Executive Director, Product Security

Job Description

Our IT team operates as a business partner, proposing ideas and innovative solutions that enable new organizational capabilities. We collaborate internationally to deliver services and solutions that help everyone be more productive and compliant while enabling innovation.

The Executive Director of Cloud and Application Security reports directly to the head of Core Cyber Security Engineering, IT Risk Management and Security (ITRMS).

This pivotal role leads the effort to secure our global enterprise digital application environment, including data, cloud and SAAS environments. This position delivers critical insights to our customers.

This role collaborates with ITRMS Value Teams, Technology Infrastructure Operations and Experience, the CTO organization, and key stakeholder leadership across the IT organization. This role represents product security on the Operational Technology Council.

This role will lead their organization to deliver strategic technology outcomes and strengthen the security posture of our applications and of our company, while increasing customer satisfaction with our services.

Primary Responsibilities:

• Drive the strategic vision for the Cloud and Application Security Value Teams, encompassing product lines, products, and associated services for Application Security, Cloud Security, and their intersection.

• Cultivate a culture of automation, continuous improvement, and customer focus within the team, embracing DevSecOps, the Product Model, and related Agile ways of working. Extend this culture throughout the IT organization.

• Develop and maintain credibility with all stakeholders by being responsive, dependable, focused on value, and results-driven.

• Transform the existing Application and Cloud Security teams into a new operating model structured by capability, aligned with modern capability delivery and enablement.

• Develop and implement a comprehensive product security strategy, ensuring that security is integrated into the product development and runtime lifecycles.

• Lead development of product roadmaps for all products within the product line, including coordination with Value Teams and Product Lines in ITRMS, TIO&E, and CTO.

• Directly lead a staff of over 25 employees and 30+ partners that work in support of our mission. Set goals, objectives, and development plans for staff members, including skill development, career pathing and mentorship, performance management and feedback, diversity and inclusion, leadership development, and knowledge sharing.

• Responsible for the management and value realization of a ~$10M IT portfolio.

• Develop and maintain relationships with partners to advance our product security vision and ensure alignment with the company vision for modern infrastructure and application products.

• Lead related activities focused on technology decision-making, supplier negotiation, sourcing strategy, and supplier management practices.

• Act as a trusted advisor by fostering exceptional partnerships with IT leaders and business executives, ensuring a thorough grasp of business requirements.

Education Requirement:

• Bachelor’s degree in information security, computer science, business, or equivalent experience

Required Experience and Skills:

• 10+ years’ experience leading global teams in a management or leadership role.

• Experience planning, managing, and implementing information technologies at enterprise scale, in diverse hosting environments.

• Strong understanding of cybersecurity principles and best practices, including secure software development, threat modeling, secure coding practices, continuous integration/ continuous deployment (CI/CD), infrastructure as code (IAC), and related security technologies.

• Strong understanding of cloud architecture and enterprise systems on public and private clouds.

• Experience planning and implementing application infrastructure in a secure and compliant manner, complying with relevant regulatory frameworks.

• Strong understanding of risk management principles and experience in identifying, assessing, and mitigating security risks associated with product development and maintenance

• Strong leadership skills, including the ability to communicate effectively with cross-functional teams, executive leadership, business leaders, IT peers and external stakeholders, and colleagues globally.

• Demonstrates proactive, confident engagement with key stakeholders to understand the business' evolving IT requirements and proposing innovative, cost-effective solutions

• Demonstrates experience developing, leading, and implementing programs supporting our IT and company’s vision, including experience creating plans, roadmaps, and key results along with supporting financial analyses and budget deliverables.

• Exhibits executive composure and proficiency in conveying intricate technical concepts in clear and easily understandable business language.

• Demonstrates leadership in achieving shared objectives in a matrix organization, managing cross-division initiatives in a results-oriented fashion with a reputation for success.

• Ability to develop staff members in terms of professional development aligned with achieving personal and divisional goals and objectives.

• Ability to develop effective, influential written and verbal communications.

• Ability to advocate for and drive new ideas.

• 10+ years’ experience working in one or more of the following fields: information technology, cybersecurity, computer science, management, higher education, or a related field.

Preferred Experience and Skills:

• Knowledge of the NIST Cybersecurity Framework.

• Knowledge of Zero Trust concepts, including the Zero Trust Maturity Model.

• Knowledge of the MITRE ATT&CK Framework.

• Experience with Agile methodologies.

• Awareness of relevant industry business, information, and technology security evolution in and out of the life sciences domain.

• Understanding of Pharmaceutical and other regulations such as GxP, SOX, PCI, and data privacy.

NOTICE FOR INTERNAL APPLICANTS

In accordance with Managers' Policy - Job Posting and Employee Placement, all employees subject to this policy are required to have a minimum of twelve (12) months of service in current position prior to applying for open positions.

If you have been offered a separation benefits package, but have not yet reached your separation date and are offered a position within the salary and geographical parameters as set forth in the Summary Plan Description (SPD) of your separation package, then you are no longer eligible for your separation benefits package. To discuss in more detail, please contact your HRBP or Talent Acquisition Advisor.

Current Employees apply HERE

Current Contingent Workers apply HERE

US and Puerto Rico Residents Only:

Our company is committed to inclusion, ensuring that candidates can engage in a hiring process that exhibits their true capabilities. Please click here if you need an accommodation during the application or hiring process.

We are an Equal Opportunity Employer, committed to fostering an inclusive and diverse workplace.  All qualified applicants will receive consideration for employment without regard to race, color, age, religion, sex, sexual orientation, gender identity, national origin, protected veteran status, or disability status, or other applicable legally protected characteristics.  For more information about personal rights under the U.S. Equal Opportunity Employment laws, visit:

EEOC Know Your Rights

EEOC GINA Supplement​

Pay Transparency Nondiscrimination

We are proud to be a company that embraces the value of bringing diverse, talented, and committed people together. The fastest way to breakthrough innovation is when diverse ideas come together in an inclusive environment. We encourage our colleagues to respectfully challenge one another’s thinking and approach problems collectively.

Learn more about your rights, including under California, Colorado and other US State Acts

U.S. Hybrid Work Model

Effective September 5, 2023, employees in office-based positions in the U.S. will be working a Hybrid work consisting of three total days on-site per week, Monday - Thursday, although the specific days may vary by site or organization, with Friday designated as a remote-working day, unless business critical tasks require an on-site presence.This Hybrid work model does not apply to, and daily in-person attendance is required for, field-based positions; facility-based, manufacturing-based, or research-based positions where the work to be performed is located at a Company site; positions covered by a collective-bargaining agreement (unless the agreement provides for hybrid work); or any other position for which the Company has determined the job requirements cannot be reasonably met working remotely. Please note, this Hybrid work model guidance also does not apply to roles that have been designated as “remote”.

The Company is required to provide a reasonable estimate of the salary range for this job in certain states and cities within the United States. Final determinations with respect to salary will take into account a number of factors, which may include, but not be limited to the primary work location and the chosen candidate’s relevant skills, experience, and education.

Expected US salary range:

Available benefits include bonus eligibility, long term incentive if applicable, health care and other insurance benefits (for employee and family), retirement benefits, paid holidays, vacation, and sick days. A summary of benefits is listed here.

San Francisco Residents Only: We will consider qualified applicants with arrest and conviction records for employment in compliance with the San Francisco Fair Chance Ordinance

Los Angeles Residents Only: We will consider for employment all qualified applicants, including those with criminal histories, in a manner consistent with the requirements of applicable state and local laws, including the City of Los Angeles’ Fair Chance Initiative for Hiring Ordinance

Search Firm Representatives Please Read Carefully 
Merck & Co., Inc., Rahway, NJ, USA, also known as Merck Sharp & Dohme LLC, Rahway, NJ, USA, does not accept unsolicited assistance from search firms for employment opportunities. All CVs / resumes submitted by search firms to any employee at our company without a valid written search agreement in place for this position will be deemed the sole property of our company.  No fee will be paid in the event a candidate is hired by our company as a result of an agency referral where no pre-existing agreement is in place. Where agency agreements are in place, introductions are position specific. Please, no phone calls or emails. 

Employee Status:

Relocation:

VISA Sponsorship:

Travel Requirements:

Flexible Work Arrangements:

Shift:

Valid Driving License:

Hazardous Material(s):

Job Posting End Date:

*A job posting is effective until 11:59:59PM on the day BEFORE the listed job posting end date. Please ensure you apply to a job posting no later than the day BEFORE the job posting end date.