Leader - IS Governance, Risk, and Compliance (GRC) and Business Information Security Organization (BISO)

At Lilly, we unite caring with discovery to make life better for people around the world. We are a global healthcare leader headquartered in Indianapolis, Indiana. Our employees around the world work to discover and bring life-changing medicines to those who need them, improve the understanding and management of disease, and give back to our communities through philanthropy and volunteerism. We give our best effort to our work, and we put people first. We’re looking for people who are determined to make life better for people around the world.

Information security risk management is an integral component of Lilly’s IS strategy, program, and operations. This leader will sit on the IS GRC and BISO lead teams and be responsible for providing oversight of the LCCI resources that support both the IS GRC and BISO teams.  This role will work with the two lead teams to develop and implement appropriate, consistent, and repeatable practices for prioritizing and assigning work to the resource pool that supports these areas

.

• Provides oversight of and manage work being delivered from the LCCI resources that support the GRC and BISO teams
• Provide clarity in outcomes and measures
• Understand global processes and identify areas for improvement and contribution from the LCCI team
• Brings new ideas, methods, and approaches by leveraging expertise to challenge the status quo and drive decisions and actions necessary to improve our business processes and related technology.
• Leads direct reports and cross-functional teams in the execution of the IS GRC and BISO strategies.

• Education: Bachelor’s Degree in computer science, management information systems, business administration, information security/assurance or equivalent field of study.
• 10+ years of operational Information Security or compliance.
• 7+ years experience in enterprise or operational risk for or in large, complex organizations.
• 5+ years of operational information technology experience.

• Experience developing, training, and managing teams while supporting and driving team effectiveness and improvement.

• Strong ability to direct, lead, monitor and oversee the execution of work done by direct reports.
• Strong ability to influence and motivate others, even outside of a direct reporting relationship and experience working with diverse cross-geography teams.
• Experience with information security operational metrics (KRI, KPIs) and dashboards, and GRC tools and processes to help drive and monitor adoption.
• Strong critical thinking skills, with proven history of being an innovative, imaginative self-starter: proactively identifying problems, tinkering with, and determining pragmatic solutions, identifying, and allocating resources, and executing.
• Demonstrated ability to meet deadlines and commitments in an environment the requires multitasking among concurrent activities and frequent shifting of priorities with little to no oversight.

Additional Preferences

• Master’s Degree in computer science, management information systems, information security/assurance or equivalent field of study.
• CRISC or similar risk certification and CISSP, or similar certification within one year.
• Experience with implementing and managing ISO27001, HIPAA and PCIDSS.
• Experience implementing and executing risk control self-assessments.
• Knowledge of industry standard Governance, Risk & Compliance tools, and principles.
• Information technology and information security governance or advisory experience
• Working knowledge of the critical business functions and activities within healthcare industry is a plus.
• Ability to collaboratively execute on information security risk management strategy in conjunction with numerous and diverse stakeholders.
• Demonstrated superior skills at building and maintaining business relationships as well as exerting influence within business relationships without expressed authority.
• Quick learning agility and a demonstrated natural curiosity.
• Experience leading leaders, and staff at various levels.
• Knowledge and understanding of current and emerging information security risks, and innovative risk management frameworks and methods.
• Strong understanding of IT security best practices for key operational systems like SAP.

Eli Lilly and Company, Lilly USA, LLC and our wholly owned subsidiaries (collectively “Lilly”) are committed to help individuals with disabilities to participate in the workforce and ensure equal opportunity to compete for jobs. If you require an accommodation to submit a resume for positions at Lilly, please email Lilly Human Resources ( Lilly_Recruiting_Compliance@lists.lilly.com ) for further assistance. Please note This email address is intended for use only to request an accommodation as part of the application process. Any other correspondence will not receive a response.

Lilly does not discriminate on the basis of age, race, color, religion, gender, sexual orientation, gender identity, gender expression, national origin, protected veteran status, disability or any other legally protected status.

#WeAreLilly