×
Apply for Jobs Apply for Jobs Post a Job Post a Job Local Jobs Home
Register Here to Apply for Jobs or Post Jobs. X
More jobs:
Cybersecurity IT Consultant Information Security Data Security

Program Lead, Third Party Risk and Resilience Management

Job in Tucson, Pima County, Arizona, 85718, USA
Listing for: F. Hoffmann-La Roche Gruppe
Full Time position
Listed on 2026-06-17
Job specializations:
  • IT/Tech
    Cybersecurity, IT Consultant, Information Security, Data Security
Salary/Wage Range or Industry Benchmark: 106400 - 197600 USD Yearly USD 106400.00 197600.00 YEAR
Job Description & How to Apply Below

At Roche you can show up as yourself, embraced for the unique qualities you bring. Our culture encourages personal expression, open dialogue, and genuine connections, where you are valued, accepted and respected for who you are, allowing you to thrive both personally and professionally. This is how we aim to prevent, stop and cure diseases and ensure everyone has access to healthcare today and for generations to come.

Join Roche, where every voice matters.

The Position

A healthier future. It’s what drives us to innovate. To continuously advance science and ensure everyone has access to the healthcare they need today and for generations to come. Creating a world where we all have more time with the people we love. That’s what makes us Roche.

The Program Lead for Third Party Risk and Resilience Management establishes and maintains a robust governance framework for all Offshore Development Centers (ODCs), bridging R&D innovation requirements with Global IT security, infrastructure, and compliance standards. This leader ensures ODCs function as strategic extensions of Roche’s R&D engine while maintaining zero major IT compliance breaches, and guides vendors during ODC setup to ensure full compliance with Roche Security standards.

Compliance of all ODC setups and ongoing operations. Ensure alignment on scope, methodologies, processes at the nexus of R&D organization, Global procurement, and IT. Elimination of governance gaps and friction points between R&D and IT. Implementation of standardized, global ODC management framework across business units Security risks, incidents, and incident/change/problem management processes at ODC sites Strategic positioning of ODCs as value creators rather than cost centers.

The

Opportunity

  • Determine ODC necessity based on country risk and data sensitivity

  • Initiate new ODC setups, coordinate vendor office space establishment, and guide vendors on Roche Security standards

  • Conduct Security Risk Assessment (SRA) and Data Classification Review (DCR) for all services and applications

  • Identify services unsuitable for external business partners and escalated to product/service owners or DSM for remediation

  • Create, review, and maintain ODC Manuals, Impact Assessments, and Security Control Tables

  • Periodically review and update impact assessment documents to remove retired services

  • Ensure compliance with legal requirements (GDPR, CCPA) and Roche security protocols

  • Act as the owner for role‑specific training curricula

  • Ensure training compliance for all external personnel by verifying mandatory security and role‑specific requirements are met prior to system access.

  • Accountable for the systematic tracking and enforcement of training completion for vendor resources, leveraging the Roche Training Solution system

  • Approve all ODC changes including staff assignments, project onboarding, and service modifications

  • Manage Service Now requests for infrastructure (NAS storage, VD/VDI creation/updates, application packaging)

  • Identify VSA requirements and maintain vendor security/privacy capabilities throughout ODC lifecycle

  • Ensure security audits completed prior to service commencement and conduct periodic audits

  • Conduct assessments when major changes occur (new projects with higher security needs)

  • Track and remediate audit findings with vendors

  • Ensure mandatory notifications are formally integrated into processes (e.g., GSP) for all new vendor collaborations

  • Coordinate dedicated VDI planning with Citrix when default environments cannot support daily tasks

  • Optimize virtual desktop and application virtualization to reduce VDI requirements

  • Manage port opening for DIA, RDI, VDIs, and coordinate VDI creation

  • Collaborate with Network, Perimeter, and Citrix teams on connectivity and URL whitelisting

  • Ensure Business Partner Organization (BPO) approvals for applications, systems, URLs, RDP/SSH access

  • Populate and verify application inventories, URLs, and RDP/SSH server lists for Smart Web and virtual environments

  • Add users to ODC groups and implement access restrictions or policies as required

  • Lead ODC Security Incident Management with timely identification, escalation, and resolution

  • Promptly escalated security incidents…

To View & Apply for jobs on this site that accept applications from your location or country, tap the button below to make a Search.
(If this job is in fact in your jurisdiction, then you may be using a Proxy or VPN to access this site, and to progress further, you should change your connectivity to another mobile device or PC).
 
 
 
Search for further Jobs Here:
(Try combinations for better Results! Or enter less keywords for broader Results)
Location
Increase/decrease your Search Radius (miles)
0
200
Filters
Education Level
Experience Level (years)
Posted in last:
Salary
Advanced Search