Job Description

Our company’s IT division partners with colleagues across the business to help serve patients and customers around the world. We are a dynamic team of technology and risk professionals dedicated to leveraging data, security insights, and governance practices to strengthen our digital environment.

Join us in Prague as a Compliance Risk Analyst and become part of the IT Risk Management & Security (ITRMS) Governance Risk and Compliance (GRC) team, where you will play a key role in providing data driven insights into IT risk and compliance to our leadership, in support of informed decisions.

Responsibilities

• Analyze and prioritize IT risks
• Discover internal business reporting needs and data products that meet the reporting needs.
• Develop reporting requirements and oversee analytics and reporting solutions from Proof of Concept through Production release.
• Analyze compliance and risk indicators for IT controls, with a strong focus on Access Management.
• Translate strategic risk and compliance objectives into actionable delivery plans and initiatives
• Partner with platform, security, and engineering teams to design, influence, and drive implementation of agreed solutions.
• Provide advisory input and practical guidance to platform teams, ensuring alignment with leadership decisions and enterprise standards.
• Track remediation progress and control effectiveness, and proactively escalate risks and dependencies as needed
• Keep leadership regularly informed of risk trends, control effectiveness, and remediation status

Qualifications

Required

• Bachelor’s Degree (preferably in Information Technology, Cybersecurity, or Information Systems)
• 6-8 years of IT risk and compliance / IT audit experience
• Strong hands-on knowledge of Identity & Access Management (IAM) concepts, including:
  • Provisioning and deprovisioning
  • Identity lifecycle management
  • RBAC / ABAC
  • Single Sign-On (SSO)
  • Multi-Factor Authentication (MFA)
  • Privileged Access Management (PAM)
• Experience evaluating or auditing access governance processes and identity providers
• Understanding of IT security and compliance frameworks (e.g., SOX ITGC, NIST)
• Experience translating technical control findings into actionable risk insights and remediation plans
• Strong analytical mindset with attention to detail and ability to interpret complex technical data
• Excellent communication skills, with the ability to tailor messaging for technical teams, business partners, and executive leadership.

Preferred

• Certifications such as CISA, CISSP, CISM, CIA, or similar
• Experience in cloud-native IAM governance controls
• Exposure to Privileged Access Management (PAM) solutions
• Basic knowledge of SQL or Python for data analysis and reporting automation
• Experience with data analytics and reporting tools such as Power BI, Tableau, Spotfire, or similar

What we offer

• Exciting work in a great team, global projects, international environment
• Opportunity to learn and grow professionally within the company globally
• Hybrid working model, flexible role pattern
• Competitive salary & incentive pay
• Pension and health insurance contributions
• Internal reward system and referral scheme
• 5 weeks annual leave, 5 sick days, 15 days of certified sick leave paid above statutory requirements annually, 40 paid hours annually for volunteering activities, 12 weeks of parental contribution
• Cafeteria for tax free benefits according to your choice (meal vouchers, Lítačka, sport, culture, health, travel, etc.), Multisport Card
• Vodafone, Raiffeisen Bank, Foodora, and discount programmes
• Up-to-date laptop and iPhone
• Parking in the garage, showers, refreshments, massage chairs, library, music corner

Ready to take up the challenge? Apply now!

Know anybody who might be interested? Refer this job!

Required Skills:

Analytics, Collaboration, Executive Communications, Identity Access Management (IAM), Information Technology (IT) Risk Management, Information Technology Auditing, IT Governance Risk and Compliance (GRC), Multi-Factor Authentication (MFA), Privileged Access Management (PAM), Role Based Access Control (RBAC), Technology Risk

Preferred Skills:

Current Employees apply HERE

Current Contingent Workers apply HERE

Search Firm Representatives Please Read Carefully
Merck & Co., Inc., Rahway, NJ, USA, also known as Merck Sharp & Dohme LLC, Rahway, NJ, USA, does not accept unsolicited assistance from search firms for employment opportunities. All CVs / resumes submitted by search firms to any employee at our company without a valid written search agreement in place for this position will be deemed the sole property of our company. No fee will be paid in the event a candidate is hired by our company as a result of an agency referral where no pre-existing agreement is in place. Where agency agreements are in place, introductions are position specific. Please, no phone calls or emails.

Employee Status:

Regular

Relocation:

No relocation

VISA Sponsorship:

No

Travel Requirements:

10%

Flexible Work Arrangements:

Hybrid

Shift:

1st - Day

Valid Driving License:

No

Hazardous Material(s):

N/A

Job Posting End Date:

05/1/2026

*A job posting is effective until 11:59:59PM on the day BEFORE the listed job posting end date. Please ensure you apply to a job posting no later than the day BEFORE the job posting end date.