Manager – Technical Information Security Lead (TISL)

Merck Sharp & Dohme Corp • Full-time • India, IN • 1d ago

Job Description

Required Skills:

Data Management, Information Security, IT Risk Assessments, IT Risk Governance, IT Risk Response and Reporting, Knowledge of regulations and frameworks, Stakeholder Management, Technical Advice

Preferred Skills:

Current Employees apply HERE

Current Contingent Workers apply HERE

Secondary Language(s) Job Description:

Manager – Technical Information Security Lead (TISL)

The Opportunity

Based in Hyderabad, join a global healthcare biopharma company and be part of a 130- year legacy of success backed by ethical integrity, forward momentum, and an inspiring mission to achieve new milestones in global healthcare.
Be part of an organisation driven by digital technology and data-backed approaches that support a diversified portfolio of prescription medicines, vaccines, and animal health products.
Drive innovation and execution excellence. Be a part of a team with passion for using data, analytics, and insights to drive decision-making, and which creates custom software, allowing us to tackle some of the world's greatest health threats.

Our Technology Centers focus on creating a space where teams can come together to deliver business solutions that save and improve lives. An integral part of our company’s IT operating model, Tech Centers are globally distributed locations where each IT division has employees to enable our digital transformation journey and drive business outcomes. These locations, in addition to the other sites, are essential to supporting our business and strategy.

A focused group of leaders in each Tech Center helps to ensure we can manage and improve each location, from investing in growth, success, and well-being of our people, to making sure colleagues from each IT division feel a sense of belonging to managing critical emergencies. And together, we must leverage the strength of our team to collaborate globally to optimize connections and share best practices across the Tech Centers.

Primary Responsibilities

Business Partnership and Advisory

Serve as a primary risk advisor to technology and product teams; translate security risks into business impact and actionable recommendations.
Participate in planning forums, product roadmaps, and program governance to ensure security is included early (shift-left).
Translate enterprise security policies into practical, business-aligned guidance and manage exception handling; escalate material risks to leadership when appropriate.
Engage platform and delivery teams early to embed security and compliance in strategies and designs; facilitate informed risk response decisions.

Risk Assessment and Governance Support

Maintain prioritized risk registers with clear ownership; drive risk response decisions with accountable owners and delegated approvers.
Conduct and document risk assessments (e.g. applications, cloud services, infrastructure, platforms, data and artificial intelligence, and third parties) and gap analyses aligned to enterprise policies and applicable regulations.
Recommend and help implement risk-based security controls, compensating measures, and remediation plans tailored to operational contexts.
Track remediation to closure and provide periodic risk reporting, highlighting residual risk, trends, and material escalations.

Technical Risk Management and Cybersecurity

Review architecture, design, and operational controls for systems, applications, cloud environments, and enterprise platforms; identify opportunities to strengthen resilience.
Partner with solution and platform owners to validate guardrails and control effectiveness, including identity and access management, segregation of duties, configuration baselines, change and release, backup and recovery, and integration security.
Support incident investigations and coordination with the Cyber Fusion Center; identify root causes and drive corrective actions.

Program Execution and Standards

Support development and operationalization of security standards, policies, reference architectures, patterns, and guardrails; enable reusable and automated controls where feasible, aligning with NIST and ISO frameworks
Participate in assurance activities such as control testing, audits, and compliance assessments and support remediation efforts.
Monitor emerging technologies and regulatory changes, including cloud, data, artificial intelligence, and platform governance; evaluate impacts and update standards and guardrails accordingly.

Stakeholder Engagement and Awareness

Collaborate with risk, technology, and business stakeholders to promote a risk-aware culture and practical security behaviors across technology divisions
Deliver targeted security awareness and training for technology division teams, tailored to their roles and operational processes.
Act as a subject-matter expert in cross-functional working groups and project teams.

Qualifications

Education and Certifications

Bachelor’s degree in information technology, cybersecurity, computer science, or related field (or equivalent experience).
Relevant security or risk certifications preferred (CISSP, CISM, CISA, CRISC, GSEC) but not required.
Project management and data governance, data science or privacy credentials are beneficial.

Experience

Experience in cybersecurity, IT risk management, IT compliance, IT audit, or related fields.
Experience performing risk assessments and advising technical and business stakeholders on security controls and remediation.
Practical experience with cloud, application, platform, software delivery, AI or data and analytics security.
Experience with SDLC and agile/DevOps practices, integrating security controls into CI/CD pipelines
Experience in regulated industries is preferred but not mandatory.

Skills and Competencies
Technical depth in security controls, threats, vulnerabilities, and mitigation strategies across technology, platforms, AI and data.
Strong business acumen with the ability to explain technical risk in business terms and produce clear, actionable recommendations.
Proven problem-solving and analytical skills; able to prioritize based on risk and value.
Strong stakeholder management and communication skills; able to influence without formal authority.
Comfortable working independently and within cross-functional teams; adaptable in a fast-paced environment.
High emotional intelligence and a collaborative mindset.

Who we are

We are known as Merck & Co., Inc., Rahway, New Jersey, USA in the United States and Canada and MSD everywhere else. For more than a century, we have been inventing for life, bringing forward medicines and vaccines for many of the world's most challenging diseases. Today, our company continues to be at the forefront of research to deliver innovative health solutions and advance the prevention and treatment of diseases that threaten people and animals around the world.

What we look for

Imagine getting up in the morning for a job as important as helping to save and improve lives around the world. Here, you have that opportunity. You can put your empathy, creativity, digital mastery, or scientific genius to work in collaboration with a diverse group of colleagues who pursue and bring hope to countless people who are battling some of the most challenging diseases of our time. Our team is constantly evolving, so if you are among the intellectually curious, join us—and start making your impact today.

#HYDIT2025

Search Firm Representatives Please Read Carefully
Merck & Co., Inc., Rahway, NJ, USA, also known as Merck Sharp & Dohme LLC, Rahway, NJ, USA, does not accept unsolicited assistance from search firms for employment opportunities. All CVs / resumes submitted by search firms to any employee at our company without a valid written search agreement in place for this position will be deemed the sole property of our company. No fee will be paid in the event a candidate is hired by our company as a result of an agency referral where no pre-existing agreement is in place. Where agency agreements are in place, introductions are position specific. Please, no phone calls or emails.

Employee Status:

Regular

Relocation:

VISA Sponsorship:

Travel Requirements:

Flexible Work Arrangements:

Hybrid

Shift:

Valid Driving License:

Hazardous Material(s):

Job Posting End Date:

12/31/2025

*A job posting is effective until 11:59:59PM on the day BEFORE the listed job posting end date. Please ensure you apply to a job posting no later than the day BEFORE the job posting end date.