Job Description

The Position

Information Technology Risk Management and Security (ITRMS) – Business Technology Risk (BTR) is a critical function supporting Pharmaceutical R&D, Manufacturing/Supply Chain, and Commercial organizations. Within BTR, the Business Information Risk Office (BIRO) Advisory Services team partners with IT and business stakeholders to anticipate and address technology risks, maintain regulatory compliance (e.g., GxP, SOX, HIPAA), enable business objectives, and own customer experience with ITRMS.

BTR collaborates across the enterprise to serve patients and customers worldwide, applying deep risk, security, and compliance expertise to help the business adopt technology safely and efficiently, driving productivity, protecting data integrity and patient safety, and advancing our Company’s impact on global medical innovation.

The Sr. Specialist, Technical Information Security Lead (TISL) aligns cybersecurity, risk, and compliance with business objectives. Partnering across Technology organizations, this role proactively identifies, assesses, and manages information security and compliance risks while enabling innovation and growth. The Sr. Specialist provides subject-matter expertise, executes risk and compliance processes, and delivers actionable insights for informed decisions and effective mitigation.

This role governs risk for all IT systems managed by Technology, on-premises and cloud, fostering a secure, compliant, risk-aware culture.

The ideal candidate combines deep technical expertise, strong business acumen, and excellent stakeholder management, translating complex cybersecurity concepts into business terms and influencing a risk-aware culture across Technology and newly acquired businesses.

What will you do?

• Engage directly with product teams to provide guidance and consultation on IT risk and controls associated with product and solution implementation and maintenance.
• Guide IT Teams in the compliance of company policies, procedures, and external regulations.
• Performing analysis to determine gaps in the security controls.
• Focusing on IT risks that affect the highest priority risks in the division.
• Providing risk-based input for effective decision-making on resource & investment allocations.
• Working with the division to ensure laws, regulations, policies, and key controls are satisfied.
• Develop remediation programs to reduce regulatory, security, and policy compliance risks.
• Support a positive culture change through continuous monitoring, awareness, education, partnering with industry standard leaders, and promoting best practices.
• Internal Audit (including SOX Testing) Monitoring and Response Guidance.
• Providing support for the Crown Jewel Program.

Qualifications, Skills & Experience Required

• University degree.
• Experience in cybersecurity and risk management.
• Solid working knowledge of Cyber security tools and processes.
• Strong background in Infrastructure risk management.
• Superior collaboration skills and communications skills.
• Ability to collaborate well in a matrix environment.
• Experience in leading cross-functional project teams with limited direct line responsibility.
• Project Management certification preferred.
• Ability to manage through complexity and ambiguity.

Nice to have

• Preferable IT background in infrastructure, software development or enterprise systems environment.
• Experience implementing systems utilizing SDLC methodology.
• Solid understanding of the protection of key business information assets.
• End to End mindset - a relentless ability to connect people, processes and information.
• Awareness of relevant industry business, information, and technology trends, in and out of pharma.
• CISA or Risk certification credentials desired but not mandatory.

What we offer

• Exciting work in a great team, global projects, international environment
• Opportunity to learn and grow professionally within the company globally
• Hybrid working model, flexible role pattern (e.g., even 80% full-time is possible in justified cases)
• Pension and health insurance contributions
• Internal reward system plus referral programme
• 5 weeks annual leave, 5 sick days, 15 days of certified sick leave paid above statutory requirements annually, 40 paid hours annually for volunteering activities, 12 weeks of parental contribution
• Cafeteria for tax free benefits according to your choice (meal vouchers, sport, culture, health, travel, etc.), Multisport Card
• Vodafone, Raiffeisen Bank and Foodora discount programmes
• Up-to-date laptop and iPhone
• Parking in the garage, showers, refreshments, massage chairs, library, music corner
• Competitive salary, incentive pay, and many more

Ready to take up the challenge? Apply now!
Know anybody who might be interested? Refer this job!

Required Skills:

Business Acumen, Business Technology, Data Management, Information Security, Information Technology (IT) Risk Management, IT Project Implementation, IT Risk Assessments, IT Risk Governance, IT Risk Response and Reporting, IT Security Compliance, Knowledge of regulations and frameworks, Manufacturing, Patient Safety, Regulatory Compliance, Stakeholder Management, Technical Advice, Technology Risk, Technology Trends

Preferred Skills:

Current Employees apply HERE

Current Contingent Workers apply HERE

Search Firm Representatives Please Read Carefully
Merck & Co., Inc., Rahway, NJ, USA, also known as Merck Sharp & Dohme LLC, Rahway, NJ, USA, does not accept unsolicited assistance from search firms for employment opportunities. All CVs / resumes submitted by search firms to any employee at our company without a valid written search agreement in place for this position will be deemed the sole property of our company. No fee will be paid in the event a candidate is hired by our company as a result of an agency referral where no pre-existing agreement is in place. Where agency agreements are in place, introductions are position specific. Please, no phone calls or emails.

Employee Status:

Regular

Relocation:

Domestic

VISA Sponsorship:

No

Travel Requirements:

No Travel Required

Flexible Work Arrangements:

Not Applicable

Shift:

Not Indicated

Valid Driving License:

No

Hazardous Material(s):

n/a

Job Posting End Date:

07/15/2026

*A job posting is effective until 11:59:59PM on the day BEFORE the listed job posting end date. Please ensure you apply to a job posting no later than the day BEFORE the job posting end date.