At Roche you can show up as yourself, embraced for the unique qualities you bring. Our culture encourages personal expression, open dialogue, and genuine connections, where you are valued, accepted and respected for who you are, allowing you to thrive both personally and professionally. This is how we aim to prevent, stop and cure diseases and ensure everyone has access to healthcare today and for generations to come. Join Roche, where every voice matters.
At Roche, protecting our critical information assets and systems is foundational to delivering life-changing medicines. As the IT Security Risk & Audit Manager, you will move beyond standard checklists to orchestrate the end-to-end security risk lifecycle. You will bridge the gap between technical security engineering and executive risk posture, ensuring our global systems and third-party ecosystems remain resilient against an evolving threat landscape.
Description of the area
Job Responsibilities
Advanced Risk Modeling: Lead comprehensive security risk assessments and audits using frameworks like NIST CSF and ISO 27001 to identify vulnerabilities in systems, cloud services, and emerging technologies.
Third-Party Cyber Risk Management: Execute rigorous security evaluations of global vendors, focusing on supply chain integrity, data sovereignty, and breach notification capabilities.
Audit Orchestration & Assurance: Act as the primary liaison for internal and external security audits, transforming complex findings into actionable security hardening roadmaps.
Continuous Compliance Monitoring: Design and implement automated tools to monitor the effectiveness of security controls in real-time, moving the organization toward data-driven monitoring.
Strategic Advisory & Security by Design: Partner with IT Architects and DevOps teams to integrate security checkpoints into the CI/CD pipeline and the broader Software Development Lifecycle (SDLC)
OT & Manufacturing Protection: Evaluate the security posture of Manufacturing and Operational Technology (OT) environments to ensure high availability and protection against industrial cyber threats
Qualifications
Education / Experience
University Degree: Bachelor’s degree in Cybersecurity, Computer Science, or a related technical field (Master’s preferred).
Professional Experience: 5+ years in a dedicated Security Risk or Audit role within a global enterprise, specifically handling Hybrid-Cloud and OT/IoT environments.
Certifications: Active CISSP, CISM or CISA is highly preferred; CRISC, or ISO 27001 Lead Auditor certifications are a significant plus
Technical Skills
Expert-level knowledge of security standards (ISO 27001, NIST CSF), data protection and privacy regulations such as GDPR or HIPAA.
Familiar with health authority regulations, systems financial controls, software development lifecycle, computer systems validation, infrastructure qualification, and ITIL processes
Audit & Control Automation: Experience in translating manual security controls into automated, data-driven monitoring requirements (Continuous Controls Monitoring).
Infrastructure & SDLC: Solid understanding of cloud security architecture, infrastructure qualification, and integrating risk checkpoints into CI/CD pipelines.
Analytical & Project Management: Strong ability to lead complex assessments and drive the optimization of risk monitoring tools.
Additional Qualifications
Proven ability to translate complex technical risks into business impact for non-technical stakeholders and executives.
Working knowledge of the relevant business domain and supporting technologies.
Mindset of continuous improvement with the ability to proactively identify solution-level issues, gaps, or inefficiencies.
Independent communicator capable of establishing rapport, building working relationships, and setting realistic security expectations.
A healthier future drives us to innovate. Together, more than 100’000 employees across the globe are dedicated to advance science, ensuring everyone has access to healthcare today and for generations to come. Our efforts result in more than 26 million people treated with our medicines and over 30 billion tests conducted using our Diagnostics products. We empower each other to explore new possibilities, foster creativity, and keep our ambitions high, so we can deliver life-changing healthcare solutions that make a global impact.
Let’s build a healthier future, together.
Roche is an Equal Opportunity Employer.