Job Description

Compliance Risk Analyst

Our company’s IT division partners with colleagues across the business to help serve our patients and customers around the world. Ours is a high-energy team of dynamic, innovative individuals dedicated to leveraging information and technology to efficiently drive revenue and productivity, thereby advancing our company’s contribution to global medical innovation. Join us in Prague as a Compliance Risk Analyst and be part of a team that is responsible for enabling innovation within ITRMS GRC Compliance through proactive and predictive compliance insights.

Responsibilities

• Analyze and prioritize IT risks

• Design Key Compliance Indicators (KCIs) and Key Risk Indicators (KRIs)

• Discover internal business reporting needs and data products that meet the reporting needs

• Develop report requirements and oversee analytics and report development from Proof of Concept to Production release

• Translate strategic objectives to project plans and manage day-to-day execution

• Keep leadership regularly apprised of project status

Qualifications

Required

• Bachelor's Degree (Concentration in an Information Technology discipline is preferred)

• 6-8 years of IT risk and compliance / IT audit experience

• Strong working knowledge of IAM concepts: provisioning/deprovisioning, RBAC, ABAC, SSO, MFA, privileged access management, and identity lifecycle

• Experience with access governance tools and identity providers

• Experience with risk and compliance frameworks

• Experience with business intelligence tools such as Power BI, Tableau, Spotfire or similar

• Strong analytical skills, attention to detail, and ability to translate technical findings into business risk and remediation plans

• Excellent verbal and written communication skills; ability to work with both technical and business stakeholders

• Skilled in designing, reporting and deliverables tailored to executive audiences

• Demonstrated ability to anticipate and proactively manage risks and roadblocks

Preferred

• CISA, CISSP, CIA, CISM or similar certifications

• Experience in cloud-native IAM governance controls

• Exposure to privileged access management (PAM) tools

• Basic understanding of SQL or Python

• Proficiency with Power BI, Tableau, Spotfire or similar tools

Required Skills:

Accountability, Business Data Analytics, Business Intelligence (BI), Business Reporting, Business Risks, Data Management, Enterprise Risk Management (ERM), Information Security, Information Technology (IT) Support, IT Risk Assessments, IT Risk Governance, IT Risk Response and Reporting, Key Risk Indicators, Knowledge of regulations and frameworks, Privileged Access Management Operations, Report Writing, Risk Control Self Assessment, Risk Management, Stakeholder Management, Technical Advice, Technology Risk, Written Communication

Preferred Skills:

Current Employees apply HERE

Current Contingent Workers apply HERE

Search Firm Representatives Please Read Carefully
Merck & Co., Inc., Rahway, NJ, USA, also known as Merck Sharp & Dohme LLC, Rahway, NJ, USA, does not accept unsolicited assistance from search firms for employment opportunities. All CVs / resumes submitted by search firms to any employee at our company without a valid written search agreement in place for this position will be deemed the sole property of our company. No fee will be paid in the event a candidate is hired by our company as a result of an agency referral where no pre-existing agreement is in place. Where agency agreements are in place, introductions are position specific. Please, no phone calls or emails.

Employee Status:

Regular

Relocation:

No relocation

VISA Sponsorship:

No

Travel Requirements:

10%

Flexible Work Arrangements:

Hybrid

Shift:

1st - Day

Valid Driving License:

No

Hazardous Material(s):

N/A

Job Posting End Date:

03/10/2026

*A job posting is effective until 11:59:59PM on the day BEFORE the listed job posting end date. Please ensure you apply to a job posting no later than the day BEFORE the job posting end date.