Skip to main content
Back to jobs

IT Strategic Risk & Audit Manager

External
Roche logoRoche · Madrid, Spain
Full-timeOn-siteToday
AgileAuditingAWSAzureCloud SecurityCompliance
Cover LetterConnect

Prepare for this interview

Elite

AI-generated questions, company research, and talking points tailored to this role


Requirements

  • Education / Experience
  • 15+ years of experience in IT Risk/Audit, preferably within a global, highly regulated industry (Pharma, MedTech, or Finance).
  • Deep mastery of GxP (GLP, GCP, GMP) , CSV (Computer System Validation) , and Data Integrity principles (ALCOA+).
  • Expert knowledge of global risk frameworks (NIST, ISO 27001, COBIT) and privacy regulations (GDPR, HIPAA).
  • Strong understanding of modern technology stacks, including Cloud Security (AWS/Azure) , AI/ML governance, and Agile/DevSecOps methodologies.
  • Demonstrated experience presenting to and influencing Executive Leadership (C-suite) and Board-level stakeholders.
  • Proven ability to navigate a complex, global matrixed environment and steer senior leadership toward risk-aware decision-making through technical credibility.
  • Drives a culture of shared accountability , ensuring that compliance and risk management are viewed as strategic enablers rather than organizational hurdles.
  • Certifications: Mandatory possession of at least two of the following: CI

Benefits

Health insuranceVision insurance

Additional Information

At Roche you can show up as yourself, embraced for the unique qualities you bring. Our culture encourages personal expression, open dialogue, and genuine connections, where you are valued, accepted and respected for who you are, allowing you to thrive both personally and professionally. This is how we aim to prevent, stop and cure diseases and ensure everyone has access to healthcare today and for generations to come. Join Roche, where every voice matters. The Position At Roche, we believe every patient deserves a personalized healthcare solution. As the IT Strategic Risk & Audit Manager , you will play a pivotal role in ensuring that our digital evolution-from AI-driven drug discovery to personalized healthcare apps-is built on a foundation of trust and resilience. You will act as a strategic partner to Digital Technology leaders, ensuring that risks are managed proactively rather than reactively. This role moves beyond tactical "checkbox" auditing to focus on strategic foresight -anticipating shifts in the threat landscape, regulatory environment, and emerging technologies (like AI and Cloud architecture) Job Responsibilities Scope / (Content Leadership): Defines the strategic vision for IT risk, audit, and compliance, and drives strategic initiatives for long-term risk management success. Initiates and leads large, complex projects with a significant impact on the organization. Leads the development of enterprise-wide risk and compliance policies and advises on emerging trends and best practices. Strategic Risk Architecture & Vision: Define and architect the global IT Enterprise Risk Management (ERM) framework (NIST, ISO 27001, COBIT), aligning long-term digital strategy with Roche's risk appetite to ensure "Compliance by Design" across complex, interconnected global portfolios. Accountability/Problem Solving: Leads the analysis of highly complex business and risk challenges with significant organizational impact, proactively identifying potential strategic issues within your sphere of influence. Develops comprehensive risk management and compliance policies, implements proactive measures to avoid repeated issues, and leads initiatives to anticipate and mitigate future risks. Contributes to framing strategic questions and facilitates strategic decision-making at the executive level. Stakeholder Management: Identifies and engages key stakeholders at the executive level and external partners, analyzing enterprise-wide stakeholder landscapes. Leads enterprise-wide risk, audit, and compliance initiatives, presenting them to executive leadership to secure support and strategic alignment for risk-related investments. Navigates highly complex and politically sensitive landscapes, acting as an organizational trust builder and providing expert counsel on critical strategic decisions. E2E Audit & Compliance Leadership: Lead the full lifecycle of complex IT audits and continuous monitoring programs across infrastructure and applications, ensuring the organization meets global regulatory requirements while proactively identifying systemic issues to prevent recurrence. Inspection Command & Control: Serve as the primary IT liaison during complex Health Authority inspections (FDA, EMA, etc.), leading "Front-Room/Back-Room" operations, coaching SMEs in regulatory interview techniques, and ensuring the rapid delivery of high-quality, validated evidence. Data Integrity & ALCOA+ Systematically audit and enforce the "Digital Thread" to ensure all health-regulated data remains Attributable, Legible, Contemporaneous, Original, and Accurate, maintaining the integrity of life-saving digital health solutions. Global Stakeholder & Transformation Management: Navigate sensitive landscapes to lead enterprise-wide risk initiatives, partnering with IT owners to develop robust remediation CAPAs and innovating risk management approaches to drive lasting, transformative impact across the global organization.


Your Match

How well this role fits your profile.

Company Intel

What employees say

Worked at Roche? Share your experience

Interested in this role?

Apply on the company's website.

Cover LetterConnect