Senior Specialist, IT Risk Analyst

Merck Sharp & Dohme Corp • Full-time • India, IN • 1w ago

Job Description

Senior Specialist, IT Risk Analyst

The Opportunity

Based in Hyderabad, join a global healthcare biopharma company and be part of a 130- year legacy of success backed by ethical integrity, forward momentum, and an inspiring mission to achieve new milestones in global healthcare.
Be part of an organisation driven by digital technology and data-backed approaches that support a diversified portfolio of prescription medicines, vaccines, and animal health products.
Drive innovation and execution excellence. Be a part of a team with passion for using data, analytics, and insights to drive decision-making, and which creates custom software, allowing us to tackle some of the world's greatest health threats.

Our Technology Centers focus on creating a space where teams can come together to deliver business solutions that save and improve lives. An integral part of our company’s IT operating model, Tech Centers are globally distributed locations where each IT division has employees to enable our digital transformation journey and drive business outcomes. These locations, in addition to the other sites, are essential to supporting our business and strategy.

A focused group of leaders in each Tech Center helps to ensure we can manage and improve each location, from investing in growth, success, and well-being of our people, to making sure colleagues from each IT division feel a sense of belonging to managing critical emergencies. And together, we must leverage the strength of our team to collaborate globally to optimize connections and share best practices across the Tech Centers.

Role Overview:

We are seeking a proactive AI Risk Specialist with deep expertise in AI risk management, third-party risk assessments (TPRA), and application security/vulnerability management with data modelling and analytics expertise

In this pivotal role, you will deliver high-quality risk assessment services aligned with our IT and Cyber Risk standards. You will drive strategic planning and execution of AI-focused risk assessments, third-party/vendor risk reviews, and perform data analytics on Risk insights to support BIRO and leadership for ensuring timely, comprehensive, and compliant outcomes across our technology and business ecosystem.

What you will do:

AI focused Risk Assessments and Third-Party Vendor Risk Assessments (TPRA),
Data analysis and Risk insight from the assessment with clear reporting and ability to visualize & represent the Risk
Model the Threat attack path for Asset and capture the Risk
Mentor and guide team members, fostering continuous improvement, accountability, and adoption of AI risk best practices.

Risk Assessment Execution

Triage risk assessment requests and review inherent risk questionnaires, engaging relevant contacts across business and IT.
Validate completeness and accuracy of inherent risk inputs; advance engagements through appropriate AI risk and TPRA phases.
Analyze assessment responses, including AI model risks, data lineage, model governance, privacy, bias/fairness, robustness, and security controls.
Categorize findings using predefined company guidance; document outcomes, rationale, and recommended treatments clearly and consistently.

Identify and escalate High-risk issues (e.g., AI model vulnerabilities, insecure integrations, third-party control gaps) to Risk Treatment teams.
Track remediation plans and milestones, ensuring timely resolution and verifiable risk reduction.

Represent the team in weekly governance meetings, document requests meticulously, and maintain the risk log.
Review and categorize documented requests, providing actionable insights and recommendations for AI risk, TPRA, and application security reviews.

What you should have:

Extensive experience in AI Risk Management (e.g., model risk governance, responsible AI, bias/fairness, explainability, robustness), third-party risk (TPRA), and application security/vulnerability management.
Strong analytical and collaborative Data-analytics skills, data interpretation and modelling, ability to interpret complex technical and risk data and translate into clear, pragmatic Risk insights.
Excellent communication and interpersonal skills; comfortable engaging engineers, data scientists, product owners, and business stakeholders.
Adequate knowledge of understanding risk frameworks and methodologies (e.g., NIST AI RMF, ISO/IEC 23894 for AI, NIST CSF, ISO 27001/27036, SOC 2, OWASP ASVS, OWASP Top 10, CVSS).
Experience with risk tooling and processes (e.g., GRC platforms, TPRA tools, vulnerability management systems, SBOM/secure supply chain practices).
Domain experience in regulated environments (pharmaceutical, healthcare, or similarly regulated sectors) is highly preferred.

Our technology teams operate as business partners, proposing ideas and innovative solutions that enable new organizational capabilities. We collaborate internationally to deliver services and solutions that help everyone be more productive and enable innovation.

Who we are:

We are known as Merck & Co., Inc., Rahway, New Jersey, USA in the United States and Canada and MSD everywhere else. For more than a century, bringing forward medicines and vaccines for many of the world's most challenging diseases. Today, our company continues to be at the forefront of research to deliver innovative health solutions and advance the prevention and treatment of diseases that threaten people and animals around the world.

What we look for:

Imagine getting up in the morning for a job as important as helping to save and improve lives around the world. Here, you have that opportunity. You can put your empathy, creativity, digital mastery, or scientific genius to work in collaboration with a diverse group of colleagues who pursue and bring hope to countless people who are battling some of the most challenging diseases of our time. Our team is constantly evolving, so if you are among the intellectually curious, join us—and start making your impact today.

#HYDIT2026

Required Skills:

Application Security, Data Management, Information Security, IT Risk Assessments, IT Risk Governance, IT Risk Response and Reporting, Knowledge of regulations and frameworks, Risk Analytics, Risk Reporting, Stakeholder Management, Technical Advice

Preferred Skills:

Current Employees apply HERE

Current Contingent Workers apply HERE

Search Firm Representatives Please Read Carefully
Merck & Co., Inc., Rahway, NJ, USA, also known as Merck Sharp & Dohme LLC, Rahway, NJ, USA, does not accept unsolicited assistance from search firms for employment opportunities. All CVs / resumes submitted by search firms to any employee at our company without a valid written search agreement in place for this position will be deemed the sole property of our company. No fee will be paid in the event a candidate is hired by our company as a result of an agency referral where no pre-existing agreement is in place. Where agency agreements are in place, introductions are position specific. Please, no phone calls or emails.

Employee Status:

Regular

Relocation:

VISA Sponsorship:

Travel Requirements:

Flexible Work Arrangements:

Hybrid

Shift:

Valid Driving License:

Hazardous Material(s):

Job Posting End Date:

02/9/2026

*A job posting is effective until 11:59:59PM on the day BEFORE the listed job posting end date. Please ensure you apply to a job posting no later than the day BEFORE the job posting end date.