Graduate Intern - Cyber Security Compliance Analyst

About Roche

At Roche, you can show up as yourself, embraced for the unique qualities you bring. Our culture encourages personal expression, open dialogue, and genuine connections, where you are valued, accepted and respected for who you are, allowing you to thrive both personally and professionally. This is how we aim to prevent, stop and cure diseases and ensure everyone has access to healthcare today and for generations to come. Join Roche, where every voice matters.

Department Summary

We are the global product security and privacy center of Roche Diagnostics worldwide. Our vision is to build a solid Global Product Security and Privacy Operations function, provide strategic security insight across Roche Diagnostics to ensure our devices are what our regulators require and our patients deserve.

Our priorities include:

• Understanding our customers and Stakeholder needs to deliver effective security on testing solutions.
• Develop an agile and sustainable operating business model to deploy security concepts that enable confident healthcare decisions.
• Institutionalize security role models to provide guidance, education and awareness to maximize the security of Roche Diagnostics solutions and create trust along the patients journeys.

The Opportunity: Graduate Intern - Cyber Security Compliance Analyst

As a Graduate Intern - Cyber Security Compliance Analyst, you will play a crucial role in coordinating and managing product security and privacy compliance activities. This includes authoring new or updated policies and procedures for internal partner and stakeholder input, as well as creating and maintaining security and privacy relevant documentation in response to legal and regulatory requirements (e.g., HIPAA, GDPR).

Key responsibilities include:

• Coordinate and manage product security and privacy compliance activities.
• Author new or updated policies and procedures for internal partner and stakeholder input.
• Create and maintain security and privacy relevant documentation in response to legal and regulatory requirements (e.g. HIPAA, GDPR, etc.), managing the documentation and related intranet repositories.
• Prepare and deliver communication and training to educate Roche teams on the evolving compliance landscape and new or updated policies and related changes.
• Support Roche Sales, product teams and IT groups, legal and other appropriate parties to address customer questions and needs regarding Roche’s products to ensure customer confidence in data security (e.g. by reviewing contract templates and contributing with architecture specific security and privacy language, supporting completion of customers’ security questionnaires, etc.).
• Where observed, escalate actual or potential compliance violations or other issues to relevant colleagues or management, according to local, regional and/or global policies and procedures.
• Manage and perform activities related to preparation, execution and remediation of internal and external compliance audits.
• Maintain IT internal controls ensuring that they are designed and operating effectively to meet compliance requirements for in-scope applications.
• Establish and promote business compliance implementation processes, and ensure risk convergence and privacy protection technology for business scenarios.
• Understand cybersecurity concepts and be able to communicate them to users that do not come from a security background.
• Review of key processing activities, data protection impact assessments (DPIA’s), data processing agreements, data retention, data deletion approach, training records, etc.

Program Highlights

This intensive 1-year intern graduate program (Contrato en practicas) offers a competitive salary and benefits package. The program start dates are in September, and it is located on-site in Sant Cugat del Valles. Interns will gain access to training and development opportunities and work with some of the most talented people in the biotechnology industry.

Who You Are (Required)

• Must have graduated from a University degree program with a Bachelor's degree.
• 1+ years cybersecurity and/or privacy program management experience and exposure to large-scale systems in fast-paced environment.
• Audit and/or compliance related roles experience in multinational environments.
• Experience in using data and metrics to define business strategy and gain executive support for new visions.
• Knowledge of HIPAA, GDPR, and other privacy relevant legislation and regulations.
• Excellent Verbal/Written communication & data presentation skills, with proven ability to effectively communicate with both business and technical teams.
• Ability to work in and with globally distributed and multi-cultural teams.
• Best in class attitude; challenge status constructively and contribute to improvements; results oriented; ability to influence; solution oriented mindset.

Required majors: Information security, computer, communication, or related field.

Preferred Qualifications

• Graduated from a Master's degree is a plus.
• Experience working in a Software Development environment.
• Valuable certifications: ISO 27001 Lead Auditor, CISA, CISM, CISSP, GIAC, OSCP, SSCP or equivalent certification.
• Proven ability to influence change at all levels within an organization.
• Expert planner with business process definition experience and a strong IT aptitude.
• Knowledge of Product Development Life Cycles (PDLC).
• Working knowledge or willingness to quickly learn the content and requirements of various laws, regulations, industry guidance, and company compliance policies, particularly related to privacy, data disclosure, and cybersecurity.
• Demonstrate data analytical skills, creativity, and experience working with attention to detail.
• Experience maintaining open, candid, and trusting work relationships.
• Ability to “Zoom Out” (see the big picture and give strategic direction) as well as to "Zoom in” (to provide more granularity when exchanging with a wide range of experts).
• Strong business acumen; sensitive to business needs; view change as an opportunity; eager to work in a fast-paced environment.
• Strong organizational skills and ability to prioritize and manage multiple projects simultaneously.

This opportunity is part of the START TECH program. You can find more information about the program at the following link: https://careers.roche.com/global/en/start-tech-program-spain

Key skills/competency

• Cybersecurity
• Data Privacy
• Compliance
• GDPR
• HIPAA
• Audit
• Risk Management
• Policy Development
• Communication
• Data Analysis