Data Loss Prevention Analyst
Location:
West Point, PA
Posted:
January 27, 2017
Position Type:
Full Time
Category:
Analyst
Reference:
COM000462
Merck & Co., Inc. Kenilworth, N.J., U.S.A. known as Merck in the United States and Canada, is a global health care leader with a diversified portfolio of prescription medicines, vaccines and animal health products. Today, we are building a new kind of healthcare company - one that is ready to help create a healthier future for all of us.

Our ability to excel depends on the integrity, knowledge, imagination, skill, diversity and teamwork of an individual like you. To this end, we strive to create an environment of mutual respect, encouragement and teamwork. As part of our global team, you'll have the opportunity to collaborate with talented and dedicated colleagues while developing and expanding your career.

As a key member of the Information Technology Risk Management and Security (ITRM&S) organization, the incumbent will be act as a member of the Data Loss Prevention team, and be responsible for managing and remediating instances of data leakage and other cyber security incidents related to data loss prevention that occur on Merck's global network and global computing assets. The incumbent will also participate in sensitive information protection activities. As part of these duties, the incumbent will be expected to manage data loss prevention (DLP) incidents to the point of remediation and clearly communicate any remediation activities and status to colleagues and/or senior management. As a member of the Data Loss Prevention team this role requires the incumbent to be part of a global Intellectual Property and Sensitive Information Protection Program.

The incumbent will work with our Global Security Group, Legal, and other business units as appropriate based upon corporate policy to respond to DLP incidents and take the appropriate response actions. The incumbent will create, modify and review various reports and dashboards from our various reporting tools. The incumbent will also be responsible for analyzing DLP related security incidents that are generated from other tools such as Merck's Big Data platform. The incumbent will maintain DLP Policies/Rules and associated events which support compliance to Merck's corporate policies. The incumbent will also help maintain/troubleshoot issues with the DLP security infrastructure. The incumbent will also be an active participant in weekly DLP management meetings reporting on security incidents that have occurred.

The DLP security solutions that the incumbent will be working on support Merck's current and future state capabilities for achieving desired levels of information protection, confidentiality, integrity and availability of services. The incumbent will be responsible for end-to-end problem and service management, and clear communication of ongoing problem status to colleagues and management. The incumbent will make recommendations to strengthen the security posture of our computing environment as well as recommend process and technology improvements to ensure timely response to future DLP security incidents.

The incumbent will be required to maintain up-to-date data protection industry awareness and trends, and be able to understand how emerging threats may potentially impact the organization. The role also requires active and ongoing collaboration with many other Merck organizations and departments acting in a consultative capacity promoting information security awareness and compliance to corporate policies.

Primary Responsibilities are included but not limited to:
  • Investigate incidents generated from our Data Loss Prevention Tools. Using log management tools, packet captures reports, data visualization, and pattern analysis.
  • Analyze, escalate, and assist in remediation of critical information security incidents related to data loss prevention.
  • Improve and challenge existing processes and procedures in a very agile and fast moving information security environment.
  • Security analysts should have knowledge of:
    • Information security policies and best practices
    • Data Loss Prevention Tools (including network, endpoint, and cloud based DLP tools)
    • The current IT Data Protection landscape and upcoming trends in security


Qualifications:
Education Requirement: Bachelor's Degree in Computer Science or equivalent.

Required Experience and Skills: Excellent analytical and communication skills are essential for this role, as well as passion for problem solving, a desire to learn, and the ability to work in a team environment. Demonstrated skills working with various IT technologies and services. Proven record of successfully managing incidents to resolution, and the ability to trace a problem to root cause. The candidate must be able to adapt and rapidly learn new technologies and must have some background in an information security related discipline.
    • System administration on Windows, Unix or Linux
    • Data Loss Prevention Tools experience
    • Investigating security incidents, Tier-2 support
    • Various general technical skills including knowledge of networking (i.e. TCP/IP) and security product experience
    • Willingness to acquire in-depth knowledge of network and host security technologies and products.
    • Demonstrated ability to work in a team environment.
    • Strong written and verbal communication skills.

Preferred Experience and Skills:
  • Prior experience as a data loss prevention analyst.
  • Ability to build strong relationships with business and technology stakeholders, self-motivation, personal drive and high energy are highly valuable for this position.
  • Experience or familiarity with Data Loss Prevention solutions for network, endpoint and cloud solutions.
  • Experience or familiarity with content monitoring and user activity monitoring solutions.
  • Experience or familiarity with Security Information and Event Management (SIEM) solutions.
  • Experience or familiarity with User Behavior Analytics (UBA) solutions.
  • Knowledge of other information security related products is a plus.
  • CISSP or similar Information security industry certification is a plus.
Our employees are the key to our company's success. We demonstrate our commitment to our employees by offering a competitive and valuable rewards program. Our Company's benefits are designed to support the wide range of goals, needs and lifestyles of our employees, and many of the people that matter the most in their lives. If you need an accommodation for the application process please email us at staffingaadar@merck.com.

Search Firm Representatives Please Read Carefully:
Merck & Co., Inc. is not accepting unsolicited assistance from search firms for this employment opportunity. Please, no phone calls or emails. All resumes submitted by search firms to any employee at Merck via email, the Internet or in any form and/or method without a valid written search agreement in place for this position will be deemed the sole property of Merck. No fee will be paid in the event the candidate is hired by Merck as a result of the referral or through other means.

Visa sponsorship is not available for this position.

For more information about personal rights under Equal Employment Opportunity, visit:

EEOC Poster
EEOC GINA Supplement​

Know someone who would be interested in this job? Share it with your network.