At Lilly, we unite caring with discovery to make life better for people around the world. We are a global healthcare leader headquartered in Indianapolis, Indiana. Our employees around the world work to discover and bring life-changing medicines to those who need them, improve the understanding and management of disease, and give back to our communities through philanthropy and volunteerism. We give our best effort to our work, and we put people first. We’re looking for people who are determined to make life better for people around the world.

Position Description

Information security risk management is an integral component of Lilly’s IS strategy, program, and operations. As the Director of IS Governance, Risk, and Compliance (GRC) and Business Information Security Organization (BISO), you will be a pivotal member of the IS GRC and BISO leadership teams. Your primary responsibility will be to provide oversight of the LCCI resources supporting both the IS GRC and BISO teams. You will collaborate with the leadership teams to develop and implement appropriate, consistent, and repeatable practices for prioritizing and assigning work to the resource pool that supports these areas..

Key Responsibilities

  Resource Management: Provide oversight and manage work delivered by LCCI resources supporting the GRC and BISO teams.

  Outcome Clarity: Provide clarity in outcomes and measures, ensuring alignment with organizational goals.

  Process Improvement: Understand global processes, identify areas for improvement, and enhance the contributions of the LCCI team.

  Innovation: Introduce new ideas, methods, and approaches, leveraging your expertise to challenge the status quo and drive necessary decisions and actions for business process and technology improvements.

Position RequirementsEducation:Bachelor’s Degree in computer science, management information systems, business administration, information security/assurance or equivalent field of study.Experience:10+ years of operational Information Security or compliance.7+ years' experience in enterprise or operational risk for or in large, complex organizations.5+ years of operational information technology experience.P experience in developing, training, and managing teams while supporting and driving team effectiveness and improvement.Strong capability to direct, lead, monitor and oversee the execution of work done by direct reports.Strong ability to influence and motivate others, even outside of a direct reporting relationship and experience working with diverse cross-geography teams.Skills:Awareness of information security operational metrics (KRI, KPIs) and dashboards, and GRC tools and processes to help drive and monitor adoption.Strong critical thinking skills, with proven history of being an innovative, imaginative self-starter: proactively identifying problems, tinkering with, and determining pragmatic solutions, identifying, and allocating resources, and executing.Demonstrated ability to meet deadlines and commitments in an environment the requires multitasking among concurrent activities and frequent shifting of priorities with little to no oversight.Experience in security audits, governance, risk, and compliance.Knowledge of Security Architecture

Additional Preferences

Education:Master’s Degree in computer science, management information systems, information security/assurance or equivalent field of study.Certifications:CRISC or similar risk certification and CISSP, or similar certification within one year.Experience:Experience with implementing and managing ISO27001, HIPAA and PCIDSS.Experience implementing and executing risk control self-assessments.Knowledge of industry standard Governance, Risk & Compliance tools, and principles.Information technology and information security governance or advisory experienceWorking knowledge of the critical business functions and activities within healthcare industry is a plus.Skills:Ability to collaboratively execute on information security risk management strategy in conjunction with numerous and diverse stakeholders.Demonstrated superior skills at building and maintaining business relationships as well as exerting influence within business relationships without expressed authority.Quick learning agility and a demonstrated natural curiosity.Experience leading leaders, and staff at various levels.Knowledge and understanding of current and emerging information security risks, and innovative risk management frameworks and methods.Strong understanding of IT security best practices for key operational systems like SAP.

Lilly is dedicated to helping individuals with disabilities to actively engage in the workforce, ensuring equal opportunities when vying for positions. If you require accommodation to submit a resume for a position at Lilly, please complete the accommodation request form (https://careers.lilly.com/us/en/workplace-accommodation) for further assistance. Please note this is for individuals to request an accommodation as part of the application process and any other correspondence will not receive a response.

Lilly does not discriminate on the basis of age, race, color, religion, gender, sexual orientation, gender identity, gender expression, national origin, protected veteran status, disability or any other legally protected status.

#WeAreLilly