At Roche you can show up as yourself, embraced for the unique qualities you bring. Our culture encourages personal expression, open dialogue, and genuine connections,  where you are valued, accepted and respected for who you are, allowing you to thrive both personally and professionally. This is how we aim to prevent, stop and cure diseases and ensure everyone has access to healthcare today and for generations to come. Join Roche, where every voice matters.

The Position

IT Risk & Audit Specialist

Are you a compliance expert with a solid background in IT security, data privacy, quality compliance and regulatory requirements—particularly within agency-governed environments? Are you looking for a challenging, innovative, fun  and collaborative workspace where you can grow your expertise while making an impact? If so, the Security, Quality, and Compliance Chapter wants to hear from you! 

As a Specialist in IT Risk, Audit and Compliance, you will be an integral part of our diverse Informatics community of smart, fun, wholehearted, and engaged professionals spanning diverse functional areas. You will share our community values of passion, courage, integrity, and gratitude -- all in service of our mission, “doing now what patients need next.”

The Opportunity:

Leading internal and external assessments and audits related to security, privacy, and compliance involving planning, execution, and follow-up.

Drive third-party audits and risk assessments to validate vendor compliance with Roche’s standards and external regulations, including data integrity, security controls, and quality frameworks. 

Engage with a diverse range of stakeholders, including internal teams and external partners, on multiple concurrent global projects, across different functional areas, to understand their needs and expectations and ensure a smooth collaborative environment. 

Fostering innovation and simplification, seeking solutions to improve and simplify existing processes, creating a culture that encourages creativity, experimentation, and continuous improvement.

Analyze and interpret complex legal agreements, contracts, and regulations and translate them into actionable IT Security, Privacy and Quality compliance initiatives.

Ensure Roche’s business critical, personal and sensitive data is protected and compliant with applicable laws such as EU GDPR and HIPAA.

Responsible for assessing 3rd party vendors compliance against service related requirements and reporting this to Roche responsible key stakeholders.

Leverage the technical expertise of the internal teams and external technology providers and vendors to deeply understand risks presented by our partners. 

Stakeholder management for business partners and subject matter / functional experts.

Maintain a functional level knowledge of the dynamic health authority governance around the world such as EU GDPR, MDR, CCPA, HIPAA, 21 CFR part 11, Article 11, ISO: 13485, 14971, 19011, 27001, 31000, 42001, ICH Q9, Q10 knowledge of widely recognized risk management frameworks and standards such as NIST (National Institute of Standards and Technology) RMF (Risk Management Framework), and COSO (Committee of Sponsoring Organizations of the Treadway Commission), COBIT (Control Objectives for Information and Related Technologies), and ISACA's (Information Systems Audit and Control Association) audit and risk programs.
 

Who you are:

Bachelor’s degree  in Life Science, Informatics, Quality, or related  field. Master’s degree or post-graduate coursework are desirable. 

5+ years of related experience, domain knowledge of the pharmaceutical industry in Internal and External audit management.

Preferred certifications: ISO/IEC 27001 Lead Auditor International, Certified Information Systems Auditor (CISA) or Certified Internal Auditor (CIA).

Strong understanding and experience in leading security, privacy, ISO 27001, compliance internal and external audits.

Solid understanding of computerized validation processes and requirements for 3rd party software and service providers in the pharmaceutical industry. 

Experience leading cross-functional collaborative team environments, provide innovative solutions to complex business problems and make decisions with cross-functional impact.

Strong communication skills - ability to communicate efficiently complex information, issues, and potential solutions at an executive level.

Proven skills in relationship building, customer-focus, decision-making, and problem solving.

Demonstrated ability to quickly learn business priorities in unfamiliar or ambiguous areas.

What you get:

Salary range 17 000 - 21 000 PLN gross based on the employment contract (for the Warsaw & Poznan locations), for other locations the salary level will be discussed on a 1 - 1 basis

Annual bonus payment based on your performance;

Dedicated training budget (training, certifications, conferences, diversified career paths etc.);

Flex Location (possibility to perform our work from different places in the world for a certain period of time)

Take Time for Charity (additional paid leave of maximum 2 weeks to engage in the charity action of your choice)

Private healthcare and group life insurance

Stock share purchase additions;

Yearly sales of company laptops and cars and many more

APPLY DIRECTLY

If you feel this offer suits a friend of yours, feel free to share it. 

Want to know what it’s like to be a part of Roche IT first-hand?  Check out our blog!  

https://careers.roche.com/global/en/we-are-roche

 

The controller of your personal data is Roche Polska Sp. z o.o., ul. Domaniewska 28, 02-672 Warsaw. The data is processed for the purpose of recruitment. You have the right to access your data, rectify it, delete it, limit processing, transfer it and - if processing is based on your consent - withdraw this consent at any time. Contact the Data Protection Officer at: Ochrona.danych@roche.com. More information on the principles of processing your personal data by Roche at the link:   https://www.roche.pl/pl/content/klauzula-informacyjna-rekrutacja-en.html
Roche Polska sp. z o.o.  operates in full compliance with the law and does not tolerate any violations. Roche  Polska sp. z o.o.  has implemented a Procedure for Reporting Violations of Law. If you wish to report any irregularities related to our activities, all necessary information regarding the reporting process can be found on our website: https://www.roche.pl/kontakt/ochrona-sygnalistow-zglaszanie-naruszen.

Who we are

A healthier future drives us to innovate. Together, more than 100’000 employees across the globe are dedicated to advance science, ensuring everyone has access to healthcare today and for generations to come. Our efforts result in more than 26 million people treated with our medicines and over 30 billion tests conducted using our Diagnostics products. We empower each other to explore new possibilities, foster creativity, and keep our ambitions high, so we can deliver life-changing healthcare solutions that make a global impact.

Let’s build a healthier future, together.

Roche is an Equal Opportunity Employer.