Application Security Engineer

Opportunity to **be a part of a IT Compliance & Risk Management team in Singapore**:

- ** Based in Singapore**, the regional hub for Asia Pacific (AP) and top-ranked biopharmaceutical company on The Straits Times and Statista’s list of Best Employers in Singapore for two consecutive years (2020, 2021).
- Join the **premier biopharmaceutical company** that has been in Singapore for more than **25 years and in AP for over 60 years.**

Our company’s Information Technology division partners with colleagues across the business to help serve our patients and customers around the world. We are a high-energy team of dynamic, innovative individuals dedicated to leveraging information and technology to efficiently drive revenue and productivity, thereby advancing our company’s contribution to global medical innovation.

Information Technology Risk Management and Security Governance Risk and Compliance (ITRMS GRC) is an essential component of our company’s Information Technology division that provides support to the Pharmaceutical Research, Supply Chain, and Marketing organizations. The IT Compliance Consultation group is responsible for working directly with IT practitioners to provide guidance on navigating the company’s System Development Lifecycle (SDLC) and the IT Control framework.

**Primary Responsibilities**

**_ Supplier Software Security_**
- Collaborate with 3rd party software developers and providers to ensure the products are developed using secure software development methodologies
- Develop, collect and improve metrics to measure the success of the Supplier Software Security Program
- Collaborate with Cyber Security Value Teams to integrate Supplier Software Security Program
- Partner with other IT Risk Management & Security teams to improve the overall Cyber Security posture of the organization
- Identify areas where our processes can be improved, and where possible implement those improvements

**_ Leadership_**
- Foster collaboration, listen and learn from stakeholders and people with different cultures across functional areas
- A team-focused mentality with the proven ability to work effectively with diverse stakeholders.
- Build talents and enable them to succeed. Set an example and share the knowledge
- Understand business needs and commit to delivering high-quality, prompt, and efficient service to the business.
- Ability to communicate well to diverse audiences, clear and concise in presentations
- Ability to work extremely well under pressure while maintaining a professional image and approach.
- Self-motivation, personal drive, and high energy.

**_ Technical Knowledge _**
Good knowledge and experience with the following concept, methodology, products, platforms, services, and protocols.
- Experience in Risk Management and Information Security, Identity & Access Management, and Identity Governance & Administration
- Dynamic Application Security Testing & Static Application Security Testing. Using tools such as Fortify on Demand, WebInspect,
- Software Composition Analysis, Open Source Security. Using tools like Black Duck
- Cloud Platforms & Services. E.g., PaaS, IaaS, SaaS, CASB, SASE

**_ Others_**
- May require occasional off-hours work

**Education Minimum Requirement**:

- Bachelor’s degree in Information Security, Computer Science or Engineering or equivalent experience.
- Diploma holders with more years of relevant work experience.

**Required Experience and Skills**:

- At least five (5) years of experience in risk management and security and/or regulated or compliance environment
- Ability to connect with stakeholders on processes and information, both in the local region and abroad is essential
- Familiarity with Agile methodology, Software Development Lifecycle (SDLC) and IT Information Library (ITIL)
- Aptitude to train fellow staff on functional expertise and mentor junior team members
- Excellent oral and written communication skills, possess good presentation skills
- Relevant certifications are desired: CISSP certification; AWS cloud security, Azure cloud security

**Who we are**

We are known as Merck & Co., Inc., Rahway, New Jersey, USA in the United States and Canada and MSD everywhere else. For more than a century, we have been inventing for life, bringing forward medicines and vaccines for many of the world's most challenging diseases. Today, our company continues to be at the forefront of research to deliver innovative health solutions and advance the prevention and treatment of diseases that threaten people and animals around the world.

**What we look for**

Imagine getting up in the morning for a job as important as helping to save and improve lives around the world. Here, you have that opportunity. You can put your empathy, creativity, digital mastery, or scientific genius to work in collaboration with a diverse group of colleagues who pursue and bring hope to countless people who are battling some of the most challenging diseases of our time. Our team