA and GDPR) with demonstrated experience supporting security and/or privacy audits and certification processes

• Demonstrated soft skills: problem solving, leadership, communication, teamwork, flexibility and adaptability

• In-depth experience in AWS cloud provisioning tools (like CloudFormation or Terraform), configuration management tools (Ansible, Salt or Chef) is a plus

• Experience in healthcare or regulated industries is a plus

Communication and Leadership:

• Pro-active and confident individual who is committed to driving change.

• Strong verbal and written communication skills.

• Ability to communicate complex and highly technical information clearly and concisely.

• Commitment to working as a team player across Business Areas and Divisions.

• Excellent interpersonal skills with high cross-cultural sensitivity.

Languages:

• Fluent in English on a business level with excellent verbal and written skills

• German is a plus

• Other languages are welcome, but not required

Leadership Skills:

You are also responsible for building, and then providing effective line-leadership for a global team. Doing so in a manner that is consistent with the Roche Values and leadership capabilities. You will seek to inspire and lead your global team to create transformative solutions, and to influence their prioritization and uptake in the wider organization, in order to ensure that customer solutions are at the forefront of PSPO and deliver its optimal contribution to the Roche Diagnostics Vision.

Locations:

You will be based in one of RIS’ strategic locations (Sant Cugat, Rotkreuz, Pune, Basel, Santa Clara) .

At the Company's discretion, an exception to the location requirement could be made under extraordinary circumstances.

As this position is a global role, international business travel will be required depending upon the business location of the successful candidate and ongoing business project activities.

Who we are

At Roche, more than 100,000 people across 100 countries are pushing back the frontiers of healthcare. Working together, we’ve become one of the world’s leading research-focused healthcare groups. Our success is built on innovation, curiosity and diversity.

Roche Diagnostics International in Rotkreuz is a leading provider of diagnostic systems solutions, and the largest manufacturer of fully automated in vitro diagnostic systems in Switzerland. We are more than 2’700 passionate colleagues from over 65 nationalities. Find out more about our site in Central Switzerland, here.

Besides extensive development and training opportunities, we offer flexible working options, 18 weeks of maternity leave and 10 weeks of gender independent partnership leave. Our employees benefit from multiple services on site such as child-care facilities, medical services, restaurants and cafeterias, as well as various employee events.

We believe in the power of diversity and inclusion, and strive to identify and create opportunities that enable all people to bring their unique selves to Roche.