What you'd actually do

Serve as the primary cybersecurity and risk advisor to EIT, aligning security strategies with the business priorities.

Provide executive-level risk insights and recommendations to EIT leadership.

Ensure security and risk management practices are embedded in business processes, digital transformation initiatives, and operational decision-making.

Act as a bridge between ITRMS and EIT, translating technical risks into business impact.

Drive compliance with applicable global regulations and internal security policies by tailoring the requirements to EIT’s operational and regulatory context.

Skills

Required

Business Acumen
Cybersecurity
Data Management
Digital Transformation
Emotional Intelligence
Executive Presence
Information Security
Information Technology (IT) Risk Management
Information Technology Auditing
IT Compliance Management
IT Governance
IT Risk Assessments
IT Risk Governance
IT Risk Response and Reporting
Knowledge of regulations and frameworks
Risk Management
Risk Management and Mitigation
Security Solutions
Stakeholder Management
Technical Advice

Nice to have

Risk or security certification credentials (CISSP, GSEC, CISA, CISM, etc.) preferred.
Prior experience in the healthcare industry, with an understanding of the unique challenges in securing systems that support Finance, HR, and Legal areas prferred.
5+ years’ experience leading global teams in a management or leadership role, particularly in a fast-paced, service-oriented environment preferred.

Job Description

The Director, Business Information Risk Officer (BIRO) is a critical leadership role responsible for aligning cybersecurity, risk management, and compliance strategies with business objectives. This individual will act as a trusted advisor to the business leaders in the Enterprise IT (EIT) that supports our company’s Global Support Functions (GSF), such as Finance, HR, Legal, and Procurement, among others, ensuring that information security and compliance risks are proactively identified, assessed, and managed while enabling business innovation and growth.

This role provides risk governance for all IT systems managed by the EIT organization, whether they are hosted internally or in the cloud, fostering a secure, compliant, and risk-aware culture. Additionally, the BIRO maintains a continuous feedback loop with the Information Technology Risk Management & Security (ITRMS) team to enhance and align the risk management processes to the business goals.

The ideal candidate will possess deep technical expertise and working knowledge of industry standard platforms such as SAP S/4, Workday, etc., a strong understanding of business operations (particularly Finance, HR, Legal, and Procurement), and excellent leadership and stakeholder management skills. S/he must be able to translate complex Cybersecurity concepts into business language and influence stakeholders to drive a risk-aware culture across the EIT organization and any newly acquired businesses.

Primary Responsibilities:

Strategic Leadership & Business Partnership

Serve as the primary cybersecurity and risk advisor to EIT, aligning security strategies with the business priorities.
Provide executive-level risk insights and recommendations to EIT leadership.
Ensure security and risk management practices are embedded in business processes, digital transformation initiatives, and operational decision-making.
Act as a bridge between ITRMS and EIT, translating technical risks into business impact.

Risk Management & Governance

Drive compliance with applicable global regulations and internal security policies by tailoring the requirements to EIT’s operational and regulatory context.
Identify, design, and help implement risk-based security solutions that are practical, effective, and aligned with EIT business priorities.
Provide security and risk leadership for strategic IT programs, such as SAP S/4HANA implementation, ensuring integration of security and compliance throughout the program lifecycle.
Stay updated on new and emerging technologies (e.g., AI and Quantum) and new laws and regulations, and understand their impacts on the business.

Technical Expertise & Cyber Resilience

Work in unison with EIT IT Value Teams to establish secure design, implementation, and monitoring of IT systems, applications, and cloud environments.
Proactively identify opportunities to improve the cyber resilience capabilities of EIT systems.
Support the Cyber Fusion Center in handling Cyber incidents related to EIT
Understand emerging cyber threats, vulnerabilities, and attack vectors, and establish proactive risk mitigation strategies.

Leadership, Influence & Culture Building

Influence EIT stakeholders to foster a security-conscious culture without impeding business agility.
Drive security awareness programs that resonate with business functions.
Lead, mentor, and develop a high-performing risk and security team
Demonstrates high emotional intelligence (EQ) and executive presence (EP), effectively engaging with senior executives and key stakeholders.

Education and Experience Requirements:

Bachelor’s Degree in one or more of the following fields: information technology, cyber security, computer science, business administration, communications, or related field.
Knowledge of industry standard platforms such as SAP S/4, Workday, etc.
10+ years’ experience working in one or more of the following fields: cybersecurity, IT risk management, IT compliance, IT audit, information technology, or a related field.
5+ years’ experience leading global teams in a management or leadership role, particularly in a fast-paced, service-oriented environment preferred.
Prior experience in the healthcare industry, with an understanding of the unique challenges in securing systems that support Finance, HR, and Legal areas prferred.
Risk or security certification credentials (CISSP, GSEC, CISA, CISM, etc.) preferred.

Key Competencies

Technical Depth & Business Acumen – Ability to blend security knowledge with business understanding.
Problem-Solving Mindset – Proactive, strategic, and solutions-oriented approach.
Change Management – Experience driving security transformation across the supported organization.
Influence & Executive Presence (EP) – Strong stakeholder management and leadership skills.
High Emotional Intelligence (EQ) – Ability to navigate complex organizational dynamics.

**Required Skills: **

Business Acumen, Cybersecurity, Data Management, Digital Transformation, Emotional Intelligence, Executive Presence, Information Security, Information Technology (IT) Risk Management, Information Technology Auditing, IT Compliance Management, IT Governance, IT Risk Assessments, IT Risk Governance, IT Risk Response and Reporting, Knowledge of regulations and frameworks, Risk Management, Risk Management and Mitigation, Security Solutions, Stakeholder Management, Technical Advice

**Preferred Skills: **

Current Employees apply HERE

Current Contingent Workers apply HERE

US and Puerto Rico Residents Only:

Our company is committed to inclusion, ensuring that candidates can engage in a hiring process that exhibits their true capabilities. Please click here if you need an accommodation during the application or hiring process.

As an Equal Employment Opportunity Employer, we provide equal opportunities to all employees and applicants for employment and prohibit discrimination on the basis of race, color, age, religion, sex, sexual orientation, gender identity, national origin, protected veteran status, disability status, or other applicable legally protected characteristics. As a federal contractor, we comply with all affirmative action requirements for protected veterans and individuals with disabilities. For more information about personal rights under the U.S. Equal Opportunity Employment laws, visit:

EEOC Know Your Rights

EEOC GINA Supplement

We are proud to be a company that embraces the value of bringing together, talented, and committed people with diverse experiences, perspectives, skills and backgrounds. The fastest way to breakthrough innovation is when people with diverse ideas, broad experiences, backgrounds, and skills come together in an inclusive environment. We encourage our colleagues to respectfully challenge one another’s thinking and approach problems collectively.

Learn more about your rights, including under California, Colorado and other US State Acts

The salary range for this role is

$173,200.00 - $272,600.00

This is the lowest to highest salary we in good faith believe we would pay for this role at the time of this posting. An employee’s position within the salary range will be based on several factors including, but not limited to relevant education, qualifications, certifications, experience, skills, geographic location, government requirements, and business or organizational needs.

The successful candidate will be eligible for annual bonus and long-term incentive, if applicable.

We offer a comprehensive package of benefits. Available benefits include medical, dental, vision healthcare and other insurance benefits (for employee and family), retirement benefits, including 401(k), paid holidays, vacation, and compassionate and sick days. More information about benefits is available at https://jobs.merck.com/us/en/compensation-and-benefits.

You can apply for this role through https://jobs.merck.com/us/en (or via the Workday Jobs Hub if you are a current employee). The application deadline for this position is stated on this posting.

San Francisco Residents Only: We will consider qualified applicants with arrest and conviction records for employment in compliance with the San Francisco Fair Chance Ordinance

Los Angeles Residents Only: We will consider for employment all qualified applicants, including those with criminal histories, in a manner consistent with the requirements of applicable state and local laws, including the City of Los Angeles’ Fair Chance Initiative for Hiring Ordinance

**Search Firm Representatives Please Read Carefully ** Merck & Co., Inc., Rahway, NJ, USA, also known as Merck Sharp & Dohme LLC, Rahway, NJ, USA, does not accept unsolicited assistance from search firms for employment opportunities. All CVs / resumes submitted by search firms to any employee at our company without a valid written search agreement in place for this position will be deemed the sole property of our company. No fee will be paid in the event a candidate is hired by our company as a result of an agency referral where no pre-existing agreement is in place. Where agency agreements are in place, introductions are position specific. Please, no phone calls or emails.

**Employee Status: **

Regular

Relocation:

Domestic

VISA Sponsorship:

Travel Requirements:

10%

Flexible Work Arrangements:

Hybrid

Shift:

1st - Day

Valid Driving License:

Hazardous Material(s):

N/A

Job Posting End Date:

06/8/2026

***A job posting is effective until 11:59:59PM on the day BEFORE the listed job posting end date. Please ensure you apply to a job posting no later than the day BEFORE the job posting end date. **

Job Description

The Director, Business Information Risk Officer (BIRO) is a critical leadership role responsible for aligning cybersecurity, risk management, and compliance strategies with business objectives. This individual will act as a trusted advisor to the business leaders in the Enterprise IT (EIT) that supports our company’s Global Support Functions (GSF), such as Finance, HR, Legal, and Procurement, among others, ensuring that information security and compliance risks are proactively identified, assessed, and managed while enabling business innovation and growth.

This role provides risk governance for all IT systems managed by the EIT organization, whether they are hosted internally or in the cloud, fostering a secure, compliant, and risk-aware culture. Additionally, the BIRO maintains a continuous feedback loop with the Information Technology Risk Management & Security (ITRMS) team to enhance and align the risk management processes to the business goals.

The ideal candidate will possess deep technical expertise and working knowledge of industry standard platforms such as SAP S/4, Workday, etc., a strong understanding of business operations (particularly Finance, HR, Legal, and Procurement), and excellent leadership and stakeholder management skills. S/he must be able to translate complex Cybersecurity concepts into business language and influence stakeholders to drive a risk-aware culture across the EIT organization and any newly acquired businesses.

Primary Responsibilities:

Strategic Leadership & Business Partnership

Serve as the primary cybersecurity and risk advisor to EIT, aligning security strategies with the business priorities.
Provide executive-level risk insights and recommendations to EIT leadership.
Ensure security and risk management practices are embedded in business processes, digital transformation initiatives, and operational decision-making.
Act as a bridge between ITRMS and EIT, translating technical risks into business impact.

Risk Management & Governance

Drive compliance with applicable global regulations and internal security policies by tailoring the requirements to EIT’s operational and regulatory context.
Identify, design, and help implement risk-based security solutions that are practical, effective, and aligned with EIT business priorities.
Provide security and risk leadership for strategic IT programs, such as SAP S/4HANA implementation, ensuring integration of security and compliance throughout the program lifecycle.
Stay updated on new and emerging technologies (e.g., AI and Quantum) and new laws and regulations, and understand their impacts on the business.

Technical Expertise & Cyber Resilience

Work in unison with EIT IT Value Teams to establish secure design, implementation, and monitoring of IT systems, applications, and cloud environments.
Proactively identify opportunities to improve the cyber resilience capabilities of EIT systems.
Support the Cyber Fusion Center in handling Cyber incidents related to EIT
Understand emerging cyber threats, vulnerabilities, and attack vectors, and establish proactive risk mitigation strategies.

Leadership, Influence & Culture Building

Influence EIT stakeholders to foster a security-conscious culture without impeding business agility.
Drive security awareness programs that resonate with business functions.
Lead, mentor, and develop a high-performing risk and security team
Demonstrates high emotional intelligence (EQ) and executive presence (EP), effectively engaging with senior executives and key stakeholders.

Education and Experience Requirements:

Bachelor’s Degree in one or more of the following fields: information technology, cyber security, computer science, business administration, communications, or related field.
Knowledge of industry standard platforms such as SAP S/4, Workday, etc.
10+ years’ experience working in one or more of the following fields: cybersecurity, IT risk management, IT compliance, IT audit, information technology, or a related field.
5+ years’ experience leading global teams in a management or leadership role, particularly in a fast-paced, service-oriented environment preferred.
Prior experience in the healthcare industry, with an understanding of the unique challenges in securing systems that support Finance, HR, and Legal areas prferred.
Risk or security certification credentials (CISSP, GSEC, CISA, CISM, etc.) preferred.

Key Competencies

Technical Depth & Business Acumen – Ability to blend security knowledge with business understanding.
Problem-Solving Mindset – Proactive, strategic, and solutions-oriented approach.
Change Management – Experience driving security transformation across the supported organization.
Influence & Executive Presence (EP) – Strong stakeholder management and leadership skills.
High Emotional Intelligence (EQ) – Ability to navigate complex organizational dynamics.

**Required Skills: **

**Preferred Skills: **

Current Employees apply HERE

Current Contingent Workers apply HERE

US and Puerto Rico Residents Only:

EEOC Know Your Rights

EEOC GINA Supplement

Learn more about your rights, including under California, Colorado and other US State Acts

The salary range for this role is

$173,200.00 - $272,600.00

The successful candidate will be eligible for annual bonus and long-term incentive, if applicable.

You can apply for this role through https://jobs.merck.com/us/en (or via the Workday Jobs Hub if you are a current employee). The application deadline for this position is stated on this posting.

San Francisco Residents Only: We will consider qualified applicants with arrest and conviction records for employment in compliance with the San Francisco Fair Chance Ordinance

**Employee Status: **

Regular

Relocation:

Domestic

VISA Sponsorship:

Travel Requirements:

10%

Flexible Work Arrangements:

Hybrid

Shift:

1st - Day

Valid Driving License:

Hazardous Material(s):

N/A

Job Posting End Date:

06/8/2026

***A job posting is effective until 11:59:59PM on the day BEFORE the listed job posting end date. Please ensure you apply to a job posting no later than the day BEFORE the job posting end date. **

Director, Technology Risk Management

What you'd actually do

Skills

Required

Nice to have

What the JD emphasized

Primary Responsibilities:

Primary Responsibilities: