Description

Job DescriptionOur company’s IT division partners with colleagues across the business to help serve patients and customers around the world. We are a dynamic team of technology and risk professionals dedicated to leveraging data, security insights, and governance practices to strengthen our digital environment.Join us in Prague as a Compliance Risk Analyst and become part of the IT Risk Management & Security (ITRMS) Governance Risk and Compliance (GRC) team, where you will play a key role in providing data driven insights into IT risk and compliance to our leadership, in support of informed decisions. Responsibilities<ul><li>Analyze and prioritize IT risks</li><li>Discover internal business reporting needs and data products that meet the reporting needs.</li><li>Develop reporting requirements and oversee analytics and reporting solutions from Proof of Concept through Production release.</li><li>Analyze compliance and risk indicators for IT controls, with a strong focus on Access Management.</li><li>Translate strategic risk and compliance objectives into actionable delivery plans and initiatives.</li><li>Partner with platform, security, and engineering teams to design, influence, and drive implementation of agreed solutions.</li><li>Provide advisory input and practical guidance to platform teams, ensuring alignment with leadership decisions and enterprise standards.</li><li>Track remediation progress and control effectiveness, and proactively escalate risks and dependencies as needed.</li><li>Keep leadership regularly informed of risk trends, control effectiveness, and remediation status.</li></ul> QualificationsRequired<ul><li>Bachelor’s Degree (preferably in Information Technology, Cybersecurity, or Information Systems)</li><li>6-8 years of IT risk and compliance / IT audit experience</li><li>Strong hands-on knowledge of Identity & Access Management (IAM) concepts, including:<ul><li>Provisioning and deprovisioning</li><li>Identity lifecycle management</li><li>RBAC / ABAC</li><li>Single Sign-On (SSO)</li><li>Multi-Factor Authentication (MFA)</li><li>Privileged Access Management (PAM)</li></ul></li><li>Experience evaluating or auditing access governance processes and identity providers</li><li>Understanding of IT security and compliance frameworks (e.g., SOX ITGC, NIST)</li><li>Experience translating technical control findings into actionable risk insights and remediation plans</li><li>Strong analytical mindset with attention to detail and ability to interpret complex technical data</li><li>Excellent communication skills, with the ability to tailor messaging for technical teams, business partners, and executive leadership.</li></ul> Preferred<ul><li>Certifications such as CISA, CISSP, CISM, CIA, or similar</li><li>Experience in cloud-native IAM governance controls</li><li>Exposure to Privileged Access Management (PAM) solutions</li><li>Basic knowledge of SQL or Python for data analysis and reporting automation</li><li>Experience with data analytics and reporting tools such as Power BI, Tableau, Spotfire, or similar</li></ul>What we offer<ul><li>Exciting work in a great team, global projects, international environment</li><li>Opportunity to learn and grow professionally within the company globally</li><li>Hybrid working model, flexible role pattern</li><li>Competitive salary & incentive pay</li><li>Pension and health insurance contributions</li><li>Internal reward system and referral scheme</li><li>5 weeks annual leave, 5 sick days, 15 days of certified sick leave paid above statutory requirements annually, 40 paid hours annually for volunteering activities, 12 weeks of parental contribution</li><li>Cafeteria for tax free benefits according to your choice (meal vouchers, Lítačka, sport, culture, health, travel, etc.), Multisport Card</li><li>Vodafone, Raiffeisen Bank, Foodora, and discount programmes</li><li>Up-to-date laptop and iPhone</li><li>Parking in the garage, showers, refreshments, massage chairs, library, music corner </li></ul>Ready to take up the challenge? Apply now!Know anybody who might be interested? Refer this job! Required Skills: Analytics, Collaboration, Executive Communications, Identity Access Management (IAM), Information Technology (IT) Risk Management, Information Technology Auditing, IT Governance Risk and Compliance (GRC), Multi-Factor Authentication (MFA), Privileged Access Management (PAM), Role Based Access Control (RBAC), Technology RiskPreferred Skills: Current Employees apply <a target="_blank" href="https://wd5.myworkday.com/msd/d/task/1422$6687.htmld">HERE</a>Current Contingent Workers apply <a target="_blank" href="https://wd5.myworkday.com/msd/d/task/1422$4020.htmld">HERE</a>Search Firm Representatives Please Read Carefully Merck & Co., Inc., Rahway, NJ, USA, also known as Merck Sharp & Dohme LLC, Rahway, NJ, USA, does not accept unsolicited assistance from search firms for employment opportunities. All CVs / resumes submitted by search firms to any employee at our company without a valid written search agreement in place for this position will be deemed the sole property of our company. No fee will be paid in the event a candidate is hired by our company as a result of an agency referral where no pre-existing agreement is in place. Where agency agreements are in place, introductions are position specific. Please, no phone calls or emails. Employee Status: RegularRelocation:No relocationVISA Sponsorship:NoTravel Requirements:10%Flexible Work Arrangements:HybridShift:1st - DayValid Driving License:NoHazardous Material(s):N/AJob Posting End Date:03/21/2026*A job posting is effective until 11:59:59PM on the day BEFORE the listed job posting end date. Please ensure you apply to a job posting no later than the day BEFORE the job posting end date.

Senior IT Compliance Risk Analyst

Description

Merck & Co.

Pipeline