Cyber Security Compliance Intern
Roche · Sant Cugat del Vallès
Job description
At Roche you can show up as yourself, embraced for the unique qualities you bring. Our culture encourages personal expression, open dialogue, and genuine connections, where you are valued, accepted and respected for who you are, allowing you to thrive both personally and professionally. This is how we aim to prevent, stop and cure diseases and ensure everyone has access to healthcare today and for generations to come. Join Roche, where every voice matters. The PositionWe are the global product security and privacy center of Roche Diagnostics worldwide. Our vision: To build a solid Global Product Security and Privacy Operations function, provide strategic security insight across Roche Diagnostics to ensure our devices are what our regulators require and our patients deserve. Our priorities: Understanding our customers and Stakeholder needs to deliver effective security on testing solutions Develop an agile and sustainable operating business model to deploy security concepts that enable confident healthcare decisions. Institutionalize security role models to provide guidance, education and awareness to maximize the security of Roche Diagnostics solutions and create trust along the patients journeys Data security and privacy are key success factors in our digital transformation and essential to reach our ambitions. You are inspired to contribute to the overall Roche Diagnostics vision by applying end-to-end Division-wide product security and privacy operations to keep our products and services secure and privacy compliant throughout the entire lifecycle. You believe in the potential of science, technology, data and insights to improve the standard of care for humankind and you are eager to help navigate through unchartered territory to lift this potential. The Position The Cyber Security Compliance Intern will: Coordinate and manage product security and privacy compliance activities. Author new or updated policies and procedures for internal partner and stakeholder input. Create and maintain security and privacy relevant documentation in response to legal and regulatory requirements (e.g. HIPAA, GDPR, etc.), manages the documentation and related intranet repositories. Prepare and deliver communication and training to educate Roche teams on the evolving compliance landscape and new or updated policies and related changes Support Roche Sales, product teams and IT groups, legal and other appropriate parties to address customer questions and needs regarding Roche’s products to ensure customer confidence in data security (e.g. by reviewing contract templates and contributing with architecture specific security and privacy language, supporting completion of customers’ security questionnaires, etc.). Where observed, escalate actual or potential compliance violations or other issues to relevant colleagues or management, according to local, regional and/or global policies and procedures. Manage and performs activities related to preparation, execution and remediation of internal and external compliance audits Maintain IT internal controls ensuring that they are designed and operating effectively to meet compliance requirements for in-scope applications. Establish and promote business compliance implementation process, and ensure the risk convergence and privacy protection technology for business scenarios; Understand cybersecurity concepts and be able to communicate it to users that do not come from a security background. Review of key processing activities, data protection impact assessments (DPIA’s), data processing agreements, data retention, data deletion approach, training records, etc. Minimum Qualifications: Bachelor degree in a field with a strong emphasis on information security, computer, communication, or related majors, master degree as a plus. 1+ years cybersecurity and/or privacy program management experience and exposure to large-scale systems in fast-paced environment. Audit and/or compliance related roles experience in multinational environments. Experience in using data and metrics to define business strategy and gain executive support for new visions. Preferable related experience in the healthcare, diagnostics, and / or pharmaceutical industry, preferred. Knowledge of HIPAA, GDPR, and other privacy relevant legislation and regulations Excellent Verbal/Written communication & data presentation skills, proved ability to effectively communicate with both business and technical teams. Ability to work in and with globally distributed and multi-cultural teams. Best in class attitude; challenge status constructively and contribute to improvements; results oriented; ability to influence; solution oriented mindset. Preferred Qualifications: Experience working in a Software Development environment. Valuable certifications: ISO 27001 Lead Auditor, CISA, CISM, CISSP, GIAC, OSCP, SSCP or equivalent certification Proven ability to influence change at all levels within an organization Expert planner with business process definition experience and a strong IT aptitude Knowledge of Product Development Life Cycles (PDLC) Working knowledge or willingness to quickly learn the content and requirements of various laws, regulations, industry guidance, and company compliance policies, particularly related to privacy, data disclosure, and cybersecurity Demonstrate data analytical skills, creativity, and experience working with attention to detail Experience maintaining open, candid, and trusting work relationships Ability to “Zoom Out” (see the big picture and give strategic direction) as well as to “Zoom in” (to provide more granularity when exchanging with a wide range of experts. Strong business acumen; sensitive to business needs; view change as an opportunity; eager to work in a fast-paced environment. Strong organizational skills and ability to prioritize and manage multiple projects simultaneously. Who we areA healthier future drives us to innovate. Together, more than 100’000 employees across the globe are dedicated to advance science, ensuring everyone has access to healthcare today and for generations to come. Our efforts result in more than 26 million people treated with our medicines and over 30 billion tests conducted using our Diagnostics products. We empower each other to explore new possibilities, foster creativity, and keep our ambitions high, so we can deliver life-changing healthcare solutions that make a global impact. Let’s build a healthier future, together. Roche is an Equal Opportunity Employer.
Verified and listed by ActiveJobs. Applications are made directly on Roche's own career page — we never sit in the middle.