Associate Director, Cyber Security Engineering

Branchburg, NJ, US
May 02 2018
Organization Type
Requisition ID: COM000599

Merck & Co., Inc. Kenilworth, N.J., U.S.A. known as Merck in the United States and Canada, is a global health care leader with a diversified portfolio of prescription medicines, vaccines and animal health products. The difference between potential and achievement lies in the spark that fuels innovation and inventiveness; this is the space where Merck has codified its legacy for over a century. Merck’s success is backed by ethical integrity, forward momentum, and an inspiring mission to achieve new milestones in global healthcare.

Merck’s Information Technology organization partners with colleagues across the business to help serve our patients and customers around the world. Ours is a high energy team of dynamic, innovative individuals dedicated to advancing Merck’s contribution to global medical innovation by leveraging information and technology to efficiently advance the business by driving revenue and productivity.  

Reporting directly to the Director of Security Engineering, IT Risk Management & Security, the Associate Director of Information Security Engineering is responsible for leading a team tasked with ensuring the secure development of all applications and infrastructure at Merck. The position is also responsible for designing, developing, and engineering the security tools used to protect, detect, and respond to a wide array of information risks. The position will work closely with the IT and Business to prioritize and address emerging risks through technology solutions, therefore the candidate must be able to relate security capabilities to business and IT strategies.

Key areas of focus include:


This is a leadership role within the IT organization and will be responsible for helping to direct the data and system protection information security strategy within the company. The leader must be experienced in the appropriate application and use of security processes and technologies. They must be a team player capable of influencing others and capable of rapid and disciplined decision-making. They will manage a team of 4-6 security engineers in the US, along with contractors/partners providing build services for engineering. They must be familiar with budgeting and finances as it pertains to security project portfolios.

Enterprise Application Security Engineering:

Oversee and direct the design, development, and deployment of security controls to protect Merck's critical applications and information while ensuring compliance with Merck’s corporate security policies and regulatory/legal requirements. Coordinate with other IT and Business organizations in collaboration with the ITRMS Information Risk Liaisons, Merck’s Privacy Office, HR, and Global Security to understand the risk appetite of the organization. Responsible for overseeing the development and integration of application security requirements into Merck's SDLC to ensure appropriate protection throughout the lifetime of the application.

Enterprise Infrastructure Security Engineering:

Work closely with the Global Technology Operations organization and ITRMS Information Risk Liaisons to ensure security controls are implemented into global infrastructure including cloud services, mobility solutions, unified communications, next generation networks, email/messaging systems, and directory services and that these services are protected from data loss or disruption. Collaborate with vendors, partners and standards setting bodies to define and communicate security requirements. Collaborate with IT Infrastructure leaders to ensure security technologies are properly configured and integrated into the infrastructure. Provide detailed direction and designs for ensuring security controls operating across the enterprise (end to end) are properly deployed and producing data to support the risk management function.

Security Tools & Technologies:

Oversee the selection, development and deployment of data and system protection security controls that support application security engineering and infrastructure security engineering. Current areas of focus include encryption, certificate and key management capabilities, content tagging/labeling, data loss prevention (DLP) expansion, network security, next generation malware detection and remediation, and security analytics. They must have an understanding in the areas of basic information security and risk management such as cybersecurity threats, vulnerability assessments, threat intelligence, incident response and controls, security architecture, active defense, intrusion detection, cloud security, and other related technical responsibilities. An understanding of the unique nature of the evolving healthcare/pharma regulatory environment would be a strong benefit. They must be able to keep on top of emerging/evolving technology trends and impact on security/risk posture (e.g., big data, machine learning, analytics, mobile technologies, virtualization)


This position can be located in: Branchburg, NJ; Rahway, NJ; or West Point, PA


Education Minimum Requirement:

  • Bachelor’s Degree with preference in computer science, electrical engineering, or other technical discipline.
Required Experience and Skills: .

  • Must have 2 years of staff management or team leadership experience
  • Must have experience or a good level of exposure to project finances.
  • Solid proven experience with engineering and delivering endpoint or network security solutions in a large enterprise.
  • Solid leadership & collaboration skills, able to collaborate with colleagues in both domestic and international locations.
  • Knowledge of SDLC practices
  • Experience working in a regulated environment
Preferred Experience and Skills:

  • Experience with staff management or team leadership experience.
  • Leadership role in an information security function and certifications or experience on specific security technologies and capabilities used at Merck.
  • Prior experience with network engineering and network security technologies and processes.  
Your role at Merck is integral to helping the world meet new breakthroughs that affect generations to come, and we’re counting on your skills and inventiveness to help make meaningful contributions to global medical advancement. At Merck, we’re inventing for life. 


If you need assistance and/or a reasonable accommodation due to a disability during the application or the recruiting process, please send a request to


Search Firm Representatives Please Read Carefully: 

Merck & Co., Inc. is not accepting unsolicited assistance from search firms for this employment opportunity.  Please, no phone calls or emails.  All resumes submitted by search firms to any employee at Merck via email, the Internet or in any form and/or method without a valid written search agreement in place for this position will be deemed the sole property of Merck.  No fee will be paid in the event the candidate is hired by Merck as a result of the referral or through other means.


Visa sponsorship is not available for this position.


For more information about personal rights under Equal Employment Opportunity, visit:


            EEOC Poster

            EEOC GINA Supplement 

Job: Compliance & Risk Management
Other Locations: Singapore-Singapore, SG; Prague, Prague, CZ; West Point, PA, US; Rahway, NJ, US
Employee Status: Regular
Travel: Yes, 5 % of the Time
Number of Openings: 1
Shift (if applicable): 1st
Hazardous Materials:
Company Trade Name: Merck