Now hiring

Information Technology Risk Management and Security Senior Specialist @ MSD

CZE - Central Bohemian - Prague (IT Riverview)OnsiteFull-timePosted 9 days ago

Opens on the employer's site

About this role

Job Description

The Position Information Technology Risk Management and Security (ITRMS) – Business Technology Risk (BTR) is a critical function supporting Pharmaceutical R&D, Manufacturing/Supply Chain, and Commercial organizations. Within BTR, the Business Information Risk Office (BIRO) Advisory Services team partners with IT and business stakeholders to anticipate and address technology risks, maintain regulatory compliance (e.g., GxP, SOX, HIPAA), enable business objectives, and own customer experience with ITRMS. BTR collaborates across the enterprise to serve patients and customers worldwide, applying deep risk, security, and compliance expertise to help the business adopt technology safely and efficiently, driving productivity, protecting data integrity and patient safety, and advancing our Company’s impact on global medical innovation. The Sr. Specialist, Technical Information Security Lead (TISL) aligns cybersecurity, risk, and compliance with business objectives. Partnering across Technology organizations, this role proactively identifies, assesses, and manages information security and compliance risks while enabling innovation and growth. The Sr. Specialist provides subject-matter expertise, executes risk and compliance processes, and delivers actionable insights for informed decisions and effective mitigation. This role governs risk for all IT systems managed by Technology, on-premises and cloud, fostering a secure, compliant, risk-aware culture. The ideal candidate combines deep technical expertise, strong business acumen, and excellent stakeholder management, translating complex cybersecurity concepts into business terms and influencing a risk-aware culture across Technology and newly acquired businesses.

What will you do?

• Serve as a primary risk advisor to technology and product teams; translating security risks into business impact and actionable recommendations. • Participate in planning forums, product roadmaps, and program governance to ensure security is included early (shift-left). • Translate enterprise security policies into practical, business-aligned guidance and manage exception handling; escalate material risks to leadership when appropriate. • Engage platform and delivery teams early to embed security and compliance in strategies and designs; facilitate informed risk response decisions. • Maintain prioritized risk registers with clear ownership; drive risk response decisions with accountable owners and delegated approvers. • Conduct and document risk assessments (e.g. applications, cloud services, infrastructure, platforms, data and artificial intelligence, and third parties) and gap analyses aligned to enterprise policies and applicable regulations. • Recommend and help implement risk-based security controls, compensating measures, and remediation plans tailored to operational contexts. • Track remediation to closure and provide periodic risk reporting, highlighting residual risk, trends, and material escalations. • Review architecture, design, and operational controls for systems, applications, cloud environments, and enterprise platforms; identify opportunities to strengthen resilience. • Partner with solution and platform owners to validate guardrails and control effectiveness, including identity and access management, segregation of duties, configuration baselines, change and release, backup and recovery, and integration security. • Support incident investigations and coordination with the Cyber Fusion Center; identify root causes and drive corrective actions. • Support development and operationalization of security standards, policies, reference architectures, patterns, and guardrails; enable reusable and automated controls where feasible, aligning with NIST and ISO frameworks • Participate in assurance activities such as control testing, audits, and compliance assessments and support remediation efforts. • Monitor emerging technologies and regulatory changes, including cloud, data, artificial intelligence, and platform governance; evaluate impacts and update standards and guardrails accordingly. • Collaborate with risk, technology, and business stakeholders to promote a risk-aware culture and practical security behaviors across technology divisions • Deliver targeted security awareness and training for technology division teams, tailored to their roles and operational processes. • Act as a subject-matter expert in cross-functional working groups and project teams.

Qualifications, Skills & Experience Required

• Bachelor’s degree in information technology, cybersecurity, computer science, or related field (or equivalent experience). • Relevant security or risk certifications preferred (CISSP, CISM, CISA, CRISC, GSEC) but not required. • Project management and data governance, data science or privacy credentials are beneficial. • Experience in cybersecurity, IT risk management, IT compliance, IT audit, or related fields. • Experience performing risk assessments and advising technical and business stakeholders on security controls and remediation. • Practical experience with cloud, application, platform, software delivery, AI or data and analytics security. • Experience with SDLC and agile/DevOps practices, integrating security controls into CI/CD pipelines • Experience in regulated industries is preferred but not mandatory. • Technical depth in security controls, threats, vulnerabilities, and mitigation strategies across technology, platforms, AI and data. • Strong business acumen with the ability to explain technical risk in business terms and produce clear, actionable recommendations. • Proven problem-solving and analytical skills; able to prioritize based on risk and value. • Strong stakeholder management and communication skills; able to influence without formal authority. • Comfortable working independently and within cross-functional teams; adaptable in a fast-paced environment. • High emotional intelligence and a collaborative mindset.

What we offer

• Exciting work in a great team, global projects, international environment. • Opportunity to learn and grow professionally within the company globally. • Hybrid working model, flexible role pattern (e.g., even 80% full-time is possible in justified cases). • Pension and health insurance contributions. • Internal reward system plus referral programme. • 5 weeks annual leave, 5 sick days, 15 days of certified sick leave paid above statutory requirements annually, 40 paid hours annually for volunteering activities, 12 weeks of parental contribution. • Cafeteria for tax free benefits according to your choice (meal vouchers, sport, culture, health, travel, etc.), Multisport Card. • Vodafone, Raiffeisen Bank and Foodora discount programmes. • Up-to-date laptop and iPhone. • Parking in the garage, showers, refreshments, massage chairs, library, music corner. • Competitive salary, incentive pay, and many more.

Ready to take up the challenge? Apply now! Know anybody who might be interested? Refer this job!

Required Skills: Business Acumen, Business Technology, Data Management, Information Security, Information Technology (IT) Risk Management, IT Project Implementation, IT Risk Assessments, IT Risk Governance, IT Risk Response and Reporting, IT Security Compliance, Knowledge of regulations and frameworks, Manufacturing, Patient Safety, Regulatory Compliance, Stakeholder Management, Technical Advice, Technology Risk, Technology Trends Preferred Skills:

Current Employees apply HERE

Current Contingent Workers apply HERE

Search Firm Representatives Please Read Carefully Merck & Co., Inc., Rahway, NJ, USA, also known as Merck Sharp & Dohme LLC, Rahway, NJ, USA, does not accept unsolicited assistance from search firms for employment opportunities. All CVs / resumes submitted by search firms to any employee at our company without a valid written search agreement in place for this position will be deemed the sole property of our company. No fee will be paid in the event a candidate is hired by our company as a result of an agency referral where no pre-existing agreement is in place. Where agency agreements are in place, introductions are position specific. Please, no phone calls or emails.

Employee Status: Regular Relocation: Domestic VISA Sponsorship: No Travel Requirements: No Travel Required Flexible Work Arrangements: Not Applicable Shift: Not Indicated Valid Driving License: No Hazardous Material(s): n/a Job Posting End Date: 07/20/2026*A job posting is effective until 11:59:59PM on the day BEFORE the listed job posting end date. Please ensure you apply to a job posting no later than the day BEFORE the job posting end date.

Ready to apply?

Install the ResuMinder extension and we'll auto-fill the application in seconds — no rewriting.

See how your CV scores — free
Information Technology Risk Management and Security Senior Specialist at MSD | ResuMinder Jobs