Technical Information Security Lead

Job Description

The Position

Technical Information Security Lead for Mergers Acquisitions & Divestitures (MA&D)

The TISL for MA&D ensures technology and cybersecurity risks are identified managed and mitigated throughout the end-to-end integration of acquired companies into The Companys technology environment. The role partners with IMO Enterprise Risk IT Security and business stakeholders to enable safe efficient integrations aligned with Our policies and deal objectives.

What will you do

• Integration Risk Assessment: Perform IT and cybersecurity risk assessments at deal close and through each phase; map critical systems data flows identities access models and third-party dependencies to The Companys integration blueprint; define risk acceptance criteria and tolerances.
• Continuous Monitoring: Establish milestone-based checkpoints (Day 1 TSA cutovers migrations identity consolidation decommissioning); track key risk indicators; maintain a live risk register per acquisition.
• Intelligence-Driven Evaluation: Apply The Companys threat intelligence vulnerability advisories and sector developments to active integrations; quantify impact/likelihood; provide timely decision support.
• Mitigation Strategy: Recommend pragmatic time-bound controls that reduce material risk without unnecessary tooling; prioritize lightweight measures (hardening segmentation access containment monitoring); define interim and final control states.
• Governance & Alignment: Embed risk criteria in cutover plans TSAs and decommission schedules; drive risk-based go/no-go decisions; present clear risk narratives and document decisions.
• Third-Party & Data Risk: Assess inherited vendors and external integrations; advise on continuity/exit; ensure data classification retention residency privacy and regulatory compliance during migrations; coordinate logging and evidence for audit.
• Incident Preparedness & Response: Ensure coverage for acquired environments (roles runbooks escalation); lead/support triage and containment; capture lessons learned.
• Documentation & Reporting: Maintain standardized frameworks and templates; deliver concise dashboards/status reports; track control effectiveness and residual risk to integration completion.
• Continuous Improvement: Identify patterns across acquisitions; develop reusable controls and playbooks; refine M&A due diligence TSA language and integration.

Qualifications Skills & Experience Required

• Bachelors degree in information technology cybersecurity computer science or related field (or equivalent experience).
• Relevant security or risk certifications preferred (CISSP CISM CISA CRISC GSEC) but not required.
• Project management and data governance data science or privacy credentials are beneficial.
• Experience in cybersecurity IT risk management IT compliance IT audit or related fields.
• Experience performing risk assessments and advising technical and business stakeholders on security controls and remediation.
• Practical experience with cloud application platform software delivery AI or data and analytics security.
• Experience with SDLC and agile/DevOps practices integrating security controls into CI/CD pipelines.
• Experience in regulated industries is preferred but not mandatory.
• Technical depth in security controls threats vulnerabilities and mitigation strategies across technology platforms AI and data.
• Strong business acumen with the ability to explain technical risk in business terms and produce clear actionable recommendations.
• Proven problem-solving and analytical skills; able to prioritize based on risk and value.
• Strong stakeholder management and communication skills; able to influence without formal authority.
• Comfortable working independently and within cross-functional teams; adaptable in a fast-paced environment.
• High emotional intelligence and a collaborative mindset.

What we offer

• Exciting work in a great team global projects international environment.
• Opportunity to learn and grow professionally within the company globally.
• Hybrid working model flexible role pattern (e.g. even 80% full-time is possible in justified cases).
• Pension and health insurance contributions.
• Internal reward system plus referral programme.
• 5 weeks annual leave 5 sick days 15 days of certified sick leave paid above statutory requirements annually 40 paid hours annually for volunteering activities 12 weeks of parental contribution.
• Cafeteria for tax free benefits according to your choice (meal vouchers sport culture health travel etc.) Multisport Card.
• Vodafone Raiffeisen Bank and Foodora discount programmes.
• Up-to-date laptop and iPhone.
• Parking in the garage showers refreshments massage chairs library music corner.
• Competitive salary incentive pay and many more.

Ready to take up the challenge Apply now!
Know anybody who might be interested Refer this job!

Required Skills:

Preferred Skills:

Current Employees apply HERE

Current Contingent Workers apply HERE

Search Firm Representatives Please Read Carefully
Merck & Co. Inc. Rahway NJ USA also known as Merck Sharp & Dohme LLC Rahway NJ USA does not accept unsolicited assistance from search firms for employment opportunities. All CVs / resumes submitted by search firms to any employee at our company without a valid written search agreement in place for this position will be deemed the sole property of our company. No fee will be paid in the event a candidate is hired by our company as a result of an agency referral where no pre-existing agreement is in place. Where agency agreements are in place introductions are position specific. Please no phone calls or emails.

Employee Status:

Relocation:

VISA Sponsorship:

Travel Requirements:

Flexible Work Arrangements:

Shift:

Valid Driving License:

Hazardous Material(s):

Job Posting End Date:

*A job posting is effective until 11:59:59PM on the day BEFOREthe listed job posting end date. Please ensure you apply to a job posting no later than the day BEFORE the job posting end date.