Digital Health Security Manager

At Roche you can show up as yourself, embraced for the unique qualities you bring. Our culture encourages personal expression, open dialogue, and genuine connections, where you are valued, accepted and respected for who you are, allowing you to thrive both personally and professionally. This is how we aim to prevent, stop and cure diseases and ensure everyone has access to healthcare today and for generations to come. Join Roche, where every voice matters.

As Digital Health Security Manager you will contribute to the Latam Digital Health Security (DHS) mission in implementing the DHS strategy. This includes defending against security threats and safeguarding the confidentiality, integrity, and availability of Roche Diagnostics products and services. You will act as a bridge between customers, field representatives, and global divisions in areas of specific expertise. Carry out on-site customer engagement activities when needed during complex situations.

About the Opportunity:

Organisational strategy

• Support the definition, promotion and implementation of the local strategy for DHS.
• Support EMEA/Latam region in InfoSec best practice.
• Challenge global groups to meet the information security requirements of the local Latam markets.
• Act as an Infrastructure Expert for Information Security area.

Technical delivery

• Support the development and maintenance of technical and procedural controls against security threats. Protect the confidentiality, integrity and availability of Roche Diagnostics products & services. Work together with the legal functions to separate responsibilities between Hospital providers.
• Under the, promote the assessment, design and implementation of new technology policies, procedures, processes and standards.
• Work with governance and technical leads to identify gaps in controls for continuous improvement.
• Management of Fortinet Security - FortiGate (NGFW) solutions: For robust network segmentation, protecting patient data, hospital information systems (HIS), and isolating medical device networks.
• Managing our external vendors:
• Collaborate with Roche supplier relationship managers (including Roche managed service partners) to ensure an aligned cyber security approach for our customers and appropriate contractual obligations.

Leadership

• Participate in a coaching culture that values technical excellence together with support for individuals

Vision

• Support the roadmap by investigating new technology and market requirements, implementing proof of concepts, and proposing innovative new solutions.
• Participate in the design and communication of the DHS vision and priorities. Support the design of appropriate data metrics to drive value and outcomes of the DHS strategy.
• Engendering a culture of ownership and accountability, honesty and integrity at all times. Support the development of others; delivery of timely feedback, celebration of success, fostering team working and collaboration.

Delivery

• Support for the information security management system, align outcomes with relevant compliance requirements. Maintain certification to ISO 27001, DSPT and other business standards. Continually strive for process improvement and efficiencies and implement accordingly.
• Act as Digital health security team security process specialist. Support the process for identifying and mitigating InfoSecurity risk across the business. Support the drafting of new policies and procedures and securing sign-off to support security related technical controls. Represent Technical Services in InfoSec related matrix roles including: TS Data Privacy liaison and ISMS risk coordinator.
• Design and implementation of InfoSec training.
• Act as an interface to external special interest security groups; NHS Cyber Associates Network, NCSC CiSP and the MHRA.
• Provide expert support for escalated security related complaints and enquiries and design of corrective actions. Handling and escalation of enquiries/complaints in cooperation with GCS / CIR / PSPO.
• Participate and contribute with the needed level of expertise to the Incident management team in case of the Cybersecurity local accidents.

Requirements & Experiences:

• Degree-level education (or equivalent) in healthcare/allied healthcare and/or IT or healthcare IT.
• Professional certifications (ISO/ISACA/CISM)
• Membership of relevant industry bodies: CiSP, CAN, HISAC
• Extensive experience of healthcare IT Security
• Network and Infrastructure Security: Security architectures, intrusion prevention systems (IPS), network segmentation (especially for isolating Internet of Medical Things - IoMT networks), VPNs, and Network Access Control (NAC).
• Cloud Security: Experience with cloud security models (IaaS, PaaS, SaaS).
• Device Security (Endpoint & IoMT): Practical knowledge of Endpoint Detection and Response (EDR).
• Identity and Access Management (IAM): Experience in implementing and managing multi-factor authentication (MFA), Single Sign-On (SSO).
• Regulations and Compliance: Data protection and security regulations, such as LGPD (Brazilian General Data Protection Law), GDPR, NIS/NIS2, and healthcare-specific standards like HIPAA (relevant for international operations) and IVDR

A healthier future drives us to innovate. Together, more than 100’000 employees across the globe are dedicated to advance science, ensuring everyone has access to healthcare today and for generations to come. Our efforts result in more than 26 million people treated with our medicines and over 30 billion tests conducted using our Diagnostics products. We empower each other to explore new possibilities, foster creativity, and keep our ambitions high, so we can deliver life-changing healthcare solutions that make a global impact.

Let’s build a healthier future, together.

Roche is an Equal Opportunity Employer.