About the position
A healthier future. It's what drives us to innovate. To continuously advance science and ensure everyone has access to the healthcare they need today and for generations to come. Creating a world where we all have more time with the people we love. That's what makes us Roche. Join a dynamic team of Software Architecture and Development professionals who are developing the next generation of Roche Tissue Diagnostics (RTD) products and continually improving on-market products. Become an instrument of change by influencing the direction and implementation of product security. As a Subject Matter Expert in your domain, you will provide guidance to development teams on applicable risk mitigation strategies and consult during design and implementation.
Responsibilities
- Contribute as a Subject Matter Expert to cybersecurity risk assessments for the RTD product portfolio, including risk identification, risk analysis and verification of risk mitigations.
- Consult development teams in analyzing potential impacts and exposure of vulnerabilities.
- Contribute technical knowledge to development teams about secure design patterns and the right use of security technologies.
- Create and review documentation of security concepts, secure designs and plans to maintain the secure state of the product portfolio throughout its lifecycle.
- Manage and oversee penetration tests with internal product teams and external service providers. Assess and track mitigation strategies.
- Collaborate with Roche's Product Security and Privacy Operations group to disseminate process updates and state of the art best practices to product development teams.
- Prepare and deliver presentations of product security posture results to large and diverse internal audiences.
Requirements
- BS degree and least 8 years of related experience or equivalent in a directly related discipline or equivalent combination of education and experience.
- MS degree in directly related discipline + 4 years of related experience required; OR, PhD degree in a directly related discipline + 2 years of related experience required.
- Prior experience in secure software development.
- Cybersecurity certification(s) desired, but not required (e.g. CISA, CISM, CISSP).
- Experience in Cloud security concepts and with medical devices, especially IVD systems, desired.
- Knowledge about Windows and .Net technology stack (Java and Linux are a plus).
- Knowledge of cybersecurity regulations, laws and standards for the medical device industry.
- Driven, self-starter with good planning and organizational skills and a strong attention to detail.
Benefits
- Discretionary annual bonus may be available based on individual and Company performance.
