At Roche you can show up as yourself, embraced for the unique qualities you bring. Our culture encourages personal expression, open dialogue, and genuine connections,  where you are valued, accepted and respected for who you are, allowing you to thrive both personally and professionally. This is how we aim to prevent, stop and cure diseases and ensure everyone has access to healthcare today and for generations to come. Join Roche, where every voice matters.

The Position

The IAM Solution Architect is a high-impact technical leadership role accountable for the architectural integrity, long-term technical strategy, and evolution of the global Identity & Access Management ecosystem. Reporting directly to the Head of Identity & Access Management, you serve as a strategic technical advisor, bridging the gap between broad security goals and the tangible roadmap for our seven core enterprise IAM pillars.
While this is an individual contributor role with no direct reports, you are a vital member of the IAM Leadership Team (LT). You will orchestrate a broader ecosystem of technical leads and product leaders to ensure that every solution is desirable, feasible, viable, and sustainable. Your mission is to define the technical vision that enables a seamless, "Zero Trust" user experience while protecting the company’s most critical digital assets.
Your primary objective is to architect a unified Identity Fabric that balances the Information Security Strategy, ensures harmony across the IAM ecosystem, and guarantees an optimal end-user experience while protecting the company’s most critical digital assets.

Job Responsibilities

Strategy & Roadmap Definition

• Architectural Vision: Provide expert technical knowledge to define the overarching IAM strategy and multi-year technology roadmaps in alignment with the overall Information Security’s vision.

• Roadmap Support: Support the Head of IAM and the Leadership Team in transforming complex scientific and business needs into high-value technology solutions.

• Trend Integration: Proactively monitor market shifts and technology trends, including AI/ML capabilities, to inform product iterations and maintain a competitive advantage.

Cross-Functional Technical Leadership

• Product Leader Support: Provide technical consultancy and architectural oversight to the 7 IAM areas (Enterprise Identity, Access Management, Customer Identity, Data Access Control, Privileged Access Management, External Identity, and Directory Services).

• Zero Trust Catalyst: Champion modern principles such as "Never Trust, Always Verify" and "Policy-as-Code," ensuring these are integrated into CI/CD and DevSecOps workflows.

• Continuous Platform Evolution: Drive ongoing collaboration with RDT Functions and business stakeholders to ensure the continuous evolution of our IAM platforms, delivering services that meet emerging needs.

Technical Excellence & Lifecycle Management

• Lifecycle Oversight: Actively contribute to the lifecycle management of technological components, from initial ideation and strategic planning to decommissioning.

• Operational Integrity: Ensure that solutions integrate seamlessly with existing systems, deliver high performance, and provide an intuitive user experience.

• Compliance & Standards: Guarantee that all technical architectures comply with GxP, CSV, and global data privacy regulations like GDPR.

• Mentorship: Actively coach and provide technical guidance to specialists and engineers across the IAM organization to foster a strong product culture.

Qualifications

You are a technical visionary with an "Enterprise Mindset" who can break down silos and bring diverse groups together toward a common purpose. You are someone who wants to influence the development of global security standards and thrives in a complex, multi-national environment.

• 10+ years of successful technical experience supporting Enterprise IAM and IT Security systems in a major global organization.

• Industry Context: Experience in the pharmaceutical, biotechnology, or regulated healthcare industry is a significant asset.

• Bachelor’s or Advanced degree in Computer Science, Cyber Security, or a related Engineering field or equivalent experience.

• Technical Mastery: Deep knowledge in at least three of our core technology pillars or similar platform is required:

• Identity Governance & Administration: SailPoint IdentityIQ or IdentityNow / Identity Security Cloud (ISC).

• Access Management/Directory Services: Entra ID, Ping Identity, Active Directory, and OIDC/SAML.

• Privileged Access Management/Secret Management: CyberArk or HashiCorp Vault.

• Data Access Control: Policy-Based Access Control (PBAC).

• Customer IAM: SAP CDC/Gigya

• Security Standards: Professional certifications (CISSP, CISM, or CISA) are highly desirable.

Skills & Competencies

• Advanced Architecture: Understanding of modern software architecture, including microservices, APIs, and cloud platforms (AWS, Azure, GCP).

• DevOps & Automation: Experience with CI/CD principles and automation tools such as Ansible and Jenkins.

• Influencing: Exceptional communication and negotiation skills with the ability to manage expectations of senior executives and technical engineers alike.

• Languages: Excellent verbal and written English is a must.

Who we are

A healthier future drives us to innovate. Together, more than 100’000 employees across the globe are dedicated to advance science, ensuring everyone has access to healthcare today and for generations to come. Our efforts result in more than 26 million people treated with our medicines and over 30 billion tests conducted using our Diagnostics products. We empower each other to explore new possibilities, foster creativity, and keep our ambitions high, so we can deliver life-changing healthcare solutions that make a global impact.

Let’s build a healthier future, together.

Roche is an Equal Opportunity Employer.