Summary
Overview
Work History
Education
Skills
Timeline
Generic

Sandeep Mishra

Summary

Over 25 years of experience as a Security, Business, and Solution Architect specializing in scalable security architecture and cybersecurity risk mitigation strategies. Proven track record of implementing enterprise-level security solutions for major organizations including Merck and JP Morgan, with a focus on third-party risk management and compliance frameworks. Expertise in leading global security initiatives, including Zero Trust architecture and cloud security design, ensuring robust protection against evolving threats. Strong leadership and collaboration skills, effectively engaging with cross-functional teams to drive security best practices and achieve organizational objectives.

Overview

26
26
years of professional experience

Work History

Principal Risk Management, Liaison & Product Security Architect

Merck Inc
Rahway, NJ
02.2025 - Current
  • Creative thought leader with multi-disciplinary Risk Mgmt. Liaison & Security Architecture and Engg
  • Extensive experience structuring and delivering globally scalable Cybersecurity Risk Mgmt. & Architecture
  • Strategic Analysis: problem definition, Design Thinking, Solution Options Development, roadmaps
  • BIRO Client Centric Business Security Reference Architecture: Business Context, Third-Party, & Commercial
  • Innovation: emergent technologies; Zero Trust Security Architecture, Data-Centric Security, Manufacturing, OT Security, Blockchain Security, AI, ML, Security Architecture, Communities of Practice
  • Integration & Data Security Strategy: master/reference, integration/source rationalization, reusable patterns
  • Cloud Security / Migration Strategy: Data Center consolidation, Hybrid, AWS + Azure + 3rd Party SaaS
  • Multi-site Engineering: DR/cyber resilience, risk assessment/remediation, Data Security, AI Security & DR
  • Agility: CI/CD, DevSecOps automation, provisioning, containers, entitlements

Associate Director Risk Management, Liaison & Product Security Architect

Merck Inc.
Rahway, NJ
06.2021 - 01.2025
  • MRL Division Risk Liaison – Business, Enterprise, and Security Architecture
  • Spearheaded development of Security by Design Architecture Pattern implementation & liaison for MRL RaDS Research Suite platform to innovate ITRMS cybersecurity product capabilities and framework
  • Spearheaded designing global CDL (Clinical Data Layer) platform security architecture
  • MMD Division Risk Liaison – Business, Enterprise, and Security Architecture
  • Spearheaded risk management, design and implementation of Enterprise Secured Architecture Pattern for Digital MMD / product Security and Traceability capability, secure organization from Cyber Threats
  • Spearheaded the secure architecture design for OT, Blockchain product pharma Ledger capability with Merck peers J&J, Takeda, Bayer, Novartis & GSK
  • ITRMS GRC BIRO Business Division Risk Liaison – Business, Enterprise, and Security Architecture
  • Spearheaded Merck Information Security Third-Party Risk assessment and management product globally
  • Spearheaded Merck global Threat Modelling Security initiative and framework for Cloud Security, Application Security, Cyber Fusion Center, and risk liaison for multiple business across OT, Research Lab, Animal & Human Health.
  • Led the Cybersecurity Threat modelling framework by identifying threats using Stride to identify potential threats as data moves through the system and determine security mitigation and controls
  • Spearheaded the integration of Threat Modelling & MITRE ATT&CK framework using ServiceNow SecOps platform integration with third party SIEM, Vulnerability Response Scanner and gaining into threat visibility
  • Spearheaded the ZeroTrust architecture expanding the Zscaler Secured Internet Access, Client Connector and Zero Trust Privilege access for Crown Jewel mission critical applications globally.
  • Led the ZeroTrust Microsegmentation design for ShopFloor, LabFloor, Public/Private Cloud, & China region
  • Spearheaded Zero Trust Identity Based Micro-segmentation for 70 countries and China region
  • Led the Zero Trust Privilege Remote Access and Cloud Browser Isolation for Tier1/Tier2 manufacturing sites
  • Spearheaded Zero Trust Identity Based Micro-segmentation for 70 countries and China region
  • Spearheaded the Merck Divisional Architecture Security Pattern & risk assessment for implementing integration of Third-Party partners and Contract Research Organizations with SaaS platform
  • Spearheaded the Business and Security Architecture pattern for building Merck Secured SaaS platform
  • Led defining and building Architecture driven Cloud Layered Services Declaration of Standards program
  • Spearheaded the Global Azure VDI Architecture Design & Integration pattern as part of the BlueSky initiative
  • Successfully led security architecture for building the Next Gen Global WebAPI platform
  • Collaborating with the DevSecOps team as a SME in translating AWS/Azure Services Security requirements into Secured IaaC/PaaC Modules for AWS, Azure, GCP Services
  • Led the security architecture patterns build out and implementation for key Information Risk Management products and capabilities
  • Led and developed as a Security Architect SME the “FIRST” end-to-end secured architecture reference pattern for CI/CD pipeline security automation with third-party SaaS platform

Manager Advisory, Security Architect - Cloud Security and Cyber Security

Ernest & Young
Iselin, NJ
01.2019 - 12.2021
  • Project Accomplishments: Advisory Cybersecurity, Cloud Security and Risk Management
  • Spearheaded as a Cybersecurity Architect SME, Enterprise and Business Security Architect advisor globally, in building Cybersecurity, Cloud Security Strategy, Governance, security standards and compliance framework
  • Spearheaded design initiative and architecting Security Defined Perimeter by implementing Zero Trust Model Security by Design thinking methodology
  • Spearheaded global AWS/ Azure risk assessment program, working closely with Merck Global ITRMS, CISO, GRC, IT/Business stakeholders, in closing risk-based security gaps and developing long-term security strategies for enhancing overall organization security posture.
  • Spearheaded developing Security Architecture Patterns and Standards for AWS/Azure/GCP Cloud Layered Services security definitions, standards partnering with D&A team, Cloud-CoE team, & Risk Assessment team.
  • Led the collaborative architecture of building Cloud Security Governance Framework with Cloud CoE team
  • Possess strong leadership, management, and collaborative skills working closely with business stakeholder/IT division and point of contact for providing end-to-end security vision and guidance
  • Spearheaded building IaaC/PaaC DevSecOps, Security Architecture Automation/Orchestration framework and partnering with DevOps, Cloud and Application Security team
  • Spearheaded security Risk Assessment by assessing, recommending and developing security control and solutions to reduce identified security risks are mitigated under AWS/Azure/GCP cloud environment
  • Led the Security Architecture Community of Practice model across EY North America

HEAD, IT Infrastructure, Cloud Security, Cyber Security

MAJESCO NORTH AMERICA
Morristown, NJ
01.2006 - 12.2019
  • Spearheaded as an Enterprise Security, Business, Cloud and Cybersecurity Architect SME for North America region.
  • Designed and Architected Enterprise Security, Cloud Security/Cybersecurity strategy & framework for SaaS/ PassS/IaaS, and ASP hosted environment for Property & Casualty and Life & Annuity Insurance Vertical

Principal Architect, Security Design IAM

ING Financial Services
New York, NY
01.2005 - 12.2006
  • Spearheaded ING North America and South America IAM business Security Architecture design for implementing SOX key controls

Enterprise Security Architect, Identity Access Management

California State Automobile Association (CSAA)
San Francisco, CA
01.2005 - 12.2006
  • Led the Enterprise Architecture Secured IAM solution for CSAA, CA North America core Identity platform

Principal Architect, Datacenter Security

Savvy Network ISP
Tarrytown, NY
01.2003 - 12.2005
  • Architected scalable network and security design for Savvy ISP Datacenter supporting Life Sciences and Pharmaceutical customers by implementing Security-By-Design and Architecture defined framework

Principal Security Architect, Real-Time Energy Trading Platform

E-lectrade
White Plains, NY
01.2001 - 12.2002
  • Spearheaded E-lectrade business and security architecture division for building and designing Real-Time Energy Trading platform for North America Energy markets.

Principal Security Architect, Content Delivery Network

Global Convergence
Sterling, South Korea
01.2001 - 12.2002
  • Spearheaded Global Convergence business and Security Architecture for designing and building the “First Content Delivery Network for South Korea 200 (Point of Presence) stations using South KSAT Satellite

Principal Security Architect, Treasury Division

JP Morgan
New York, NY
01.1999 - 12.2000
  • Led the security architecture function for JP Morgan Treasury business platform and services.
  • Architected methodology in building secured trading platform application resiliency and availability

Education

TOGAF -

06.2025

CISSP -

06.2025

CISM -

06.2025

BS - Electronics and Telecommunication

University of Mumbai

Managing Cybersecurity Risk in Information Age -

Harvard University

Cisco Certified Professional -

Microsoft Certified Professional -

Skills

  • Technology and business architecture
  • Cybersecurity strategy and governance
  • Solution architecture and implementation
  • Risk management and compliance
  • Budgeting and forecasting
  • Process management and planning
  • Client and partner relations
  • Team development and collaboration
  • Cloud security and resiliency
  • Data center and virtualization management
  • Networking and disaster recovery strategies
  • Zero trust and SASE frameworks
  • AI integration in architecture

Timeline

Principal Risk Management, Liaison & Product Security Architect

Merck Inc
02.2025 - Current

Associate Director Risk Management, Liaison & Product Security Architect

Merck Inc.
06.2021 - 01.2025

Manager Advisory, Security Architect - Cloud Security and Cyber Security

Ernest & Young
01.2019 - 12.2021

HEAD, IT Infrastructure, Cloud Security, Cyber Security

MAJESCO NORTH AMERICA
01.2006 - 12.2019

Principal Architect, Security Design IAM

ING Financial Services
01.2005 - 12.2006

Enterprise Security Architect, Identity Access Management

California State Automobile Association (CSAA)
01.2005 - 12.2006

Principal Architect, Datacenter Security

Savvy Network ISP
01.2003 - 12.2005

Principal Security Architect, Real-Time Energy Trading Platform

E-lectrade
01.2001 - 12.2002

Principal Security Architect, Content Delivery Network

Global Convergence
01.2001 - 12.2002

Principal Security Architect, Treasury Division

JP Morgan
01.1999 - 12.2000

TOGAF -

CISSP -

CISM -

BS - Electronics and Telecommunication

University of Mumbai

Managing Cybersecurity Risk in Information Age -

Harvard University

Cisco Certified Professional -

Microsoft Certified Professional -

Similar Profiles

  • Abegail Hleza

    Abegail HlezaAbegail Hleza

    Risk Specialist at Merck (Pty) Ltd and Merck Life Science (Pty) LtdRisk Specialist at Merck (Pty) Ltd and Merck Life Science (Pty) Ltd

  • Heidy Lorena Correa Hernandez

    Heidy Lorena Correa HernandezHeidy Lorena Correa Hernandez

    Quality Systems Manager at Merck KGaA, EMD (Merck SA De CV)Quality Systems Manager at Merck KGaA, EMD (Merck SA De CV)

  • Sean Mellish

    Sean MellishSean Mellish

    Associate Scientist III at Merck KGaAAssociate Scientist III at Merck KGaA

  • APPAKUTTY E. KALAINESAN

    APPAKUTTY E. KALAINESANAPPAKUTTY E. KALAINESAN

    Senior Principal Application Security Architect | IoT Product Security Lead at OWL LABS INC.Senior Principal Application Security Architect | IoT Product Security Lead at OWL LABS INC.

  • Prashant Kumar

    Prashant KumarPrashant Kumar

    <ul><li>Roles and Responsibilities</li><li>Hiring and team building</li><li>Managing team’s career progression and performance reviews</li><li>Managing Performance improvement plan and firing</li><li>Mentoring</li><li>Product roadmap planning and execution</li><li>Accountability of the entire delivery execution including the risk mitigation planning.</li><li>Stakeholder management</li><li>Adhering to Apple Privacy and Security Guidelines for platform</li><li>Design and implementation of new architectures and solutions to manage all online services for AdXchange in Apple Ads.</li><li>Design and implementation of new architectures and solutions deliver Budget experimentation in Apple Ads</li><li>Design and implementation of new architectures and solutions to manage data for Ad Platform.</li><li>Creating and maintaining all the data and analytics and revenue pipelines for Ad Platforms</li><li>Driving the solution for data ingestions and data processing across Ad platform</li><li>Defining the Strategy for data governance and data access</li><li>Collaboration with business to deliver relevant data and insight for our strategy and decisions.</li><li>Managing storage, processing, copy/synchronization etc. appropriate to scale</li><li>Enabling machine learning and algorithm groups by proving them right frameworks and data</li><li>Advancing team’s design methodology and quality programming practices and evangelize those techniques across Ad platform.</li><li>Deliveries</li><li>Setup 8+ member team to design and deliver Budget Allocation and Budget experimentation.</li><li>Leading Ad Delivery services team, responsible for delivering various capabilities like query understanding, targeting, fraud etc.</li><li>Delivered and Lead Design for observability for budget, and data platform in Ad platform.</li><li>Setup 11+ members high performing team to handle various business needs such as analytics and micro services for Display Advertising as well as Data Platform</li><li>Instrumental in driving Data Platform throughout the SDLC from inception, design, development, testing and deployment.</li><li>Instilled a strong team culture of high-quality delivery by constructive feedback, cross collaboration, focus and motivation.</li><li>Delivered Realtime and Batch Platform with various integrations</li><li>Delivered new DIP design for Data Platform</li><li>Delivered design of all the components of Data processing platform</li><li>Transitioned Display data work to India seamlessly and delivered many critical business impacting features and organizational security initiatives.</li><li>Closely worked with various stakeholders to understand the requirements which resulted into efficient remote work culture.</li><li>Seamless Display execution and set up best practices for 24X7 production on-call.</li><li>Tools and Technologies</li><li>AWS, S3, Kafka, Spark, Hadoop, EMR, Hive, Scoop, Flume, Cassandra, Airflow, Oozie, Gobblin, Schema Store, Icloud, Grafana, Kubernetes, Vertica, Alation, snowflake, druid, Iceberg, Java, Scala, IntelliJ, Oracle, MySql, Git, RIO, Spinnaker, Elastic cache, Grpc, Agile.</li></ul> at Apple - Adplatform<ul><li>Roles and Responsibilities</li><li>Hiring and team building</li><li>Managing team’s career progression and performance reviews</li><li>Managing Performance improvement plan and firing</li><li>Mentoring</li><li>Product roadmap planning and execution</li><li>Accountability of the entire delivery execution including the risk mitigation planning.</li><li>Stakeholder management</li><li>Adhering to Apple Privacy and Security Guidelines for platform</li><li>Design and implementation of new architectures and solutions to manage all online services for AdXchange in Apple Ads.</li><li>Design and implementation of new architectures and solutions deliver Budget experimentation in Apple Ads</li><li>Design and implementation of new architectures and solutions to manage data for Ad Platform.</li><li>Creating and maintaining all the data and analytics and revenue pipelines for Ad Platforms</li><li>Driving the solution for data ingestions and data processing across Ad platform</li><li>Defining the Strategy for data governance and data access</li><li>Collaboration with business to deliver relevant data and insight for our strategy and decisions.</li><li>Managing storage, processing, copy/synchronization etc. appropriate to scale</li><li>Enabling machine learning and algorithm groups by proving them right frameworks and data</li><li>Advancing team’s design methodology and quality programming practices and evangelize those techniques across Ad platform.</li><li>Deliveries</li><li>Setup 8+ member team to design and deliver Budget Allocation and Budget experimentation.</li><li>Leading Ad Delivery services team, responsible for delivering various capabilities like query understanding, targeting, fraud etc.</li><li>Delivered and Lead Design for observability for budget, and data platform in Ad platform.</li><li>Setup 11+ members high performing team to handle various business needs such as analytics and micro services for Display Advertising as well as Data Platform</li><li>Instrumental in driving Data Platform throughout the SDLC from inception, design, development, testing and deployment.</li><li>Instilled a strong team culture of high-quality delivery by constructive feedback, cross collaboration, focus and motivation.</li><li>Delivered Realtime and Batch Platform with various integrations</li><li>Delivered new DIP design for Data Platform</li><li>Delivered design of all the components of Data processing platform</li><li>Transitioned Display data work to India seamlessly and delivered many critical business impacting features and organizational security initiatives.</li><li>Closely worked with various stakeholders to understand the requirements which resulted into efficient remote work culture.</li><li>Seamless Display execution and set up best practices for 24X7 production on-call.</li><li>Tools and Technologies</li><li>AWS, S3, Kafka, Spark, Hadoop, EMR, Hive, Scoop, Flume, Cassandra, Airflow, Oozie, Gobblin, Schema Store, Icloud, Grafana, Kubernetes, Vertica, Alation, snowflake, druid, Iceberg, Java, Scala, IntelliJ, Oracle, MySql, Git, RIO, Spinnaker, Elastic cache, Grpc, Agile.</li></ul> at Apple - Adplatform

CREATE PROFILE
Sandeep Mishra