Merck IT Risk & Compliance Associate in Branchburg, New Jersey

The Risk & Compliance Associate is a direct liaison to our Global Human Health Information Technology team and is responsible for analyzing risk and verifying & validating software and business effectiveness to ensure processes and people are compliant with internal policies and standards and external regulations and applicable laws. The position requires strong compliance & risk management skills as well as excellent communication and collaboration skills required to partner with all levels of Merck’s business and Information Technology (IT) staff. The associate will plan and execute risk-based strategies and initiatives on time for the goal of improving Merck’s risk and compliance posture and reducing Merck’s compliance & cybersecurity risk.

The Risk & Compliance Associate will execute work in alignment with Merck business & IT goals and initiatives:

  • Serve as resource risk advisor for Global Human Health Division (Sales and Marketing) . Will respond to questions and requests for assistance and guidance and assess compliance, quality and cyber security risk within the division and recommend ideas to mitigate and reduce risks, while improving compliance & quality management.

  • Collaborate and partner with GHH Risk Liaison Director and GHH Risk Liaison team members application teams, risk and security control teams, infrastructure operations, other divisional Risk Liaisons, and business stakeholders at various levels in order to ensure critical compliance and cyber security controls are implemented on Merck’s most critical applications.

  • Responsible for on-going governance and maintenance of internal compliance, risk & quality management procedures & standards and critical control metrics. This is inclusive of ongoing maintenance of risk prioritization process updates and metrics for the corporate risk profile and critical applications list.

  • Provide education, guidance, consultative support in order to respond to risk & compliance inquiries effectively.

  • Assist in developing policy updates, team standards, guidelines, presentations, communications, project/task plans, and training in order to complete work with a high degree of quality in a timely fashion. Create compliance & risk management standard operating procedures, guidelines & work instructions and implement process improvements to ensure we are operating efficiently & effectively with the utmost quality.

  • Report regular metrics and status reports on the overall health and quality of the risk & compliance initiatives. Create and maintain detailed metrics, which clearly articulate appropriate information to support areas and management. Create detailed presentations of metrics and status to communicate to all levels of management.

  • Work with business and IT for critical controls reduction and provide communication, education and oversight.

  • Govern necessary oversight & monitoring to ensure people, processes and systems are compliant with Merck's internal corporate policies and standards and external regulations and applicable laws by

  • Assisting with tracking GxPInspection Readiness audits and assessments, including detailed documentation reviews and interviewing to ensure quality

  • Planning and tracking findings and remediation and generate formal audit/assessment reports to application teams, business stakeholders, and management

  • Providing ongoing education - training and guidance on GxP Inspection Readiness

  • Providing support as needed during external Health Authority Regulatory inspections (FDA inspections)

  • Performing Compliance assessments against Merck’s System Development Lifecycle framework.

Merck & Co., Inc. Kenilworth, N.J., U.S.A. known as Merck in the United States and Canada, is a global health care leader with a diversified portfolio of prescription medicines, vaccines and animal health products. The difference between potential and achievement lies in the spark that fuels innovation and inventiveness; this is the space where Merck has codified its legacy for over a century. Merck’s success is backed by ethical integrity, forward momentum, and an inspiring mission to achieve new milestones in global healthcare.

Education Minimum Requirement:

  • Bachelor’s Degree

Required Experience and Skills:

  • A Bachelor's degree is required.

  • A minimum of 3 years IT & life cycle experience

  • A detailed understanding of IT risk & compliance is required

  • A good understanding and application IT industry standards, such as NIST framework for information security and risk management, System Development (CMMI) and Validation lifecycles, data privacy law and regulations.

  • Demonstrated experience triaging risk and monitoring controls, overseeing critical initiatives, assessing standards with evidentiary documentation – reports & metrics/measurements.

  • An Understanding of GxP Inspection Readiness audits and validating regulatory compliance and quality standards with evidentiary documentation – reports & metrics/measurements.

  • An understanding of external regulations and applicable laws, such as, GxP/HAR – Part 11, PDMA; Privacy, Safe Harbor, HIPAA, Corporate Integrity Agreement, Sarbanes Oxley, State Marketing laws, etc.

  • A demonstrated track record for analyzing processes for improvement including experience making process improvements and creating standard operating procedures.

  • Demonstrated ability to execute on multiple high priority tasks and report to all levels of management.

  • Excellent leadership, communication, and team collaboration skills

  • Excellent project management, risk management & compliance management skills

  • Demonstrated ability to generate detailed risk & compliance metric reports timely. Excellent Excel, Access, & Remedy/CMDB skills & experience

  • A strong Merck business and IT knowledge is required.

  • Experience working effectively with various levels of Merck staff worldwide.

Preferred Experience and Skills:

  • 2 or more years’ demonstrated experience working on or leading projects and executing on initiatives

  • Demonstrated experience in a risk or compliance role.

  • Demonstrated experience monitoring systems against policies, regulations, laws, and standards effectively.

  • An in-depth /detailed understanding of the Systems Development Life Cycle, CMMI and Validation standards, and the NIST framework for Information Security and Risk Management.

  • An in-depth/detailed understanding and experience using & reporting risk, quality and compliance metrics from MS PowerPoint, MS Excel, and/or a standard CMDB.

  • Experience with RSA Archer eGRC Platform.

  • A demonstrated ability of interpreting internal compliance policies and external compliance regulations, in particular, 21CFR, Part 11 & PDMA, Sox & Privacy

Your role at Merck is integral to helping the world meet new breakthroughs that affect generations to come, and we’re counting on your skills and inventiveness to help make meaningful contributions to global medical advancement. At Merck, we’re inventing for life.

If you need assistance and/or a reasonable accommodation due to a disability during the application or the recruiting process, please send a request to .

Search Firm Representatives Please Read Carefully:

Merck & Co., Inc. is not accepting unsolicited assistance from search firms for this employment opportunity. Please, no phone calls or emails. All resumes submitted by search firms to any employee at Merck via email, the Internet or in any form and/or method without a valid written search agreement in place for this position will be deemed the sole property of Merck. No fee will be paid in the event the candidate is hired by Merck as a result of the referral or through other means.

Visa sponsorship is not available for this position.

For more information about personal rights under Equal Employment Opportunity, visit:

EEOC Poster at

EEOC GINA Supplement​ at

Job Compliance & Risk Management

Other Locations: NA-US-PA-West Point

Title: IT Risk & Compliance Associate

Primary Location: NA-US-NJ-Branchburg

Requisition ID: COM000696