Employee story

Security as an enabler: Protecting the innovation from the inside out

#InformationSecurity #CyberSecurity #RocheCareers #Tech4Life
Phenomblogheader3

Protecting healthcare data isn't just about encryption - it's about protecting a patient's trust and a scientist's breakthrough. When I first joined the security world many years ago, a big part of my job was to protect the perimeter - to keep the 'bad' out at all costs. Nowadays, and especially in a healthcare environment, we have realized that a traditional 'fortress mindset' where outside is risky and inside is safe by default can actually be a risk. On top of that, making our security too rigid might slow down the very research that leads to a cure for a patient.

We hit a turning point when we shifted our mindset from seeing security as a 'gatekeeper' to seeing it as an enabler product. We realized that our true customers aren't just the systems, but the developers and scientists. Our mission became: How do we build a security so seamless and automated that our teams can innovate at high speed without ever having to worry about the 'walls'?"

"At Roche, we believe that the best security is seamless - it’s the safety net that allows our most ambitious ideas to take flight. As a leader in our Information Security function, Esteban is architecting a future in which protection and innovation go hand in hand. This is how we ensure that the next big medical breakthrough reaches the patient safely, securely,
and without delay."


Phenom-quotes10
Phenom-Header

img1

"Roche has more than 30 years of experience developing innovative treatments for respiratory diseases. We are committed to applying our expertise to understand the immune mechanisms that drive COPD, so that we can bring positive change for physicians, their patients, and health care systems."
Larry Tsai
Senior Vice President and Global Head of Immunology, Product Development
Security is often perceived as a 'stopper,' but the Information Security Function mindset is different: we want to make the right path safe and the wrong path difficult. Our primary goal is to be seamless. We provide tools like secure connections and single sign-on (SSO) that allow people to work safely without even noticing we are there. 

Of course, in a high-stakes environment, some friction is unavoidable. But instead of simply forbidding non-standard processes, we look at what’s being demanded and find ways to standardize and secure it. We continuously strive to ensure that the safe path is always the easiest one to follow. We do this by: 
 
  • Shifting Security Left: Embed Information Security from the very beginning in the lifecycle of all our systems and applications, so that Security risks are identified and mitigated early and that security controls such as automated vulnerability scanning or endpoint detection and response - among many others - are in place when a new application goes live.
  • Architecting Zero Trust: Implementing modern Identity and Access Management (IAM) frameworks to ensure that massive, sensitive datasets are globally accessible to the right customer while remaining completely secure and based on their context and not on their location. Being outside the wall is no longer bad, while being inside is not necessarily safe by default.
  • Security as Code: Developing internal Security APIs and tools that allow our product teams to be 'secure by design' from the first line of code, ensuring that safety is a feature, not a hurdle, and that our tools are AI-ready. 
 
For me, the real win isn't just a day without an incident - it’s seeing a life-saving application launch globally because we contributed to building the framework to make it safe. Knowing that the 'digital trust' I’m helping to build today allows our scientists to explore the treatments of tomorrow? That’s the kind of legacy you just don't find in standard tech roles.

Deepak Sondur 
Head of Applied AI, Roche Digital Technology 
Esteban Serrano
Head of Security Platforms
seperator
seperator
At Roche, we believe the most direct route to your goals isn't always a straight line. If your current growth is on 'pause,' it might be time for a strategic detour. Whether it’s gaining international leadership or finding a better lifestyle, your next dimension is waiting in Budapest.
We don’t just secure systems; we secure the breakthroughs that change the future of healthcare. At Roche, we protect the data that saves lives. Here, your skills are on the front lines of patient trust.
Secure the future with us