Information Security Analyst
Reporting to the Head of Digital Security and Privacy, the Information Security Analyst is responsible to develop, implement, and enforce policies and procedures of the organization's security and privacy program in accordance with applicable laws and regulations.
He / she assists the businesses to setup processes and technical controls to support the data security and privacy strategy, ensures cloud platforms and digital solutions are secure and in accordance with business strategy.
The Information Security Analyst provides in depth knowledge of data protection, information security practice and helps to define requirements and give guidance to internal and external stakeholders regarding security topics.
He / she works in collaboration with Digital teams such as Architecture, DevOps, Application Support, Software Development, Technical Leads, Quality Assurance, etc.
conducting risk assessments, security reviews, conducting internal audits and managing the information security system.
The analyst should demonstrate experience of taking accountability and working in a global security and privacy program and the attitude to become trusted partner, pro-active, positive and provides high quality response.
This role would be suitable for candidates with the right skills and mindset who also share the Roche values and make an active contribution to achieve our vision.
Leads the implementation, operation and maintenance of the Information Security Management System based on the ISO / IEC 27000 series standards, including obtaining the certification against ISO / IEC 27001.
Participates in the preparation and implementation of necessary information security policies, standards, procedures and guidelines, in conjunction with relevant Committees to get appropriate approvals and feedback.
Conducts an information security risk management process, coordinates and follows up of security and privacy preventive and corrective actions, requirements implementation for digital solutions and platforms.
Analyses and design security solutions for applications and infrastructure, and provide expertise and consulting to internal customers and partners, assisting them in troubleshooting and resolving information security issues.
Conducts internal audits to assess existing systems, platforms and solutions are following company security baselines and are compliant internal and external applicable data privacy, security and healthcare regulations.
Coordinate the remediation activities and confirm successful implementation.
Documents and report any security incident in a timely manner to senior management and other relevant Roche security teams.
Providing security technical expertise for digital teams, such as software development, digital operations, devops, etc., and partners.
Fostering information security awareness, training and educational activities with Global Digital.
Key Skills and Experience
Bachelor Degree in Computer Science, Telecommunication Engineering or equivalent.
7+ years of experience in Information Security Management, Compliance or Risk Management role in IT or Digital context.
7+ years of professional experience in international security teams, preferably in regulated environments of the diagnostics and / or pharmaceutical industry or card payment industry.
Direct experience in a large-scale cloud based services (including SaaS, PaaS, IaaS) and understand security challenges involved in cloud applications and services.
Knowledge of ISO27001 policies and process, experience in ISMS maintenance, documenting procedures, auditing and tracking remediation actions
Knowledge of common and industry standard cloud-native / cloud-friendly authentication mechanisms (OpenID, SAML, etc), key management, certificate management.
Knowledge of AWS Cloud Architecture and AWS Security foundations.
Knowledge of multiple security technologies such as Firewalls, Intrusion Detection / Prevention Systems, Vulnerability Scanning, WAF, Wireless LAN, NAC, DLP, DDoS Mitigation, WAN security, SIEM, Content Filtering, Cloud Security gateways, Secure Proxies, SSL crypto solutions.
Understanding of compliance, regulatory and legal requirements and relevant principles, best practices and standards in privacy and healthcare industry or equivalent, i.
e. GDPR, CSA, NIST, ISO, FedRAMP, HIPAA, etc.
Highly responsive with an ability to handle escalations quickly and professionally.
Ability to deliver reporting on and providing fixes to identified vulnerabilities at the cloud platform level.
Security certifications are desirable : ISO 27001 Lead Auditor, ISO27001 Lead Implementer, CISA, CISSP, CISM, CRISC, CCSP (or equivalent)
Excellent English reading, writing, listening and speaking skills to support Global R&D and Digital teams and partners.
Ability to travel internationally as required up to 20% of the time.
Roche is an equal opportunity employer.
Information Technology, Information Technology >
Who we are
At Roche, 98,000 people across 100 countries are pushing back the frontiers of healthcare. Working together, we've become one of the world's leading research-focused healthcare groups.
Our success is built on innovation, curiosity and diversity.
Roche is an equal opportunity employer.