At Lilly, we unite caring with discovery to make life better for people around the world. We are a global healthcare leader headquartered in Indianapolis, Indiana. Our employees around the world work to discover and bring life-changing medicines to those who need them, improve the understanding and management of disease, and give back to our communities through philanthropy and volunteerism. We give our best effort to our work, and we put people first. We’re looking for people who are determined to make life better for people around the world.
We are seeking a skilled and motivated Digital Sustainability Governance, Risk and Compliance (GRC) talent to join our data governance, privacy, cybersecurity, and artificial intelligence team (the “digital sustainability team”) within the Legal department. This role is pivotal in maintaining a robust framework that encompasses comprehensive privacy, artificial intelligence (AI), and data governance policies. The ideal candidate will possess a deep understanding of privacy and AI risk management practices and ensure that our policies align with industry standards, regulatory requirements, and organizational goals.
Do you have experience with data governance and risk management, using your knowledge of global laws and privacy frameworks? Bring your skills to Lilly and make an impact today! We want you on our team!
ResponsibilitiesPolicy Development & Management:
Develop, implement, and maintain a comprehensive GRC framework that address privacy, AI, and data governance.Ensure compliance with industry standards, regulatory requirements, and organizational objectives.Monitor and analyze changes in regulations and industry trends to update policies and frameworks accordinglyEnsure policies are up-to-date with evolving threats, technologies, and legal requirements.Ensure that policies are reviewed and updated at a regular cadence.Refine and maintain procedures and job aids supporting the frameworkProvide training and guidance to staff on GRC policies and proceduresRisk Management:
Contribute in the performance of internal assessments and gap analyses. Report findings and recommend corrective actions to support the maturity and effectiveness of Digital Sustainability ProgramDevelop and implement key performance and risk indicators (KPIs/KRIs) to drive strategic decision-making, and use data-driven insights to enhance the Digital Sustainability Program.Establish and maintain robust monitoring mechanisms to ensure compliance with controls. Prepare and present comprehensive reports to senior management and collaborators.Maintain the risk registry and related processesRegulatory Compliance:
Stay informed about global privacy, artificial intelligence, and data governance regulations, standards, and best practicesOversee the company's compliance with relevant laws and standards, ensuring effective implementation and monitoring.Prepare and manage audit and compliance documentation, working with internal and external auditors.Technology
Integrate the Digital Sustainability Program with technology to find efficiencies and improve effectivenessAlign the Digital Sustainability Program risk posture with the overall company risk tolerance in a GRC toolEmploy technology, including artificial intelligence, to automate and find efficiencies in various program controlsBasic QualificationsBachelor's degree in risk management, law, computer science, information management, or related fieldProven experience (3+ years) in a GRC or privacy program management role, preferably in a technology-focused roleQualified applicants must be authorized to work in the United States on a full-time basis. Lilly will not provide support for or sponsor work authorization and/or visas for this roleAdditional Skills/PreferencesExperience creating, implementing and managing privacy policies/controlsStrong project & change management skillsExperience with privacy-enhancing technologies, data governance, and risk managementProficiency in developing and tracking privacy metrics and Key Performance IndicatorsSolid understanding of laws, regulations, and standards (e.g. NIST AI RMF, NIST Privacy Framework, ISO, NIST CSF, EU AI Act, GDPR, CPRA, HIPAA, etc) in the realm of Digital Sustainability (e.g. privacy, artificial intelligence, cybersecurity, and data governance)Proficiency in PIA/DPIA methodologies, presided over or contributed in privacy by design workCertification in artificial intelligence, privacy, or risk management such as AIGP, CIPP, CIPM, CIPT or CRISCExperience as an IT/Security/Privacy auditorStrong communication, presentation, and interpersonal skillsAbility to work independently and collaboratively in a fast-paced environmentHigh attention to detail and accuracyLilly is dedicated to helping individuals with disabilities to actively engage in the workforce, ensuring equal opportunities when vying for positions. If you require accommodation to submit a resume for a position at Lilly, please complete the accommodation request form (https://careers.lilly.com/us/en/workplace-accommodation) for further assistance. Please note this is for individuals to request an accommodation as part of the application process and any other correspondence will not receive a response.
Lilly is an EEO/Affirmative Action Employer and does not discriminate on the basis of age, race, color, religion, gender, sexual orientation, gender identity, gender expression, national origin, protected veteran status, disability or any other legally protected status.
Our employee resource groups (ERGs) offer strong support networks for their members and help our company develop talented individuals for future leadership roles. Our current groups include: Africa, Middle East, Central Asia Network, African American Network, Chinese Culture Network, Early Career Professionals, Japanese International Leadership Network (JILN), Lilly India Network, Organization of Latinos at Lilly, PRIDE (LGBTQ + Allies), Veterans Leadership Network, Women’s Network, Working and Living with Disabilities. Learn more about all of our groups.
#WeAreLilly