at Merck in Dover, Delaware, United States
At our Company, we are dedicated to improving lives by advancing innovative healthcare solutions. As we continue to leverage cutting-edge technologies and digital transformation, we are seeking a talented and experienced Zero Trust Security Strategist to join our Information Security team. In this role, you will be responsible for implementing and driving our Zero Trust security strategy across the organization, with a particular focus on Operational Technology (OT), Identity and Access Management ( IAM ), and Cloud Native technology.
Responsibilities: + Develop and lead the implementation of the Zero Trust security strategy, ensuring the protection of our critical assets and systems.
+ Collaborate with cross-functional teams, including IT, OT, and business stakeholders, to assess security risks and design appropriate security controls.
+ Conduct in-depth analysis of our Operational Technology environment, identifying potential vulnerabilities and recommending mitigation strategies.
+ Define and enforce access management policies and controls, ensuring that appropriate permissions and privileges are granted based on a least privilege model.
+ Design and implement secure identity and access management solutions, integrating with both on-premise and cloud-based environments.
+ Develop and maintain best practices and guidelines for secure cloud-native architectures and practices, ensuring compliance with industry standards and regulatory requirements.
+ Stay up-to-date with emerging security technologies, industry trends, and vulnerabilities, and proactively identify areas for improvement and innovation.
Requirements: + Bachelor's Degree in Computer Science, Information Security, or a related field required. Advanced Degree preferred.
+ Minimum 7 years of relevant experience.
+ Extensive experience in the field of cybersecurity, with a focus on Zero Trust security principles.
+ Strong background in Operational Technology security, with a deep understanding of OT systems and associated risks.
+ Proficiency in Identity and Access Management ( IAM ) solutions, such as Active Directory, Azure AD, or similar.
+ Familiarity with cloud-native technologies and architectures, including containerization, orchestration, and serverless computing.
+ Experience in designing and implementing security controls for hybrid cloud environments, that use Infrastructure as Code (IaC) and DevSecOps practices.
+ Strong understanding of industry security standards and frameworks, such as ISO 27001, NIST Cybersecurity Framework, and CSA Cloud Controls Matrix.
+ Excellent communication and collaboration skills, with the ability to effectively communicate complex security concepts to technical and non-technical stakeholders.
#eligibleforerp
NOTICE FOR INTERNAL APPLICANTS In accordance with Managers' Policy – Job Posting and Employee Placement, all employees subject to this policy are required to have a minimum of twelve (12) months of service in current position prior to applying for open positions.
If you have been offered a separation benefits package, but have not yet reached your separation date and are offered a position within the salary and geographical parameters as set forth in the Summary Plan Description ( SPD ) of your separation package, then you are no longer eligible for your separation benefits package. To discuss in more detail, please contact your HRBP or Talent Acquisition Advisor.
Employees working in roles that the Company determines require routine collaboration with external stakeholders, such as customer-facing commercial, or research-based roles, will be expected to comply not only with Company policy but also with policies established by such external stakeholders (for example, a requirement to be vaccinated against COVID -19 in order to access a facility or meet with stakeholders). Please understand that, as permitted by applicable law, if you have not been vaccinated against COVID -19 and an essential function of your job is to call on external stakeholders who require vaccination to enter their premises or engage in face-to-face meetings, then your employment may pose an undue burden to business operations, in which case you may not be offered employment, or your employment could be terminated. Please also note that, where permitted by applicable law, the Company reserves the right to require COVID -19 vaccinations for positions, such as in Global Employee Health, where the Company determines in its discretion that the nature of the role presents an increased risk of disease transmission. Current Employees apply HERE (
Current Contingent Workers apply HERE (
US and Puerto Rico Residents Only: Our company is committed to inclusion, ensuring that candidates can engage in a hiring process that exhibits their true capabilities. Please click here ( if you need an accommodation during the application or hiring process.
We are an Equal Opportunity Employer, committed to fostering an inclusive and diverse workplace. All qualified applicants will receive consideration for employment without regard to race, color, age, religion, sex, sexual orientation, gender identity, national origin, protected veteran status, or disability status, or other applicable legally protected characteristics. For more information about personal rights under the U.S. Equal Opportunity Employment laws, visit:
EEOC Know Your Rights ( EEOC KnowYourRights 10 20.pdf)
EEOC GINA Supplement?
Pay Transparency Nondiscrimination ( OFCCP /pdf/pay-transp %20English formattedESQA508c.pdf)
We are proud to be a company that embraces the value of bringing diverse, talented, and committed people together. The fastest way to breakthrough innovation is when diverse ideas come together in an inclusive environment. We encourage our colleagues to respectfully challenge one another's thinking and approach problems collectively.
Learn more about your rights, including under California, Colorado and other US State Acts ( CCPA -notice/)
U.S. Hybrid Work Model Effective September 5, 2023, employees in office-based positions in the U.S. will be working a Hybrid work consisting of three total days on-site per week, generally Tuesday, Wednesday and either Monday or Thursday, although the specific days may vary by site or organization, with Friday designated as a remote-working day, unless business critical tasks require an on-site presence. This Hybrid work model does not apply to, and daily in-person attendance is required for, field-based positions; facility-based, manufacturing-based, or research-based positions where the work to be performed is located at a Company site; positions covered by a collective-bargaining agreement (unless the agreement provides for hybrid work); or any other position for which the Company has determined the job requirements cannot be reasonably met working remotely. Please note, this Hybrid work model guidance also does not apply to roles that have been designated as "remote".
Under New York State, Colorado State, Washington State, and California State law, the Company is required to provide a reasonable estimate of the salary range for this job. Final determinations with respect to salary will take into account a number of factors, which may include, but not be limited to the primary work location and the chosen candidate's relevant skills, experience, and education.
Expected salary range:
$149,400.00 – $235,100.00
Available benefits include bonus eligibility, health care and other insurance benefits (for employee and fami
To view full details and how to apply, please login or create a Job Seeker account
