Business Information Security Officer/IT Privacy Steward

  • Merck
  • West Point, PA, USA
  • Sep 04, 2021
Full time Other

Job Description

Job Description

Information Technology Risk Management and Security has become an essential component of the current IT enterprise that provides IT & Automation support to the Pharmaceutical Research, Supply Chain and Marketing organizations. Increased risks in both the information security (e.g. cyber threats, malware, etc.) and the regulated areas have required that staff possessing such skills is fully embedded within the IT organization. The enterprise is now dependent on these security and compliance experts for identifying, escalating and remediating such IT Risks in a timely and efficient manner. Also, emerging technologies like cloud, mobility and data analytics require strong IT Risk and Compliance early involvement.

We are seeking energetic, forward thinking professionals to join our Information Technology group in Prague as an IT Business Information Security Officer and Privacy Steward. This position will act as the primary contact, in the Prague Hub for IT Privacy topics and as IT Business Information Security Officer with focus on EMEA.

You will have the opportunity to work on global teams to identify the biggest opportunities as well as tackle the biggest challenges at the intersection of healthcare, information and technology with a focus on cyber security.

Primary activities/responsibilities

  • Perform IT risk/privacy advisory for company stakeholders, their vendors and other 3rd party collaborators. This includes working with the IT organization and peer risk/privacy organizations (e.g. Physical Security, Supplier Management and Human Resources, Privacy Office) to identify IT/Privacy Risks globally and to provide consultative services to assess and prioritize those risks.

  • Ensure compliance with corporate information security/privacy policies and other industry standards.

  • Drive enterprise-wide risk mitigation programs, processes and technologies focusing effort on identification of the highest risks.

  • Elevate IT security/Privacy awareness in general and targeted audience within the organisation, service providers and other vendors

  • Review Privacy Impact Assessments for the organization

Ideal skillset

  • The candidate must possess strong individual qualities and work well in a highly diverse environment.

  • The candidate is expected to have excellent collaboration skills, communication, and conflict resolution skills. They must have proven ability to build strong working relationships within their organization and external to their organization.

  • The candidate must be self-motivated and act as an effective mentor for staff members

  • Familiarity with information security/privacy processes, solutions and products.

  • Solid technical understanding of IT, passion for problem solving and a desire to learn.

  • The candidate must be able to adapt and rapidly learn new technologies/technical concepts.

  • Ideally 3 years' experience in information security and/or IT Risk management, IT Privacy

  • Technical knowledge and understanding of SDLC and GxP principles.

  • Familiarity with relevant Industry Regulations, Standards, and Frameworks (NIST, ISO 27001, COBIT, GDPR,… and others)

Desired qualification

  • Relevant professional certifications are desired, such as CRISC, CISA, CISM, CIPP, CIPT

  • As the role contains both of IT Privacy expertise & IT Business Information Security duties we are quite flexible to split the full time into 2 part time roles; however, the IT Privacy is our priority

What we offer

  • Competitive salary

  • Position in leading global healthcare company

  • Global projects, international environment

  • Opportunity to learn and grow professionally within the company globally

  • Representative office in Prague

Wide range of benefits

  • Flexible working hours, home office

  • Yearly Bonus based on company and personal performance

  • Pension and health insurance contributions

  • Edenred Benefits + meal vouchers

  • Internal reward system - INSPIRE - with redeeming option as services, goods or vouchers

  • Up to date laptop and iPhone mobile device

Current Employees apply

Current Contingent Workers apply

Search Firm Representatives Please Read Carefully
Merck & Co., Inc., Kenilworth, NJ, USA, also known as Merck Sharp & Dohme Corp., Kenilworth, NJ, USA, does not accept unsolicited assistance from search firms for employment opportunities. All CVs / resumes submitted by search firms to any employee at our company without a valid written search agreement in place for this position will be deemed the sole property of our company. No fee will be paid in the event a candidate is hired by our company as a result of an agency referral where no pre-existing agreement is in place. Where agency agreements are in place, introductions are position specific. Please, no phone calls or emails.

Employee Status:

Project Temps (Fixed Term)


No relocation

VISA Sponsorship:

Travel Requirements:

Flexible Work Arrangements:


Valid Driving License:

Hazardous Material(s):

Number of Openings: