Principal Security Product Specialist - Personalized Healthcare Informatics (Phc IX)

Hoffmann-La Roche Inc. South San Francisco , CA 94080

Posted 2 months ago

Principal Security Product Specialist - Personalized HealthCare Informatics (PHC IX)

The power of data at scale has transformed almost every industry, personalizing experiences in many aspects of our lives. Yet in healthcare we've only scratched the surface. At Genentech and Roche, we are accelerating the use of data insights and digital technologies to make significant strides to reach the full potential of personalized healthcare. We are seeking mission-driven, ardent, self-starting, creative individuals to join us in this effort.

The Principal Security Product Specialist will have the responsibility for design and development of the end-end security related solutions for deployment of PHC Applications in the cloud and on-premises. This role will be part of the Pharma PHC IX/Technology Team that provides global technology solutions to enable the Pharma PHC Vision and Strategy. The Principal Security Product Specialist will partner with stakeholders in multiple groups to design and develop the security solutions for PHC Infrastructure for Roche/Genentech's current and future PHC needs. The goal will be to build and support most reliable and scalable security solutions to support PHC Solutions and applications meeting compliance with regulatory requirements. The PHC Platform will support applications in the areas of Advanced Analytics, Digital Health, Imaging and Data management for Exploratory to Clinical Trials to Clinical Settings. This person will work very closely with key stakeholders within the PHC Center of Excellence and other cross functional teams in GIS to build Information Technology security strategy with the PHC COE strategy and portfolio.

We expect the Principal Security Product Specialist to be a passionate business and product advocate within IT, with proven analytical capabilities. The Principal Security Product Specialist must be an effective negotiator, leader and communicator in working with Roche/Genentech's IT cross-functional teams as well as other stakeholders and vendors. The ideal candidate will be a self-starter with a passion for innovative technologies, a high level of flexibility, and commitment. The Principal Security Product Specialist will join our diverse community of smart, fun, wholehearted, and engaged informatics professionals from various functional areas. This person will share our community values of passion, courage, integrity, and gratitude -- all in-service of our mission, "doing now what patients need next."

Responsibilities:

As Principal Security Product Specialist in PHC Pharma IT/Technology team, you will:

  • Partner closely with key stakeholders from PHC Center of Excellence and corresponding Pharma IT Groups and Global Infrastructure and Solutions(GIS) to prototype, design and implement security solutions to accelerate the fulfillment of the business strategic vision and protect Roche assets from all types of threats and adversaries.

  • Be able to source and identify emerging security technology trends from multiple internal and external sources and assess relevance. Translate and implement trends into short-term and long term security capabilities.

  • Oversee and facilitate the evaluation and selection of security technology and product standards, and the design of security standard configurations/implementation patterns

  • Work with IT Quality, IT Security and Governance other Business partners to ensure that the application infrastructure is designed to comply with pharmaceutical regulations and GxP requirements.

  • Security product specialist will build and secure systems from external, internal threat feeds, build behavior analysis trends and develop security analytic systems to track down, stop and/or prevent malicious activities, security violations, vulnerabilities and other threats.

  • Ensure that Roche PHC assets information assets are secured. Security producty specialist will work with security teams including infrastructure, engineering, operations, product development and incident response team to ensure that deployed security solutions are uptodate and meet Roche security standards.

  • Design and build security monitoring solutions for detection, protection and response include IDS/IPS, malware sandbox, packet capture, netflow tools, Web Application firewalls, Real Time Application Protection systems, Antivirus, log management, SIEM, Enterprise Detection and Response and Next Generation Antivirus

  • Research emerging technologies and maintain awareness of current security risks in support of security enhancement and development efforts.

  • Lead initiatives to develop and build security utilities and tools that will enable others to operate more efficiently and securely in cloud environments

Qualifications:

  • BA/BS in Business, Information Systems, Computer Science or a relevant area of study required

  • Minimum 8 years of related work experience in Security Engineering, Privacy & Risk Management

  • Understand products and security services available from multiple Cloud Providers such as AWS, AZURE, GCP and other vendors to map those products and services to address IT and Security needs

  • Demonstrated experience automating security controls (desired languages: Shell scripting, Python)

  • Demonstrated experience supporting security and/or privacy audits

  • In-depth experience in managing information security and privacy risks and threat modeling

  • In-depth experience in vulnerability handling pre and post-market

  • In-depth experience in system and cloud infrastructure hardening

  • Experience hardening the services and products available from various cloud providers and partners e.g. Teradata, SageMaker, ECS, EKS, GKE, Palo Alto, Imperva, Redshift, Dataguise, ClamAV etc. and ability to propose fit-for-purpose services to meet requirements

  • Hands-on experience in designing infrastructure as Code, building DevSecOps pipelines and automation using CI/CD toolsets such as GIT, BitBucket, Jenkins, Ansible, Terraform etc. and Container platforms such as Docker, Kubernetes.

  • Good understanding of the application landscapes used in Research environments such as as Imaging Solutions, Advanced Analytics Tools, Data Lakes, Landing Zones including High speed Data Ingestion from Internal and external data sources

  • Strong background in working with various operating systems including various flavors of Linux (RedHat, Ubuntu, CentOS, SuSE) and MicroSoft Windows Servers

  • Good understanding of Regulatory and GxP requirements for working in Healthcare sector including HIPAA, GDPR, HITRUST, ISO-27001 etc.

  • Certifications are a plus: SANS GIAC (GCIH, GPEN, GCIA, GCFA and others), CEH, CISSP, CISA, CISM, LAISO27001

  • Implementation of SaaS based solutions to achieve continuous compliance and Policy enforcements thru BOTs, Security and vulnerability monitoring, log aggregation etc. with good understanding of tools such as Splunk, Dome9, Qualys etc.

  • Strong business knowledge in the Pharma/Biotech industry and associated processes is preferred.

#LI-CGCY1

Roche is an equal opportunity employer.

Information Technology, Information Technology > IT Infrastructure and End-User Services


icon no score

See how you match
to the job

Find your dream job anywhere
with the LiveCareer app.
Mobile App Icon
Download the
LiveCareer app and find
your dream job anywhere
App Store Icon Google Play Icon
lc_ad

Boost your job search productivity with our
free Chrome Extension!

lc_apply_tool GET EXTENSION

Similar Jobs

Want to see jobs matched to your resume? Upload One Now! Remove
Principal Security Product Specialist Personalized Healthcare Informatics (Phc IX)

Hoffmann-La Roche Ltd

Posted 1 week ago

VIEW JOBS 10/7/2019 12:00:00 AM 2020-01-05T00:00 Principal Security Product Specialist - Personalized HealthCare Informatics (PHC IX) The power of data at scale has transformed almost every industry, personalizing experiences in many aspects of our lives. Yet in healthcare we've only scratched the surface. At Genentech and Roche, we are accelerating the use of data insights and digital technologies to make significant strides to reach the full potential of personalized healthcare. We are seeking mission-driven, ardent, self-starting, creative individuals to join us in this effort. The Principal Security Product Specialist will have the responsibility for design and development of the end-end security related solutions for deployment of PHC Applications in the cloud and on-premises. This role will be part of the Pharma PHC IX/Technology Team that provides global technology solutions to enable the Pharma PHC Vision and Strategy. The Principal Security Product Specialist will partner with stakeholders in multiple groups to design and develop the security solutions for PHC Infrastructure for Roche/Genentech's current and future PHC needs. The goal will be to build and support most reliable and scalable security solutions to support PHC Solutions and applications meeting compliance with regulatory requirements. The PHC Platform will support applications in the areas of Advanced Analytics, Digital Health, Imaging and Data management for Exploratory to Clinical Trials to Clinical Settings. This person will work very closely with key stakeholders within the PHC Center of Excellence and other cross functional teams in GIS to build Information Technology security strategy with the PHC COE strategy and portfolio. We expect the Principal Security Product Specialist to be a passionate business and product advocate within IT, with proven analytical capabilities. The Principal Security Product Specialist must be an effective negotiator, leader and communicator in working with Roche/Genentech's IT cross-functional teams as well as other stakeholders and vendors. The ideal candidate will be a self-starter with a passion for innovative technologies, a high level of flexibility, and commitment. The Principal Security Product Specialist will join our diverse community of smart, fun, wholehearted, and engaged informatics professionals from various functional areas. This person will share our community values of passion, courage, integrity, and gratitude -- all in-service of our mission, "doing now what patients need next." Responsibilities: As Principal Security Product Specialist in PHC Pharma IT/Technology team, you will: * Partner closely with key stakeholders from PHC Center of Excellence and corresponding Pharma IT Groups and Global Infrastructure and Solutions(GIS) to prototype, design and implement security solutions to accelerate the fulfillment of the business strategic vision and protect Roche assets from all types of threats and adversaries. * Be able to source and identify emerging security technology trends from multiple internal and external sources and assess relevance. Translate and implement trends into short-term and long term security capabilities. * Oversee and facilitate the evaluation and selection of security technology and product standards, and the design of security standard configurations/implementation patterns * Work with IT Quality, IT Security and Governance other Business partners to ensure that the application infrastructure is designed to comply with pharmaceutical regulations and GxP requirements. * Security product specialist will build and secure systems from external, internal threat feeds, build behavior analysis trends and develop security analytic systems to track down, stop and/or prevent malicious activities, security violations, vulnerabilities and other threats. * Ensure that Roche PHC assets information assets are secured. Security producty specialist will work with security teams including infrastructure, engineering, operations, product development and incident response team to ensure that deployed security solutions are uptodate and meet Roche security standards. * Design and build security monitoring solutions for detection, protection and response include IDS/IPS, malware sandbox, packet capture, netflow tools, Web Application firewalls, Real Time Application Protection systems, Antivirus, log management, SIEM, Enterprise Detection and Response and Next Generation Antivirus * Research emerging technologies and maintain awareness of current security risks in support of security enhancement and development efforts. * Lead initiatives to develop and build security utilities and tools that will enable others to operate more efficiently and securely in cloud environments Qualifications: * BA/BS in Business, Information Systems, Computer Science or a relevant area of study required * Minimum 8 years of related work experience in Security Engineering, Privacy & Risk Management * Understand products and security services available from multiple Cloud Providers such as AWS, AZURE, GCP and other vendors to map those products and services to address IT and Security needs * Demonstrated experience automating security controls (desired languages: Shell scripting, Python) * Demonstrated experience supporting security and/or privacy audits * In-depth experience in managing information security and privacy risks and threat modeling * In-depth experience in vulnerability handling pre and post-market * In-depth experience in system and cloud infrastructure hardening * Experience hardening the services and products available from various cloud providers and partners e.g. Teradata, SageMaker, ECS, EKS, GKE, Palo Alto, Imperva, Redshift, Dataguise, ClamAV etc. and ability to propose fit-for-purpose services to meet requirements * Hands-on experience in designing infrastructure as Code, building DevSecOps pipelines and automation using CI/CD toolsets such as GIT, BitBucket, Jenkins, Ansible, Terraform etc. and Container platforms such as Docker, Kubernetes. * Good understanding of the application landscapes used in Research environments such as as Imaging Solutions, Advanced Analytics Tools, Data Lakes, Landing Zones including High speed Data Ingestion from Internal and external data sources * Strong background in working with various operating systems including various flavors of Linux (RedHat, Ubuntu, CentOS, SuSE) and MicroSoft Windows Servers * Good understanding of Regulatory and GxP requirements for working in Healthcare sector including HIPAA, GDPR, HITRUST, ISO-27001 etc. * Certifications are a plus: SANS GIAC (GCIH, GPEN, GCIA, GCFA and others), CEH, CISSP, CISA, CISM, LAISO27001 * Implementation of SaaS based solutions to achieve continuous compliance and Policy enforcements thru BOTs, Security and vulnerability monitoring, log aggregation etc. with good understanding of tools such as Splunk, Dome9, Qualys etc. * Strong business knowledge in the Pharma/Biotech industry and associated processes is preferred. #LI-CGCY1 Roche is an equal opportunity employer. Information Technology, Information Technology > IT Infrastructure and End-User Services Hoffmann-La Roche Ltd South San Francisco CA

Principal Security Product Specialist - Personalized Healthcare Informatics (Phc IX)

Hoffmann-La Roche Inc.