Job Information
Merck Associate Director, Cybersecurity Engineering in Saint Paul, Minnesota
Job Description
Role Overview
The Privileged Access Management (PAM) Team Lead is accountable for the enterprise strategy, delivery, and continuous improvement of our Company's Privileged Access Management program. This role leads the design, implementation, and operation of global privileged access and secrets management capabilities aligned with zero trust principles, regulatory requirements, and cyber risk reduction objectives.
This position requires a technically proficient, self‑motivated leader with deep PAM expertise and experience operating at scale within large, global, and highly regulated environments. This role provides personnel leadership, architectural oversight, and governance to ensure privileged access controls effectively protect critical infrastructure, applications, cloud platforms, and DevOps pipelines.
Key Responsibilities
Strategy & Governance
Define, own, and execute the enterprise PAM roadmap aligned with our Company's cybersecurity and zero trust strategies.
Establish and maintain PAM governance, policies, and standards across on‑premises, cloud, and hybrid environments.
Serve as the enterprise subject matter expert for privileged access risk across infrastructure, applications, DevOps pipelines, and cloud platforms.
Develop and present PAM posture, risk metrics, and remediation plans to executive leadership and audit stakeholders.
Engineering & Architecture
Provide architectural oversight for PAM capabilities, including privileged account vaulting, session management, just‑in‑time (JIT) access, and secrets management.
Lead the design, implementation, and ongoing operation of PAM solutions in compliance with our Company's SDLC and established IT standards.
Collaborate with infrastructure, security, and application teams to manage incidents, escalations, and transitions of operational support.
Ensure PAM solutions are resilient, scalable, and aligned with enterprise security and operational requirements.
Product & Delivery Management
Own and manage the PAM product backlog, refining user stories and epics to ensure alignment with OKRs and broader enterprise initiatives.
Direct day‑to‑day PAM engineering operations to ensure effective planning, balanced workloads, and reliable delivery outcomes.
Promote Agile ways of working and continuous improvement across the PAM engineering function.
People Leadership & Collaboration
Lead, mentor, and develop the PAM engineering team, fostering a collaborative, inclusive, and high‑performing environment.
Provide ongoing coaching and development opportunities aligned with Agile and engineering best practices.
Engage IAM leadership and cross‑functional stakeholders to ensure PAM solutions meet business needs while maintaining strong security and compliance posture.
Required Skills & Experience
Bachelors degree required in related field
7+ years of experience in cybersecurity or Identity and Access Management (IAM), including at least 7 years focused on Privileged Access Management.
Demonstrated experience leading and developing security engineering teams within large, global organizations.
Strong understanding of enterprise PAM and secrets management platforms (e.g., CyberArk, BeyondTrust, Delinea).
Hands‑on knowledge of PAM for Windows, UNIX/Linux, and database platforms.
Experience delivering security solutions using Agile methodologies and managing backlogs with tools such as JIRA.
Excellent communication skills, with the ability to translate complex technical concepts and security risks to non‑technical stakeholders.
Preferred Experience & Skills
Experience working in healthcare or other highly regulated industries.
Strong understanding of cybersecurity fundamentals, secure SDLC practices, and cloud‑native security controls.
Hands‑on experience with identity platforms such as Active Directory and Entra ID, cloud identity services, and HashiCorp Vault.
Hands‑on knowledge of PAM in multi‑cloud environments (AWS, Azure, GCP) and Kubernetes.
Familiarity with ServiceNow for change and incident management, and experience with automation using PowerShell.
Knowledge of industry standards and frameworks such as NIST and ITIL.
Industry‑recognized security certifications (e.g., CISSP, Security+).
Required Skills:
Accountability, Application Security, Cloud Security, Cybersecurity, Cybersecurity Operations, Data Protection, Delivery of Security Applications, Design Applications, DevOps Coaching, Influence, Information Security, Information Systems Management, SLA Management, System Designs, Technical Advice, Zero Trust Identity
Preferred Skills:
Collaborating
Current Employees apply HERE (https://wd5.myworkday.com/msd/d/task/1422$6687.htmld)
Current Contingent Workers apply HERE (https://wd5.myworkday.com/msd/d/task/1422$4020.htmld)
US and Puerto Rico Residents Only:
Our company is committed to inclusion, ensuring that candidates can engage in a hiring process that exhibits their true capabilities. Please click here (https://survey.sogosurvey.com/r/aCdfqL) if you need an accommodation during the application or hiring process.
As an Equal Employment Opportunity Employer, we provide equal opportunities to all employees and applicants for employment and prohibit discrimination on the basis of race, color, age, religion, sex, sexual orientation, gender identity, national origin, protected veteran status, disability status, or other applicable legally protected characteristics. As a federal contractor, we comply with all affirmative action requirements for protected veterans and individuals with disabilities. For more information about personal rights under the U.S. Equal Opportunity Employment laws, visit:
EEOC Know Your Rights (https://www.eeoc.gov/sites/default/files/2022-10/22-088_EEOC_KnowYourRights_10_20.pdf)
EEOC GINA Supplement
We are proud to be a company that embraces the value of bringing together, talented, and committed people with diverse experiences, perspectives, skills and backgrounds. The fastest way to breakthrough innovation is when people with diverse ideas, broad experiences, backgrounds, and skills come together in an inclusive environment. We encourage our colleagues to respectfully challenge one another’s thinking and approach problems collectively.
Learn more about your rights, including under California, Colorado and other US State Acts (https://www.msdprivacy.com/us/en/CCPA-notice/)
U.S. Hybrid Work Model
Effective September 5, 2023, employees in office-based positions in the U.S. will be working a Hybrid work consisting of three total days on-site per week, Monday - Thursday, although the specific days may vary by site or organization, with Friday designated as a remote-working day, unless business critical tasks require an on-site presence.This Hybrid work model does not apply to, and daily in-person attendance is required for, field-based positions; facility-based, manufacturing-based, or research-based positions where the work to be performed is located at a Company site; positions covered by a collective-bargaining agreement (unless the agreement provides for hybrid work); or any other position for which the Company has determined the job requirements cannot be reasonably met working remotely. Please note, this Hybrid work model guidance also does not apply to roles that have been designated as “remote”.
The salary range for this role is
$142,400.00 - $224,100.00
This is the lowest to highest salary we in good faith believe we would pay for this role at the time of this posting. An employee’s position within the salary range will be based on several factors including, but not limited to relevant education, qualifications, certifications, experience, skills, geographic location, government requirements, and business or organizational needs.
The successful candidate will be eligible for annual bonus and long-term incentive, if applicable.
We offer a comprehensive package of benefits. Available benefits include medical, dental, vision healthcare and other insurance benefits (for employee and family), retirement benefits, including 401(k), paid holidays, vacation, and compassionate and sick days. More information about benefits is available at https://jobs.merck.com/us/en/compensation-and-benefits .
You can apply for this role through https://jobs.merck.com/us/en (or via the Workday Jobs Hub if you are a current employee). The application deadline for this position is stated on this posting.
San Francisco Residents Only: We will consider qualified applicants with arrest and conviction records for employment in compliance with the San Francisco Fair Chance Ordinance
Los Angeles Residents Only: We will consider for employment all qualified applicants, including those with criminal histories, in a manner consistent with the requirements of applicable state and local laws, including the City of Los Angeles’ Fair Chance Initiative for Hiring Ordinance
Search Firm Representatives Please Read Carefully
Merck & Co., Inc., Rahway, NJ, USA, also known as Merck Sharp & Dohme LLC, Rahway, NJ, USA, does not accept unsolicited assistance from search firms for employment opportunities. All CVs / resumes submitted by search firms to any employee at our company without a valid written search agreement in place for this position will be deemed the sole property of our company. No fee will be paid in the event a candidate is hired by our company as a result of an agency referral where no pre-existing agreement is in place. Where agency agreements are in place, introductions are position specific. Please, no phone calls or emails.
Employee Status:
Regular
Relocation:
No relocation
VISA Sponsorship:
No
Travel Requirements:
10%
Flexible Work Arrangements:
Remote
Shift:
1st - Day
Valid Driving License:
No
Hazardous Material(s):
N/A
Job Posting End Date:
03/16/2026
*A job posting is effective until 11:59:59PM on the day BEFORE the listed job posting end date. Please ensure you apply to a job posting no later than the day BEFORE the job posting end date.
Requisition ID: R387600