At Lilly, we unite caring with discovery to make life better for people around the world. We are a global healthcare leader headquartered in Indianapolis, Indiana. Our employees around the world work to discover and bring life-changing medicines to those who need them, improve the understanding and management of disease, and give back to our communities through philanthropy and volunteerism. We give our best effort to our work, and we put people first. We’re looking for people who are determined to make life better for people around the world.
At Lilly, we unite caring with discovery to make life better for people around the world. We are a global healthcare leader headquartered in Indianapolis, Indiana. Our 39,000 employees work to discover and bring life-changing medicines to those who need them, improve the understanding and management of disease, and give back to our communities through philanthropy and volunteerism. We give our best effort to our work, and we put people first. We’re looking for people who are determined to make life better for people around the globe.
Role Overview:
Trust is the cornerstone of effective data analysis and consumption, forming a critical pillar in the Enterprise Data Platforms. To empower business partners to share, analyze, and consume data effectively, it is essential to maintain trust by ensuring appropriate access controls and safeguarding data integrity. The Ent.Data Security team is front-and-centre in delivering the features, processes, education, knowledge and consultation across all EDP teams and Lilly functional areas who are involved in building, ingesting, maintaining, analysing and consuming the capabilities of the Enterprise Data Program. Enterprise Data platforms enables the key services required for data transformation, movement across cloud and on-premise systems.
Job Description:
The Security Consultant for Enterprise Data is responsible for ensuring the security of data and compliance with applicable requirements. This role involves implementing security measures, managing risks, and addressing vulnerabilities within the enterprise data services. The Security Consultant will work closely with various teams to ensure the security and integrity of data, and to proactively manage threats.
Key Responsibilities:
Risk Management Process:
· Describe and manage risks to our services, including deviations from LQP controls, internal/external audits, problem deviations, and SME assessments.
· Manage risks within the Archer system, with records held centrally in the services 'Risk' section of the Security Plan.
Vulnerability Management Process:
· Focus on vulnerability management, with an increased emphasis by the Cyber Security Team in 2025.
· Reduce critical vulnerabilities and ensure effective vulnerability management practices.
Proactive Threat Management (PTM) Readiness:
· Respond to PTM calls by the Cyber Security team to close gaps in software vulnerabilities, typically requiring patch applications.
· Maintain systems at the latest patch level to mitigate risks and ensure minor patches are applied instead of major version patching.
Information Security Controls:
· Adapt to changes in cyber security controls, transitioning to a more agile response process.
· Understand and interpret new controls, applying their effects to the enterprise data service catalogue.
· Collaborate with subject matter experts to manage and communicate the impact of new controls to leadership.
Document Review:
· Perform security reviews within enterprise data to ensure the quality of security documentation before routing to BISO approval.
· Work with the cybersecurity team to approve security documentation and improve project timelines.
Qualifications:
· Demonstrated expertise and experience in security-focused roles.
· In-depth experience with data security, especially on AWS and Azure platforms.
· Significant experience in cloud security architecture, methods, and tools.
· Strong analytical and troubleshooting skills with the capability to handle and own critical issues through to resolution.
· Experience in design and implementation guidance to DevSecOps processes.
· Experience leading large-scale projects and mentoring other security practitioners.
· Knowledge of security program management, cyber threat management, identity and access management, and data protection (encryption).
Lilly is dedicated to helping individuals with disabilities to actively engage in the workforce, ensuring equal opportunities when vying for positions. If you require accommodation to submit a resume for a position at Lilly, please complete the accommodation request form (https://careers.lilly.com/us/en/workplace-accommodation) for further assistance. Please note this is for individuals to request an accommodation as part of the application process and any other correspondence will not receive a response.
Lilly does not discriminate on the basis of age, race, color, religion, gender, sexual orientation, gender identity, gender expression, national origin, protected veteran status, disability or any other legally protected status.
#WeAreLilly