R-67563 Governance, Risk, & Compliance (GRC) Risk Analyst

At Lilly, we unite caring with discovery to make life better for people around the world. We are a global healthcare leader headquartered in Indianapolis, Indiana. Our employees around the world work to discover and bring life-changing medicines to those who need them, improve the understanding and management of disease, and give back to our communities through philanthropy and volunteerism. We give our best effort to our work, and we put people first. We’re looking for people who are determined to make life better for people around the world.

• Knowledge of fundamental security principles, common controls, and applicable cyber defense mitigations
• Exceptional analytical capabilities
• Strong ability to collaborate across diverse teams and functional areas
• Excellent communication skills

As a GRC Risk Analyst, you will be responsible for analyzing proposed cybersecurity risks, including validation of the underlying basis and criticality/severity of proposed risks.  You will prescribe risk treatment activities and monitor and validate completion of risk treatment activities.  Your efforts will drive proactive process improvements and help maintain robust cybersecurity defenses.Key Responsibilities:

• Act as the first line of analysis (L1) to validate that a proposed cybersecurity risk meets criteria for tracking, treatment, and monitoring.
• Identify and appropriately elevate proposed cybersecurity risks that required more detailed and/or tailored analyses by Level 2 cybersecurity technical subject matter experts (L2).
• Recommend and implementappropriate measures to treat risks that reduce potential impacts on information resources to a level acceptable to the senior management of the company.
• Identify and report on new and emerging security risks and risk trends, including participating in risk-treatment discussions and updates to compliance policy and standards.
• Fully understand business requirements and work with cybersecurity business area representatives to define appropriate solutions that satisfy security objectives while meeting business needs.
• Participate in the review of changes in processes, standards, and technology to ensure the effectiveness of security controls to meet compliance requirements.
• Support continuous improvements in cybersecurity risk management.

• Efficiently and effectively triage proposed cybersecurity risks.
• Collaborate with cybersecurity subject matter experts to develop patterns for risk analysis and risk treatments.
• Provide insights to support ongoing monitoring and visibility of cybersecurity risks to relevant stakeholders.
• Proactively identify process improvements to ensure ongoing and robust communication of cybersecurity risk.

• Prior cybersecurity, quality, risk management, and/or audit experience.
• Knowledge of cybersecurity frameworks, standards, and regulations (e.g., NIST, ISO, HIPAA, etc.).
• Ability to effectively communicate with technical and non-technical resources.
• Ability to work with minimal guidance and to recognize when guidance is needed.
• Relevant certifications such as CISSP, CISM, or GIAC are a plus.

• Bachelor’s Degree in computer science, management information systems, business administration, information security/assurance or equivalent field of study.
• 2-3 years of experience in information security, with a focus on assessment or compliance.
• Working experience / Focus on Risk Assessments & Compliance
• Proven track record of managing and monitoring cyber risks.
• Experience working in a global, multi-cultural environment, with the ability to effectively collaborate with teams across different regions and time zones.
• Excellent communication skills, with the ability to convey technical concepts to non-technical stakeholders.
• Good to have – Aravo & Archer expertise (Risk Management tools)

Lilly is dedicated to helping individuals with disabilities to actively engage in the workforce, ensuring equal opportunities when vying for positions. If you require accommodation to submit a resume for a position at Lilly, please complete the accommodation request form (https://careers.lilly.com/us/en/workplace-accommodation) for further assistance. Please note this is for individuals to request an accommodation as part of the application process and any other correspondence will not receive a response.

Lilly does not discriminate on the basis of age, race, color, religion, gender, sexual orientation, gender identity, gender expression, national origin, protected veteran status, disability or any other legally protected status.

#WeAreLilly