Bei Roche kannst du ganz du selbst sein und wirst für deine einzigartigen Qualitäten geschätzt. Unsere Kultur fördert persönlichen Ausdruck, offenen Dialog und echte Verbindungen. Hier wirst du für das, was du bist, wertgeschätzt, akzeptiert und respektiert. Dies schafft ein Umfeld, in dem du sowohl persönlich als auch beruflich wachsen kannst. Gemeinsam wollen wir Krankheiten vorbeugen, stoppen und heilen und sicherstellen, dass jeder Zugang zur Gesundheitsversorgung hat – heute und in Zukunft. Werde Teil von Roche, wo jede Stimme zählt.
Die Position
TheInformation Security& Privacy By Designteam is the engine behind Roche’s security governance. We design, deliver, and support the digital frameworks that protect our organization, includingIRAAM(Information Risk Assessment And Mitigation),PETRA(Policy Exceptions Tool for Risk Assessment ),OIA (Outsourcing Impact Assessment), and our cutting-edgeGenAI security agents.
As anAI& Automation Engineer, you are the vital architect bridging the gap between high-level security expertise and scalable, self-service execution. Your mission is to democratize security and privacy knowledge by building intelligent agents and low-code tools that empower Roche employees. You don’t just manage risk; you build the "digital brains" that make risk management proactive, intuitive, and frictionless.
You are an "implementer" who thrives on turning strategic advice into functional code. You believe that security governance is most effective when it is invisible, automated, and powered by data.
Description of the Area
The Information Security& Privacy By Design team makes Roche’sinformation security governance accessible through actionable processes. The capabilities we provide enable Roche to identify, assess, monitor, and mitigate information risks, manage regulatory compliance, and oversee third-party and personal data processing risks. Our processes are primarily instantiated in the ServiceNow IRM Platform. We work closely with Information Security, Privacy, Risk& Compliance, and IT teams to provide enterprise visibility into Roche’s information risk posture.
You’ll be working within the Information Security Governance (ISG) area. ISG is responsible for defining the strategic agenda for information security and privacy topics at the Roche Group level. This is realized within the global Information Security Management System (ISMS) which aligns business and IT strategies, business and technical projects, policies, standards, directives, procedures, governance, legal / regulatory, compliance, and other requirements at a global level.
TheInformation Security& Privacy by Designarea is accountable for co-developing, in collaboration with key stakeholders, and stewardship of the strategic direction of the Information Risk Assessment processes based on organizational objectives, industry practices and legal / regulatory requirements - e.g IRAAM, PETRA, OIA. This includes oversight, awareness, direction and continuous improvement to the end-to-end processes and their relevant risk modules in alignment with the global ISMS, corporate directives and Roche management systems (e.g. privacy, quality, risk).
Job Responsibilities
1. AI Solution Development& Knowledge Engineering
- Security AI Stewardship: Own the development and roadmap of internal AI-based advisory tools. You will transform static security policies and KB articles into interactive, intelligent agents.
- Retrieval Augmented Generation (RAG): Build and optimize data pipelines to ingest diverse sources—including Google Docs, ServiceNow KB articles, and slide decks—into AI models to ensure accurate, grounded advisory.
- Prompt Engineering& Tuning: Continuously refine LLM performance to ensure security and privacy advice is technically sound, brand-aligned, and user-friendly.
2. Low-Code& Automation Engineering
- Self-Service Platforms: Leverage Roche’s low-code platforms( e.g. LEAP Outsystems or similar) to build front-end interfaces that provide employees with 24/7 security guidance.
- Workflow Automation: Identify manual bottlenecks in the IRAAM/PETRA/OIA workflows and engineer automated solutions to streamline the user journey.
- Infrastructure Maintenance: Maintain and optimize essential operational tools (e.g., Google Apps Script used for the Security Expert Review Triage) ensuring reliable data aggregation from Snowflake, Thoughtspot, and ServiceNow.
3. Operational Excellence& Support
- Technical Support: Act as the primary technical contact for AI and automation tool incidents, troubleshooting issues and coordinating with platform teams for permanent fixes.
- User Enablement: Support the Information Security Coordinator (ISC) network and end-users, ensuring they understand how to maximize the value of our automated security tools.
- Performance Monitoring: Analyze tool usage and AI response accuracy, using data insights to propose continuous feature enhancements.
4. Evangelism& Partnership
- Expert Collaboration: Partner with Security and Privacy Experts to "translate" their deep knowledge into logic-based automation and AI workflows.
- AI Frontier Leadership: Act as a subject matter expert within the team, researching emerging AI trends and machine learning applications that can assist in threat identification and policy analysis.
Qualifications
Experience
- AI/ML Engineering: 3–5 years of hands-on experience in AI/ML applications and workflow automation.
- RAG& LLM Integration: Proven ability to engineer data pipelines and mitigate AI hallucinations to ensure highly accurate, grounded outputs.
- Low-Code Development: Prior experience with Outsystems (Roche LEAP) or similar enterprise-grade low-code technologies.
- Regulated Industry: Experience working in regulated environments (Pharmaceutical, Healthcare, or Finance) is a plus.
Education
- Bachelor’s degree in Computer Science, Software Engineering, Information Systems, or a related technical field.
Technical& Business Skills
- Architectural Mindset: Ability to design complex data flows that connect unstructured documents to structured AI outputs.
- Automation Mastery: Proficiency in JavaScript/ Google Apps Script, Python and experience with Data Visualization tools (e.g., Snowflake, Thoughtspot, or Tableau).
- Platform Knowledge: Foundational knowledge of ServiceNow (GRC and ITSM) is a significant advantage.
- Security Foundation: Notions of Information Security principles and data privacy (understanding the "why" behind risk controls).
- Analytical Problem Solving: A knack for debugging complex automation failures and identifying "root causes" in AI hallucinations or data mismatches.
- User-Centric Design: A passion for building tools that are intuitive and desirable for employees to use.
Leadership Skills
- Communication: Strong ability to build trust with security experts and explain technical AI/automation concepts to non-technical stakeholders.
- Innovation& Curiosity: A relentless passion for applying GenAI/LLMs to solve real-world productivity challenges.
- Thriving in Ambiguity: Ability to navigate complexity and drive clarity when translating strategic advice into functional tools.
- Self-Starter: Proven ability to manage technical workstreams from concept to production with minimal supervision.
Wer wir sind
Eine gesündere Zukunft treibt uns zur Innovation an. Mehr als 100.000 Mitarbeiter weltweit arbeiten gemeinsam daran, wissenschaftliche Fortschritte zu erzielen und sicherzustellen, dass jeder Zugang zur Gesundheitsversorgung hat – heute und für zukünftige Generationen. Durch unser Engagement werden über 26 Millionen Menschen mit unseren Medikamenten behandelt und mehr als 30 Milliarden Tests mit unseren Diagnostik-Produkten durchgeführt. Wir ermutigen uns gegenseitig, neue Möglichkeiten zu erkunden, Kreativität zu fördern und hohe Ziele zu setzen, um lebensverändernde Gesundheitslösungen zu liefern.
Gemeinsam können wir eine gesündere Zukunft gestalten.
Roche ist ein Arbeitgeber, der die Chancengleichheit fördert.
