Skip to main content

Director of Cloud Security & Risk Management

Job Description

Our IT team operates as a business partner proposing ideas and innovative solutions that enable new organizational capabilities. We collaborate internationally to deliver the services and solutions that help everyone to be more productive and enable innovation.

Reporting directly to the Leader of Strategy-Planning and Chief of Staff, IT Risk Management & Security, the Director of Cloud Security and Information Protection is responsible for leading a team tasked with implementing and operationalizing security requirements and business processes through patterns/profiles/services that align with the company security standards and policies.

The role serves as a:

  • Technical lead on all cyber matters from best practices to cloud controls covering required security requirements
  • Senior advisor to leadership concerning the cyber risk planning, development, design, procurement, maintenance and implementation of enterprise-level cloud systems
  • Champion in collaboration across IT organizations to facilitate the design, development, engineering and deployment of security controls used to protect data as it resides within or transits (internal/external) capabilities such as email; mobile and collaboration platforms
  • Partner with a team of peers in the Cloud COE, DevOps, and IT Risk Management & Security to ensure ongoing integration of Microsoft O365, Azure, AWS and other cloud platforms into the enterprise security framework

You will: 

  • Define the requirements, best practices and lead the collaborative development of system/service architecture, design and engineering
  • Define strategy, governance, and drive best practices for protecting company data
  • Establish a collaborative governance structure around the use of new cloud features to establish an agreed risk posture.
  • Function as a change agent to enable the cloud and digital transformation initiatives from a security perspective.
  • Be responsible for evaluating new solutions and developing the supporting elements required to incorporate new technologies in a safe and secure manner.
  • Produce architecture diagrams, blueprints and to bring solutions to reality with a DevSecOps mindset & culture.
  • Partner with platform and development teams to assess and close gaps in cloud security posture and data protection across the security disciplines
  • Ensure compliance with all requirements applied to cloud services and technology.


  • Act as point of contact for enterprise end-end data protection capabilities
  • Provide technical guidance and foster a collective understanding of data flows, data protection and security issues encountered in cloud applications, services and information traversing our eco-system.
  • Incorporate business drivers, needs and strategies to address future business / technology needs
  • Lead cloud security on assigned projects using any Cloud Service Provider (CSP)
  • Work closely with DevOps teams on Infrastructure as Code, Automation, and Orchestration
  • Provide expert knowledge of cloud and data security architecture and consult with business and other technology teams to address complex needs
  • Exhibit a high level of professional flexibility and propose innovative and new ideas
  • Driving the collaborative development of the technology strategy, technology standards, roadmaps, and practices
  • Collaborate with data analytics team to build security reference architectures and drive preventative security controls
  • Engage with IT stakeholders and business to prioritize and address emerging risks through the application of mitigating solutions


Education Minimum Requirement:

Bachelor's degree in Computer Science, Engineering, Management of Information Systems Security, or equivalent professional experience

Required Experience and Skills: 

  • Min 10 years’ experience in an information technology field with at least 5+ in the information security or risk management area
  • Possess 2-3 years of team or direct staff management
  • Solid leadership & collaboration skills, able to network with colleagues in both domestic and international locations.
  • Excellent knowledge of security architecture and engineering
  • Experience in large scale enterprise Cloud projects from ideation to production
  • Building or deploying cloud security capabilities with Azure offerings and services in Azure Commercial or the AWS equivalent products and services.     
  • Understanding of software/system delivery life cycle and accompanying technologies
  • Ability to relate security capabilities to business and IT strategies

Preferred Experience and Skills:

  • The ideal candidate will have extensive experience in cloud-based development and security management in IaaS, PaaS and SaaS environments.
  • Protection of both structured and unstructured data via the application of controls based on data classification
  • Digital Rights Management
  • Data Leakage Prevention
  • Mitigating the Common Vulnerabilities (OWASP Top 10)
  • Proficiency in mobile security concepts
  • Pharmaceutical and Regulatory exp a plus

Our Support Functions deliver services and makes recommendations about ways to enhance our workplace and the experience of working at our organization. Our Support Functions include HR, Finance, Information Technology, Legal, Procurement, Administration, Facilities and Security. 

Merck & Co., Inc., Kenilworth, New Jersey, USA is known as “Merck” in the United States, Canada & Puerto Rico. We are known as “MSD” in Europe, Middle East, Africa, Latin America & Asia Pacific. We are a global biopharmaceutical leader with a diverse portfolio of prescription medicines, oncology, vaccines and animal health products.

We are driven by our purpose to develop and deliver innovative products that save and improve lives. With 69,000 employees operating in more than 140 countries, we offer state of the art laboratories, plants and offices that are designed to Inspire our employees as we learn, develop and grow in our careers. We are proud of our 125 years of service to humanity and continue to be one of the world’s biggest investors in Research & Development.

What we look for …

In a world of rapid innovation, we seek brave Inventors who want to make an Impact in all aspects of our business, enabling breakthroughs that will affect generations to come. We encourage you to bring your disruptive thinking, collaborative spirit and diverse perspective to our organization. Together we will continue Inventing For Life, Impacting Lives while Inspiring Your Career Growth.





In accordance with Managers' Policy - Job Posting and Employee Placement, all employees subject to this policy are required to have a minimum of twelve (12) months of service in current position prior to applying for open positions.

If you have been offered a separation benefits package but have not yet reached your separation date and are offered a position within the salary and geographical parameters as set forth in the Summary Plan Description (SPD) of your separation package, then you are no longer eligible for your separation benefits package. To discuss in more detail, please contact your HRBP or Talent Acquisition Advisor.

Secondary Language(s) Job Description

If you need an accommodation for the application process please email us at

For more information about personal rights under Equal Employment Opportunity, visit:

EEOC Poster
EEOC GINA Supplement​

OFCCP EEO Supplement

OFCCP Pay Transparency Rule

We are an equal opportunity employer, Minority/Female/Disability/Veteran – proudly embracing diversity in all of its manifestations.

Search Firm Representatives Please Read Carefully 
Merck & Co., Inc., Kenilworth, NJ, USA, also known as Merck Sharp & Dohme Corp., Kenilworth, NJ, USA, does not accept unsolicited assistance from search firms for employment opportunities. All CVs / resumes submitted by search firms to any employee at our company without a valid written search agreement in place for this position will be deemed the sole property of our company.  No fee will be paid in the event a candidate is hired by our company as a result of an agency referral where no pre-existing agreement is in place. Where agency agreements are in place, introductions are position specific. Please, no phone calls or emails. 

Employee Status:



No relocation

VISA Sponsorship:


Travel Requirements:


Flexible Work Arrangements:

Not Specified


Not Indicated

Valid Driving License:


Hazardous Material(s):

Number of Openings:


Requisition ID:R33292

Director of Cloud Security & Risk Management

Austin, TX
Full Time

Published on 01/28/2020