At Roche you can show up as yourself, embraced for the unique qualities you bring. Our culture encourages personal expression, open dialogue, and genuine connections, where you are valued, accepted and respected for who you are, allowing you to thrive both personally and professionally. This is how we aim to prevent, stop and cure diseases and ensure everyone has access to healthcare today and for generations to come. Join Roche, where every voice matters.

The Position

Legal and Data Protection Partner

Location: Warsaw (hybrid)

Join a team that' s shaping the future of healthcare! At Roche, we believe that innovative technologies and breakthrough therapies have the power to change patients' lives. Our Legal and Compliance team is a key partner in this mission, ensuring that our actions are not only legally compliant but also conducted with the highest ethical standards. We are looking for a person who is not afraid of the challenges of the digital era and wants to build a safe and innovative future with us.

Your goal will be to provide strategic support to the organization in delivering modern therapeutic solutions to patients. You will be a key partner for business teams, promoting a culture of ethics and compliance and navigating the company through a complex legal environment, with a particular focus on the challenges and opportunities of the digital and AI era and personal data protection.

The opportunity:

• Act as a key partner in projects in the areas of Digital Health, telemedicine, cybersecurity, personal data protection, and data and AI-based solutions. Work closely with teams across the organization, from marketing to research and development, to analyze legal risks and choose optimal, innovative solutions.

• Ensure compliance with personal data protection regulations (GDPR), with a particular focus on data processing in complex IT systems and AI models. Create and implement Terms and Conditions and privacy policies for new technological solutions. Lead and optimize DPIA and LIA processes, manage international data transfers (SCCs, TIA), and handle incidents.

• Provide legal advice and risk assessment for innovative digital projects, including solutions based on artificial intelligence (AI), machine learning, digital health, and Big Data. Analyze and implement legal requirements related to new technologies, particularly in the context of new regulations (e.g., AI Act, Data Act).

• Actively participate in security incident management processes, provide advice on compliance with regulations (e.g., the NIS2 directive), and support the negotiation of information security requirements in agreements with key suppliers.

• Prepare and negotiate complex technology agreements, including SaaS, license, cloud, and data processing agreements with clients and key suppliers.

• Actively co-create and promote a culture based on ethics, transparency, and responsibility throughout the organization.

• Proactively identify legal and compliance risks and create strategies to mitigate them, ensuring the safe and sustainable operation of the company.

• Co-create, implement, and enforce internal policies and procedures that respond to the dynamically changing legal and business environment.

• Conduct training and workshops to increase legal awareness within the organization.

Who you are?

• A law degree and an in-depth, practical knowledge of civil law and GDPR. You also have a strong understanding of global regulatory trends like the AI Act, Data Act, and NIS2.

• A minimum of 5 years of experience in personal data protection (GDPR).

• Experience gained at a company in the IT, new technologies, pharmaceutical, or medical devices sectors, or at a law firm serving these industries.

• Practical knowledge of issues related to new technologies, digitization, and artificial intelligence.

• Fluent in written and spoken English, enabling free work in an international environment.

• Excellent analytical skills combined with a business approach and a focus on finding solutions.

• A keen interest and the ability to quickly learn about dynamically changing technological regulations.

• Excellent analytical skills combined with a business-oriented approach and a focus on finding solutions.

• You are a strategic legal professional with a passion for navigating the intersection of law, technology, and healthcare.

Nice to have:

• The title of legal advisor or attorney.

• Knowledge of regulations governing the activities of a pharmaceutical company (Pharmaceutical Law) and diagnostics (MDR/IVDR) and industry codes.

• Experience working with regulations regarding software as a medical device (SaMD) or digital health solutions in healthcare

What you get:

• Full-time employment based on the employment contract.

• Annual bonus payment based on your performance.

• Dedicated training budget (training, certifications, conferences, diversified career paths etc.).

• Recharge Fridays (2 Fridays off per quarter available).

• Take time Program (up to 3 months of leave to use for any purpose).

• Flex Location (possibility to perform our work from different places in the world for a certain period of time).

• Take Time for Charity (additional paid leave of maximum 2 weeks to engage in the charity action of your choice).

• Private healthcare (LuxMed packages) group life insurance (UNUM) and Multisport.

• Stock share purchase additions.

• Yearly sales of company laptops and cars and many more!

APPLY DIRECTLY

If you feel this offer suits a friend of yours, feel free to share it.

Want to know what it’s like to be a part of Roche IT first-hand? Check out our blog! https: //careers.roche.com/global/en/we-are-roche

The controller of your personal data is Roche Polska Sp. z o.o., ul. Domaniewska 28, 02-672 Warsaw. The data is processed for the purpose of recruitment. You have the right to access your data, rectify it, delete it, limit processing, transfer it and - if processing is based on your consent - withdraw this consent at any time. Contact the Data Protection Officer at: Ochrona.danych@ roche.com. More information on the principles of processing your personal data by Roche at the link: https: //www.roche.pl/pl/content/klauzula-informacyjna-rekrutacja-en.html

Roche Polska sp. z o.o. operates in full compliance with the law and does not tolerate any violations. Roche Polska sp. z o.o. has implemented a Procedure for Reporting Violations of Law. If you wish to report any irregularities related to our activities, all necessary information regarding the reporting process can be found on our website: https: //www.roche.pl/kontakt/ochrona-sygnalistow-zglaszanie-naruszen.

Who we are

A healthier future drives us to innovate. Together, more than 100’000 employees across the globe are dedicated to advance science, ensuring everyone has access to healthcare today and for generations to come. Our efforts result in more than 26 million people treated with our medicines and over 30 billion tests conducted using our Diagnostics products. We empower each other to explore new possibilities, foster creativity, and keep our ambitions high, so we can deliver life-changing healthcare solutions that make a global impact.

Let’s build a healthier future, together.