ActiveJobs

Security Risk and Audit Specialist - RDT Information Security

Roche · Madrid

Full-timeOn-sitePosted 13 July 2026
Apply on Company Site →

Job description

At Roche you can show up as yourself, embraced for the unique qualities you bring. Our culture encourages personal expression, open dialogue, and genuine connections, where you are valued, accepted and respected for who you are, allowing you to thrive both personally and professionally. This is how we aim to prevent, stop and cure diseases and ensure everyone has access to healthcare today and for generations to come. Join Roche, where every voice matters. The PositionJob description At Roche, protecting our critical information assets and systems is foundational to delivering life-changing medicines. As the IT Security Risk & Audit Specialist, you will move beyond standard checklists to manage and coordinate the end-to-end security risk lifecycle. You will bridge the gap between technical security engineering and executive risk posture, assuring our global systems and third-party ecosystems remain resilient against an evolving threat landscape. Description of the area Job Responsibilities Risk Assessment: Support comprehensive security risk assessments and audits using frameworks like NIST CSF and ISO 27001 to identify vulnerabilities in systems, cloud services, and emerging technologies. Third-Party Cyber Risk Management: Execute security, privacy and quality evaluations of global vendors, focusing on supply chain integrity, data sovereignty, and breach notification capabilities. Follow up with the vendors on open finding and their remediation status. Audit Assurance: Support internal and external security audits and provide guidance on remediation findings Continuous Compliance Monitoring: Design and implement automated tools to monitor the effectiveness of security controls in real-time, moving the organization toward data-driven monitoring. Monitor security compliance on critical systems and vendors. OT & Manufacturing Protection: Support the evaluation of the security posture of Manufacturing and Operational Technology (OT) environments to ensure high availability and protection against industrial cyber threats Qualifications Education / Experience University Degree: Bachelor’s degree in Cybersecurity, Computer Science, or a related technical field (Master’s preferred). Professional Experience: 3+ years in a dedicated Security Risk or Audit or Compliance role within a global enterprise, specifically handling Hybrid-Cloud and OT/IoT environments. Certifications: Active CISSP, CISM or CISA is highly preferred; CRISC, or ISO 27001 Lead Auditor certifications are a significant plus Technical Skills Knowledge of security standards (ISO 27001, NIST CSF), data protection and privacy regulations such as GDPR or HIPAA. Familiar with health authority regulations, systems financial controls, software development lifecycle, computer systems validation, infrastructure qualification, and ITIL processes Audit & Control Automation: Experience in translating manual security controls into automated, data-driven monitoring requirements (Continuous Controls Monitoring, ITGC). Analytical & Project Management: Strong ability to support complex assessments and drive the optimization of risk monitoring tools. Additional Qualifications Strong communication and relationship-building skills to manage stakeholder expectations, facilitate meetings, and act as an independent communicator A continuous improvement mindset with the capability to apply analytical and logical reasoning to challenge assumptions and identify discrepancies Who we areA healthier future drives us to innovate. Together, more than 100’000 employees across the globe are dedicated to advance science, ensuring everyone has access to healthcare today and for generations to come. Our efforts result in more than 26 million people treated with our medicines and over 30 billion tests conducted using our Diagnostics products. We empower each other to explore new possibilities, foster creativity, and keep our ambitions high, so we can deliver life-changing healthcare solutions that make a global impact. Let’s build a healthier future, together. Roche is an Equal Opportunity Employer.

Verified and listed by ActiveJobs. Applications are made directly on Roche's own career page — we never sit in the middle.