Technical Information Security Lead

Job Description

The Position

Technical Information Security Lead for Mergers, Acquisitions & Divestitures (MA&D)

The TISL for MA&D ensures technology and cybersecurity risks are identified, managed, and mitigated throughout the end-to-end integration of acquired companies into The Company’s technology environment. The role partners with IMO, Enterprise Risk, IT, Security, and business stakeholders to enable safe, efficient integrations aligned with Our policies and deal objectives.

What will you do?

• Integration Risk Assessment: Perform IT and cybersecurity risk assessments at deal close and through each phase; map critical systems, data flows, identities, access models, and third-party dependencies to The Company’s integration blueprint; define risk acceptance criteria and tolerances.
• Continuous Monitoring: Establish milestone-based checkpoints (Day 1, TSA, cutovers, migrations, identity consolidation, decommissioning); track key risk indicators; maintain a live risk register per acquisition.
• Intelligence-Driven Evaluation: Apply The Company’s threat intelligence, vulnerability advisories, and sector developments to active integrations; quantify impact/likelihood; provide timely decision support.
• Mitigation Strategy: Recommend pragmatic, time-bound controls that reduce material risk without unnecessary tooling; prioritize lightweight measures (hardening, segmentation, access containment, monitoring); define interim and final control states.
• Governance & Alignment: Embed risk criteria in cutover plans, TSAs, and decommission schedules; drive risk-based go/no-go decisions; present clear risk narratives and document decisions.
• Third-Party & Data Risk: Assess inherited vendors and external integrations; advise on continuity/exit; ensure data classification, retention, residency, privacy, and regulatory compliance during migrations; coordinate logging and evidence for audit.
• Incident Preparedness & Response: Ensure coverage for acquired environments (roles, runbooks, escalation); lead/support triage and containment; capture lessons learned.
• Documentation & Reporting: Maintain standardized frameworks and templates; deliver concise dashboards/status reports; track control effectiveness and residual risk to integration completion.
• Continuous Improvement: Identify patterns across acquisitions; develop reusable controls and playbooks; refine M&A due diligence, TSA language, and integration.

Qualifications, Skills & Experience Required

• Bachelor’s degree in information technology, cybersecurity, computer science, or related field (or equivalent experience).
• Relevant security or risk certifications preferred (CISSP, CISM, CISA, CRISC, GSEC) but not required.
• Project management and data governance, data science or privacy credentials are beneficial.
• Experience in cybersecurity, IT risk management, IT compliance, IT audit, or related fields.
• Experience performing risk assessments and advising technical and business stakeholders on security controls and remediation.
• Practical experience with cloud, application, platform, software delivery, AI or data and analytics security.
• Experience with SDLC and agile/DevOps practices, integrating security controls into CI/CD pipelines.
• Experience in regulated industries is preferred but not mandatory.
• Technical depth in security controls, threats, vulnerabilities, and mitigation strategies across technology, platforms, AI and data.
• Strong business acumen with the ability to explain technical risk in business terms and produce clear, actionable recommendations.
• Proven problem-solving and analytical skills; able to prioritize based on risk and value.
• Strong stakeholder management and communication skills; able to influence without formal authority.
• Comfortable working independently and within cross-functional teams; adaptable in a fast-paced environment.
• High emotional intelligence and a collaborative mindset.

What we offer

• Exciting work in a great team, global projects, international environment.
• Opportunity to learn and grow professionally within the company globally.
• Hybrid working model, flexible role pattern (e.g., even 80% full-time is possible in justified cases). 
• Pension and health insurance contributions. 
• Internal reward system plus referral programme. 
• 5 weeks annual leave, 5 sick days, 15 days of certified sick leave paid above statutory requirements annually, 40 paid hours annually for volunteering activities, 12 weeks of parental contribution. 
• Cafeteria for tax free benefits according to your choice (meal vouchers, sport, culture, health, travel, etc.), Multisport Card. 
• Vodafone, Raiffeisen Bank and Foodora discount programmes. 
• Up-to-date laptop and iPhone.
• Parking in the garage, showers, refreshments, massage chairs, library, music corner.
• Competitive salary, incentive pay, and many more. 

Ready to take up the challenge? Apply now! 
Know anybody who might be interested? Refer this job!

Required Skills:

Business Acumen, Computer Science, Cybersecurity, Cybersecurity Risk Management, Data Governance, Data Management, Information Security, Information Technology (IT) Risk Management, IT Compliance Management, IT Risk Assessments, IT Risk Governance, IT Risk Response and Reporting, Knowledge of regulations and frameworks, Mergers and Acquisitions (M&A), Risk Assessments, Security Controls, Stakeholder Communications, Stakeholder Management, Technical Advice, Technology Risk

Preferred Skills:

Current Employees apply HERE

Current Contingent Workers apply HERE

Search Firm Representatives Please Read Carefully 
Merck & Co., Inc., Rahway, NJ, USA, also known as Merck Sharp & Dohme LLC, Rahway, NJ, USA, does not accept unsolicited assistance from search firms for employment opportunities. All CVs / resumes submitted by search firms to any employee at our company without a valid written search agreement in place for this position will be deemed the sole property of our company.  No fee will be paid in the event a candidate is hired by our company as a result of an agency referral where no pre-existing agreement is in place. Where agency agreements are in place, introductions are position specific. Please, no phone calls or emails. 

Employee Status:

Regular

Relocation:

Domestic

VISA Sponsorship:

No

Travel Requirements:

No Travel Required

Flexible Work Arrangements:

Hybrid

Shift:

Not Indicated

Valid Driving License:

No

Hazardous Material(s):

n/a

Job Posting End Date:

06/24/2026

*A job posting is effective until 11:59:59PM on the day BEFORE the listed job posting end date. Please ensure you apply to a job posting no later than the day BEFORE the job posting end date.