Technology Risk Management Senior Specialist

Job Description

The Position

The Business Information Risk role supports the alignment of cybersecurity risk management and compliance activities with Enterprise business objectives. This role partners with Enterprise teams business stakeholders and the Information Technology Risk Management & Security (ITRMS) organization to identify assess and mitigate information security and compliance risks across technology.

The position acts as a trusted risk advisor translating technical risk into business context and supporting the implementation of practical riskbased controls that enable safe business operations and innovation.

What will you do

• Serve as a primary risk advisor to Enterprise teams on assigned programs products or technology areas helping translate security risks into business impact and practical recommendations.
• Translate enterprise security policies into practical businessaligned implementation guidance and manage exception handling for the business unit.
• Participate in business planning forums product roadmaps and program governance to ensure security is included early (shiftleft).
• Support business stakeholders by providing clear actionable guidance for embedding security and privacy considerations into projects digital transformations and operational processes.
• Prepare and present risk findings assessments and mitigation proposals to IT and business stakeholders; escalate material risks to ITRMS or Enterprise leadership as appropriate.
• Maintain a prioritized risk register for the business unit and drive risk acceptance decisions with business owners and delegated risk approvers.
• Conduct and document risk assessments (e.g. application cloud thirdparty) and gap analyses aligned to Enterprise policies and relevant regulatory requirements.
• Recommend and help implement riskbased security controls compensating measures and remediation plans tailored to Enterprise operational contexts.
• Assist in maintaining risk registers and tracking remediation and compliance activities; contribute to periodic risk reporting.
• Work closely with Enterprise Value Teams and solution owners to review architecture design and operational controls for systems applications and cloud environments.
• Identify opportunities to strengthen cyber resilience (detection response recovery) and support implementation of monitoring and control improvements.
• Support incident investigations and coordination with the Cyber Fusion Center for Enterpriserelated security events; help identify root causes and remediation actions.
• Support development and operationalization of security standards policies and guidelines relevant to Enterprise.
• Participate in assurance activities such as control testing audits and compliance assessments and support remediation efforts.
• Stay informed of emerging technologies (e.g. AI cloud services) and regulatory changes; evaluate their potential security and compliance impacts and escalate concerns.
• Collaborate with risk technology and business stakeholders to promote a riskaware culture and practical security behaviors.
• Contribute to targeted security awareness initiatives and training for Enterprise teams tailored to role and business processes.
• Act as a subjectmatter expert in crossfunctional working groups or project teams.

Qualifications skills & experience required

• Bachelors degree in information technology cybersecurity computer science business administration or related field (or equivalent experience).
• Relevant security or risk certifications preferred (CISSP CISM CISA CRISC GSEC) but not required.
• Experience in cybersecurity IT risk management IT compliance IT audit or related fields.
• Experience performing risk assessments and advising technical and business stakeholders on security controls and remediation.
• Practical experience with cloud application or operational technology security is highly desirable.
• Prior experience supporting regulated industries (healthcare life sciences or manufacturing) is preferred but not mandatory.
• Technical depth in cybersecurity controls threats vulnerabilities and mitigation strategies across technology.
• Strong business acumen and ability to explain technical risk in business terms.
• Proven problemsolving and analytical skills; able to produce clear actionable recommendations.
• Good stakeholder management and communication skills; able to influence without formal authority.
• Comfortable working independently and as part of crossfunctional teams; adaptable in a fastpaced environment.
• High emotional intelligence and collaborative mindset.

What we offer

• Exciting work in a great team global projects international environment
• Opportunity to learn and grow professionally within the company globally
• Hybrid working model flexible role pattern (e.g. even 80% full-time is possible in justified cases)
• Pension and health insurance contributions
• Internal reward system plus referral programme
• 5 weeks annual leave 5 sick days 15 days of certified sick leave paid above statutory requirements annually 40 paid hours annually for volunteering activities 12 weeks of parental contribution
• Cafeteria for tax free benefits according to your choice (meal vouchers Lítačka sport culture health travel etc.) Multisport Card
• Vodafone Raiffeisen Bank and Foodora discount programmes
• Up-to-date laptop and iPhone
• Parking in the garage showers refreshments massage chairs library music corner
• Competitive salary incentive pay and many more

Ready to take up the challenge Apply now!
Know anybody who might be interested Refer this job!

Required Skills:

Preferred Skills:

Current Employees apply HERE

Current Contingent Workers apply HERE

Search Firm Representatives Please Read Carefully
Merck & Co. Inc. Rahway NJ USA also known as Merck Sharp & Dohme LLC Rahway NJ USA does not accept unsolicited assistance from search firms for employment opportunities. All CVs / resumes submitted by search firms to any employee at our company without a valid written search agreement in place for this position will be deemed the sole property of our company. No fee will be paid in the event a candidate is hired by our company as a result of an agency referral where no pre-existing agreement is in place. Where agency agreements are in place introductions are position specific. Please no phone calls or emails.

Employee Status:

Relocation:

VISA Sponsorship:

Travel Requirements:

Flexible Work Arrangements:

Shift:

Valid Driving License:

Hazardous Material(s):

Job Posting End Date:

*A job posting is effective until 11:59:59PM on the day BEFOREthe listed job posting end date. Please ensure you apply to a job posting no later than the day BEFORE the job posting end date.