Specialist - IT Risk and Compliance Policy

Have you heard about MSD?


MSD is an innovative, global healthcare leader committed to improving health and well-being in 140 countries around the world. We continue to focus our research on conditions that affect millions of people around the world - diseases like Alzheimer's, Diabetes and Cancer - while further expanding our strengths in areas such as vaccines and biologics. We aspire to be the best healthcare company in the world and are dedicated to providing leading innovations and solutions for tomorrow.


MSD’s Information Technology division partners with colleagues across the business to help serve our patients and customers around the world. Ours is a high-energy team of dynamic, innovative individuals dedicated to advancing MSD’s contribution to global medical innovation by leveraging information and technology to efficiently advance the business by driving revenue and productivity.


Information Technology Risk Management and Security has become an essential component of the current IT enterprise that provides IT & Automation support to the Pharmaceutical Research, Supply Chain and Marketing organizations.  Increased risks in both the information security (e.g. cyber threats, malware, etc.) and the regulated areas have required that staff possessing such skills is fully embedded within the IT organization.  The enterprise is now dependent on these security and compliance experts for identifying, escalating and remediating such IT Risks in a timely and efficient manner.  Also, emerging technologies like cloud, mobility and data analytics require strong IT Risk and Compliance early involvement.


One of our colleague is taking maternity leave and we would like to have someone help us meet the challenge in her absence.


Essential Responsibilities:

  • Information Security policy issuance development, execution and best practices.
  • Assist with defining policy to ensure that MSD employees comply with global laws and regulations, while also balancing the requirements of both an agile workforce and a secure environment.
  • Assist to coordinate policy development with various organizations including the Global Compliance organization, Global Technical Organization, divisional IT leaders, and technical experts.
  • Provide consultancy to stakeholders regarding the interpretation of policy issuances and their implementation.
  • Help monitor laws, regulations, standards & risk to ensure policy issuances are current with the rapidly changing environment.
  • Drive compliance with policy issuances by leveraging ITRMS communications team and automation activities.
  • Assist with influencing the workforce to adopt new behaviours that protect the company’s information.
  • Assist with audit related preparation and remediation efforts.

Qualifications/ Education:

  • Minimum of 3 years’ experience in IT, audit, legal, information security, or IT Compliance.
  • Bachelor’s degree in Information Security, Computer Science, Business, or equivalent experience.
  • Superior written communications skills.
  • Excellent interpersonal and collaboration skills.
  • Ability to work both independently and collaboratively, with different teams across geographical regions.
  • Familiarity with laws, rules and regulations applicable to the Pharma industry.
  • Familiarity with NIST framework, ISO/IEC 27000 standards, GXP, PCI and other industry standards.
  • A foundational understanding of risk management.
  • Knowledge in IT security related to diverse platforms and technologies: Remote Access, VPN, firewalls, Anti-Virus systems, Data Leakage Protection, PKI environments, encryption technology, mobile devices, cloud computing, Windows, Unix/Linux, Macintosh, wireless, PCI.
  • Highly desirable:
    • Professional certifications: CISSP, CISA, CRISC or equivalent.
    • Internal Security Assessor certification a plus.

Your role at MSD is integral to helping the world meet new breakthroughs that affect generations to come, and we’re counting on your skills and inventiveness to help make meaningful contributions to global medical advancement. At MSD, we’re inventing for life.

I want to join

I'm applying for:

Specialist - IT Risk and Compliance Policy

Privacy Notice and User Agreement

What Personal Information is used and how long is it retained?

Taleo* uses Personal Information such as your name, contact information and other information necessary for the application process. This information may be used by the Human Resources (HR) organization to contact you at any time during your candidacy for employment, to send you announcements, or request other types of information as required. The retention period for Personal Information in Taleo is two years, which is the length of time that the company has determined the information is necessary for the purposes described in this Privacy Notice and User Agreement.

 

Who will have access to Personal Information in Taleo and how will they protect it?

Access to Personal Information in Taleo is limited to you, HR Personnel and limited IT support personnel, based on specific security roles and standard data authorization as outlined for all HR applications. Additionally, some countries utilize third party recruiters that will also have access to the information you input into Taleo. Taleo is hosted by a third party vendor, Oracle, based in the United States. Oracle may also use additional third party vendors to process personal data. Oracle has contractually committed to protect Personal Information and to process it only as instructed by our company, including the destruction of the Personal Information at the end of the retention period. Oracle has certified its compliance with the EU-U.S. Privacy Shield Framework for processing employee related Personal Information.
Access to Personal Information may be from within the country in which the individual to whom the data relates is based, or from any other country in which an authorized user of Taleo is based. While the country from which information is accessed may not have laws that protect Personal Information in the same way as the country in which you are based, all Personal Information in Taleo will be used in accordance with the Global Privacy Notice for Employment-Related purposes , any local privacy notices you receive, all applicable company policies with respect to the privacy and confidentiality of Personal Information, including, but not limited to our Global Privacy and Data Protection Policy and our Global Internet Privacy Policy and any additional requirements of the countries in which the employees to whom the data relate are based.

 

How do I update, correct or delete Personal Information in Taleo?

You have the right to access, rectify and delete your Personal Information that you provide and maintain in your Taleo Profile at any time. You can also request that the information be removed from our database by contacting the company’s Privacy Office. At any time you may decide no longer to use Taleo, raise a concern or make a complaint about your privacy or use or sharing of Personal Information about you by contacting the company’s Privacy Office.

 

End-User Agreement

Your agreement is required to use Taleo. If you agree to the terms, conditions and obligations described in this Data Privacy Notice and User Agreement, click on “I accept”. If you do not agree, do not click on “I accept”, and the application process will discontinue.

 

BY CLICKING “I ACCEPT”, I AUTHORIZE MERCK & CO., INC., KENILWORTH, NJ. USA, WHICH OPERATES AS MSD OUTSIDE OF THE USA AND CANADA TO STORE PERSONAL INFORMATION ABOUT ME IN A DATABASE MAINTAINED BY OUR THIRD PARTY VENDOR, ORACLE CORPORATION, LOCATED IN CHICAGO, ILLINOIS, UNITED STATES (HEADQUARTERED AT: 4140 DUBLIN BOULEVARD, SUITE 400, DUBLIN, CALIFORNIA 94568 UNITED STATES) AND TO PROCESS, TRANSMIT, USE, AND DISCLOSE PERSONAL INFORMATION ABOUT ME FOR PURPOSES OF THE APPLICATION PROCESS, FOR SENDING ANNOUNCEMENTS OF FUTURE JOB OPPORTUNITIES AS THEY BECOME AVAILABLE OR FOR ADMINISTRATION PURPOSES. SUCH DATA WILL BE TREATED IN ACCORDANCE WITH APPLICABLE LEGAL REQUIREMENTS OF THE COUNTRY OF SUBMISSION, THE COUNTRY IN WHICH A POSITION IS LOCATED WHOSE LAWS MAY NOT PROVIDE THE SAME PROTECTION AS THOSE IN THE COUNTRY IN WHICH I AM LOCATED, AND, WHEN USED IN THE U.S., WHERE APPLICABLE, WITH THE COMPANY’S CROSS BORDER PRIVACY RULES POLICY.

 

* What is Taleo?

Taleo is the global web-based applicant tracking platform used by Merck & Co., Inc., Kenilworth, NJ. USA, which operates as MSD outside of the USA and Canada, to enable the Company to source, assess, track and hire internal and external talent. The primary business purpose of Taleo is to facilitate an effective, consistent and efficient company-wide staffing process, through a single, integrated and automated global system of record for candidates and employees. Some collection and input of personal information by candidates in Taleo is required to facilitate the staffing application process. None of the information collected in Taleo is required by law.

 

Note: Merck & Co. Inc Kenilworth, NJ. USA, is known as Merck Sharp & Dohme or MSD in most countries outside of the U.S. and Canada.

Your application has been submitted successfully!
Thank you
Close
Oops, something went wrong :(
Please try again. If problem persist, contact our HR.
Try again Close

Your Internet Explorer is outdated.

This website can not be viewed with your browser!

Upgrade your browser to the latest version (Internet Explorer) or install another browser, like Firefox or Google Chrome