At Lilly, we unite caring with discovery to make life better for people around the world. We are a global healthcare leader headquartered in Indianapolis, Indiana. Our employees around the world work to discover and bring life-changing medicines to those who need them, improve the understanding and management of disease, and give back to our communities through philanthropy and volunteerism. We give our best effort to our work, and we put people first. We’re looking for people who are determined to make life better for people around the world.

What You'll be Doing:

The Associate Director-Cybersecurity Governance, Risk and Compliance will be responsible for developing, implementing, and managing cybersecurity policies and procedures that would be adopted by all employees across our global operations. This role will ensure that our cybersecurity framework aligns with industry best practices, regulatory requirements, and corporate objectives. The ideal candidate will possess a deep understanding of cybersecurity policies, risk management, and compliance, combined with exceptional leadership and communication skills. They will be responsible for driving cybersecurity policy development and implementation, program development activities, supporting and providing risk education and cybersecurity risk management support. The position requires some technical and operational knowledge of cybersecurity, information technology and risk practices.

How You Will Succeed:

• Policy Development & Management:

• Develop, review, and maintain comprehensive cybersecurity policies and procedures that align with industry standards, regulatory requirements, and organizational goals.

• Ensure policies are up-to-date with evolving threats, technologies, and legal requirements.

• Collaborate with cross-functional teams to integrate cybersecurity policies into business processes and technology solutions.

• Ensure that policies are reviewed and updated at a regular cadence.

• Regulatory Compliance:

• Stay informed about global cybersecurity regulations, standards, and best practices (e.g., GDPR, CCPA, ISO 27001, NIST).

• Oversee the company's compliance with relevant laws and standards, ensuring effective implementation and monitoring.

• Prepare and manage audit and compliance documentation, working with internal and external auditors.

What You Should Bring:

• Drive the creation and adoption of Lilly’s cybersecurity policies and standards based on industry frameworks and best practices.

• Lead the enterprise implementation of Lilly’s cybersecurity policies and standards.

• Develop, implement and integrate functional procedures and standards.

• Support the development and/or consolidation, streamlining, simplification and execution of cybersecurity risk management practices.

• Support the management and integration of the GRC tool and processes.

• Drive and support various operational change management activities and efforts.

• Support various cybersecurity education and awareness activities.

• Drive and support the risk and control library and maintain a working knowledge of information technology and security risk practices, tools, processes and requirement.

• Effectively apply security and risk methodologies as derived from security and risk standards and best practices.

Your Basic Qualifications:

• Bachelor's degree in a discipline related to information systems, cybersecurity, or risk or High School Diploma/GED with 10+ years of IT, Security or Risk work experience.

• 7+ years of experience in a role creating, implementing and managing cybersecurity policies.

• 5+ years of experience in leading or working on Cybersecurity, Data Privacy or Compliance/Quality efforts.

• Must have working knowledge with various cybersecurity and risk management frameworks, privacy and security laws and mandates, including: NIST, ISO27001, HIPAA, GDPR, MITRE.

• Qualified candidates must be legally authorized to be employed in the United States. Lilly does not anticipate providing sponsorship for employment visa status (e.g., H-1B or TN status) for this employment position.

Additional Preferences:

• Track record of collaborating with multiple business units to get policies socialized. Demonstrated ability to lead large-medium scale projects or programs and appropriately escalate issues and barriers.

• Demonstrated skills at building and maintaining business relationships.

• Demonstrated ability to think and act strategically.

• Problem solving: able to effectively seeks ways to resolve issues in a streamlined approach while acknowledging inherent complexities.

• GRC experience is a plus.

• Six Sigma experience and certification is a plus.

• Cybersecurity certification, such as CRISC/CISM/CISSP is a plus.

• Organization change management education and certification is a plus.

• Willingness to travel internationally less than 10 percent of your time.

Additional Information

• Role located in Indianapolis, IN with a hybrid work model. Relocation required.

Eli Lilly and Company, Lilly USA, LLC and our wholly owned subsidiaries (collectively “Lilly”) are committed to help individuals with disabilities to participate in the workforce and ensure equal opportunity to compete for jobs. If you require an accommodation to submit a resume for positions at Lilly, please email Lilly Human Resources ( LillyRecruitingCompliance@lists.lilly.com ) for further assistance. Please note This email address is intended for use only to request an accommodation as part of the application process. Any other correspondence will not receive a response.

Lilly is an EEO/Affirmative Action Employer and does not discriminate on the basis of age, race, color, religion, gender, sexual orientation, gender identity, gender expression, national origin, protected veteran status, disability or any other legally protected status.

Our employee resource groups (ERGs) offer strong support networks for their members and help our company develop talented individuals for future leadership roles. Our current groups include: Africa, Middle East, Central Asia Network, African American Network, Chinese Culture Network, Early Career Professionals, Japanese International Leadership Network (JILN), Lilly India Network, Organization of Latinos at Lilly, PRIDE (LGBTQ + Allies), Veterans Leadership Network, Women’s Network, Working and Living with Disabilities. Learn more about all of our groups.

#WeAreLilly