At Roche you can show up as yourself, embraced for the unique qualities you bring. Our culture encourages personal expression, open dialogue, and genuine connections, where you are valued, accepted and respected for who you are, allowing you to thrive both personally and professionally. This is how we aim to prevent, stop and cure diseases and ensure everyone has access to healthcare today and for generations to come. Join Roche, where every voice matters.

The Position

Location: Warsaw (hybrid)

Job title: Legal and Data Protection Partner

Join a team that’s shaping the future of healthcare. Our Legal and Compliance team is a key partner in Roche’s mission to deliver legally compliant actions conducted with the highest ethical standards. We are looking for a person who is ready to tackle the challenges of the digital era and help build a safe and innovative future with us.

Your goal will be to provide strategic support to the organization in delivering modern therapeutic solutions to patients. You will be a key partner for business teams, promoting a culture of ethics and compliance and navigating the company through a complex legal environment, with a focus on the digital and AI era and personal data protection.

The opportunity

• Act as a key partner in projects in Digital Health, telemedicine, cybersecurity, personal data protection, and data and AI-based solutions. Work with teams across the organization to analyze legal risks and select optimal, innovative solutions
• Ensure compliance with personal data protection regulations (GDPR), focusing on data processing in complex IT systems and AI models. Create and implement Terms and Conditions and privacy policies for new technologies. Lead DPIA and LIA processes, manage international data transfers (SCCs, TIA), and handle incidents
• Provide legal advice and risk assessment for innovative digital projects, including AI, machine learning, digital health, and Big Data. Address legal requirements related to new technologies, including AI Act and Data Act
• Participate in security incident management, advise on compliance with regulations (e.g., NIS2), and support negotiation of information security requirements with key suppliers
• Prepare and negotiate complex technology agreements (SaaS, license, cloud, data processing) with clients and key suppliers
• Promote a culture based on ethics, transparency, and responsibility throughout the organization
• Identify legal and compliance risks and develop mitigation strategies to ensure safe and sustainable operation
• Co-create, implement, and enforce internal policies and procedures responsive to changing legal and business environments
• Conduct training and workshops to increase legal awareness within the organization

Who you are

• A law degree with practical knowledge of civil law and GDPR. Understanding of AI Act, Data Act, and NIS2 is a plus
• Minimum of 5 years of experience in personal data protection (GDPR)
• Experience in IT, new technologies, pharmaceutical, or medical devices sectors, or at a law firm serving these industries
• Practical knowledge of issues related to new technologies, digitization, and artificial intelligence
• Fluent in written and spoken English
• Excellent analytical and problem-solving skills with a business mindset
• Ability to learn quickly about dynamic regulatory changes in technology
• You are a strategic legal professional at the intersection of law, technology, and healthcare

Nice to have

• Title of legal advisor or attorney
• Knowledge of Pharmaceutical Law and regulations for diagnostics (MDR/IVDR) and industry codes
• Experience with software as a medical device (SaMD) or digital health regulations in healthcare

What you get

• Full-time employment
• Annual bonus based on performance
• Dedicated training budget (training, certifications, conferences, diverse career paths)
• Recharge Fridays (2 Fridays off per quarter)
• Take time Program (up to 3 months of leave for any purpose)
• Flex Location (work from different places in the world for a period)
• Take Time for Charity (up to 2 weeks of additional paid leave)
• Private healthcare, group life insurance, and Multisport
• Stock purchase options

APPLY DIRECTLY

If you feel this offer suits a friend, feel free to share it.

Want to know what it’s like to be a part of Roche IT? Check out our blog: https://careers.roche.com/global/en/we-are-roche

The controller of your personal data is Roche Polska Sp. z o.o., ul. Domaniewska 28, 02-672 Warsaw. Your data is processed for recruitment purposes. You have rights to access, rectify, delete, restrict processing, transfer, and withdraw consent where applicable. Contact the Data Protection Officer at: Ochrona.danych@roche.com. More information on processing principles: https://www.roche.pl/pl/content/klauzula-informacyjna-rekrutacja-en.html

Roche Polska sp. z o.o. operates in full compliance with the law and has a Procedure for Reporting Violations of Law. If you wish to report irregularities, information is available on our website: https://www.roche.pl/kontakt/ochrona-sygnalistow-zglaszanie-naruszen

Roche is an Equal Opportunity Employer.

Seniority level: Associate

Employment type: Full-time

Job function: Legal

Industries: Pharmaceutical Manufacturing, Biotechnology Research, Medical Equipment Manufacturing