Merck Senior Specialist, IT Risk Management Treatment in Branchburg, New Jersey

Merck & Co., Inc. Kenilworth, N.J., U.S.A. known as Merck in the United States and Canada, is a global health care leader with a diversified portfolio of prescription medicines, vaccines and animal health products. The difference between potential and achievement lies in the spark that fuels innovation and inventiveness; this is the space where Merck has codified its legacy for over a century. Merck’s success is backed by ethical integrity, forward momentum, and an inspiring mission to achieve new milestones in global healthcare.

The Senior Specialist Risk Management position plays a key role in the identification, rating, and treatment of information risk. The position is responsible for assessing and mitigation of risk based on the Confidentiality, Integrity, and Availability of Information and the technology assets that store this information.

Key responsibilities of the position include:

  • Working with stake holders across IT and the Merck business to perform information security risk assessments, providing recommended remediation, and tracking the treatment of those risks.

  • Working with key IT stakeholders to identify, categorize, and provide oversight of the mitigation of top IT risks captured on the IT Risk Register.

  • Completing assessments in consideration of threat and vulnerability information and in accordance with standards such as NIST.

  • Evaluating and articulating inherent and residual risk of an asset based on threats, vulnerabilities, geo-political risks, compensating controls and other factors.

  • Metrics & Reporting of cyber risks to stakeholders including executive leadership.

  • Contribute to enterprise-wide risk mitigation programs, processes and technologies focusing effort on identification of the highest risks.

  • Ensure consistency in security collaboration with enterprise risk and other functions.

Education Minimum Requirement:

BA/BS in Engineering, Computer Science, Information Security, Information Systems or equivalent.

Required Experience and Skills:

  • At least 7 years of IT experience of which at least 3 years in Information Risk and Security.

  • Experience in incorporating Geo-political concerns, Threat adversaries and their techniques, tactics and procedures, vulnerabilities & compensating controls into computing risk of technology assets.

  • Experience with assessing cyber risk across Networks, Operating Systems, Applications, Databases, and other Information System technologies.

  • Experience in calculation of inherent and residual cyber-risk using standard frameworks and methodologies.

  • Strong knowledge of Cyber Security Frameworks including NIST-CSF.

  • Excellent communication and interpersonal skills.

Preferred Experience and Skills:

  • One or more security & risk certifications-CISSP, CISM, CISA, CRISC

  • Experience with Risk Scoring mechanisms and methods.

  • Experience with working with Data Models, designing risk algorithms for automated risk scoring.

  • Experience with IT

  • Experience working in a matrix environment with globally located teams.

Your role at Merck is integral to helping the world meet new breakthroughs that affect generations to come, and we’re counting on your skills and inventiveness to help make meaningful contributions to global medical advancement. At Merck, we’re inventing for life.

If you need assistance and/or a reasonable accommodation due to a disability during the application or the recruiting process, please send a request to staffingaadar@merck.com .

Search Firm Representatives Please Read Carefully:

Merck & Co., Inc. is not accepting unsolicited assistance from search firms for this employment opportunity. Please, no phone calls or emails. All resumes submitted by search firms to any employee at Merck via email, the Internet or in any form and/or method without a valid written search agreement in place for this position will be deemed the sole property of Merck. No fee will be paid in the event the candidate is hired by Merck as a result of the referral or through other means.

Visa sponsorship is not available for this position.

For more information about personal rights under Equal Employment Opportunity, visit:

EEOC Poster at http://www1.eeoc.gov/employers/upload/eeocselfprint_poster.pdf

EEOC GINA Supplement​ at http://www1.eeoc.gov/employers/upload/eeocginasupplement.pdf

Merck is an equal opportunity employer, Minority/Female/Disability/Veteran – proudly embracing diversity in all of its manifestations.

Job Compliance & Risk Management

Merck is an equal opportunity employer, Minority/Female/Disability/Veteran – proudly embracing diversity in all of its manifestations.

Title: Senior Specialist, IT Risk Management Treatment

Primary Location: NA-US-NJ-Branchburg

Requisition ID: COM000711