Associate Director-Info Security Risk Mgmt
Job Description
At Lilly, we unite caring with discovery to make life better for people around the world. We are a global healthcare leader headquartered in Indianapolis, Indiana. Our 35,000 employees around the world work to discover and bring life-changing medicines to those who need them, improve the understanding and management of disease, and give back to our communities through philanthropy and volunteerism. We give our best effort to our work, and we put people first. We're looking for people who are determined to make life better for people around the world.
Organization Overview:
At Lilly, we serve an extraordinary purpose. We make a difference for people around the globe by discovering, developing and delivering medicines that help them live longer, healthier, more active lives. Not only do we deliver breakthrough medications, but you also can count on us to develop creative solutions to support communities through philanthropy and volunteerism.
Responsibilities:
Information security risk management and business engagement is an integral component of Lilly's information security strategy, program and operations. This role will help to sustain and mature the risk-based roadmap for information security risk management and business engagement programs. Qualified candidate must be legally authorized to be employed in the United States. Lilly does not anticipate providing sponsorship for employment visa status (e.g., H-1B or TN status) for this position.
The Information Security Risk Management Consultant functions as a highly skilled security, technology, and risk consultant.
The Consultant will be responsible for driving various activities, including information security risk assessments, IS risk management program development activities, risk education, risk advisory services, and external audit/assessment coordination.
The Consultant will lead or participate in requirements gathering sessions, solution design, solution delivery, and the on-going operation of GRC tools.
The Consultant will also drive and support efforts to reduce attack surface and mitigate risk.
The position requires technical and operational knowledge of information security, information technology, and risk management practices.
Position Details
Support the development and/or consolidation, streamlining, and simplification of information security risk management practices
Triage assessment requests for proper prioritization and scoping.
Serve as risk and controls assessor for various systems, 3rd parties, and business processes across Lilly
Effectively deliver assessment results to stakeholders and verify that proper mitigation of risk will occur
Drive and support quarterly convergence reporting
Drive and support the management and integration of GRC tools and processes
Drive and support various operational change management activities and efforts
Support various information security education and awareness activities
Drive and support data classification, data handling, and data lifecycle risk management efforts
Develop, implement, and integrate functional procedures and standards related to risk management
Drive and support the risk and control library and maintain a working knowledge of information technology and security risk practices, tools, processes and requirement
Effectively applies security and risk methodologies as derived from security and risk standards and best practices
Basic Qualifications:
Bachelor's Degree in a discipline related to information systems, information security, or risk
CRISC, CISSP, CISA, CISM or similar certification or certification within one year
5 years of experience in a role conducting or coordinating risk assessments or IT/IS audit work
5 years of experience in information security
Additional Skills/Preferences:
Demonstrated skills at building and maintaining business relationships
Demonstrated ability to think and act strategically
GRC experience a plus
Six Sigma experience and certification a plus
Organization change management education and certification a plus
Willingness to travel internationally less than 10 percent of your time
Demonstrated ability to lead medium-scale projects or programs and appropriately escalate issues and barriers.
Problem solving: able to effectively seeks ways to resolve issues in a streamlined approach while acknowledging inherent complexities.
Eli Lilly and Company, Lilly USA, LLC and our wholly owned subsidiaries (collectively "Lilly") are committed to help individuals with disabilities to participate in the workforce and ensure equal opportunity to compete for jobs. If you require an accommodation to submit a resume for positions at Lilly, please email Lilly Human Resources ( [email protected] ) for further assistance. Please note This email address is intended for use only to request an accommodation as part of the application process. Any other correspondence will not receive a response.
Lilly is an EEO/Affirmative Action Employer and does not discriminate on the basis of age, race, color, religion, gender, sexual orientation, gender identity, gender expression, national origin, protected veteran status, disability or any other legally protected status.
Our employee resource groups (ERGs) offer strong support networks for their members and help our company develop talented individuals for future leadership roles. Our current groups include: Africa, Middle East, Central Asia Network, African American Network, Chinese Culture Network, Early Career Professionals, Japanese International Leadership Network (JILN), Lilly India Network, Organization of Latinos at Lilly, PRIDE (LGBTQ + Allies), Veterans Leadership Network, Women's Network, Working and Living with Disabilities. Learn more about all of our groups.
As a condition of employment with Eli Lilly and Company and its subsidiaries in the United States and Puerto Rico, you must be fully COVID-19 vaccinated and provide proof of vaccination satisfactory to the company (subject to applicable law).
#WeAreLilly
Organization Overview:
At Lilly, we serve an extraordinary purpose. We make a difference for people around the globe by discovering, developing and delivering medicines that help them live longer, healthier, more active lives. Not only do we deliver breakthrough medications, but you also can count on us to develop creative solutions to support communities through philanthropy and volunteerism.
Responsibilities:
Information security risk management and business engagement is an integral component of Lilly's information security strategy, program and operations. This role will help to sustain and mature the risk-based roadmap for information security risk management and business engagement programs. Qualified candidate must be legally authorized to be employed in the United States. Lilly does not anticipate providing sponsorship for employment visa status (e.g., H-1B or TN status) for this position.
The Information Security Risk Management Consultant functions as a highly skilled security, technology, and risk consultant.
The Consultant will be responsible for driving various activities, including information security risk assessments, IS risk management program development activities, risk education, risk advisory services, and external audit/assessment coordination.
The Consultant will lead or participate in requirements gathering sessions, solution design, solution delivery, and the on-going operation of GRC tools.
The Consultant will also drive and support efforts to reduce attack surface and mitigate risk.
The position requires technical and operational knowledge of information security, information technology, and risk management practices.
Position Details
Support the development and/or consolidation, streamlining, and simplification of information security risk management practices
Triage assessment requests for proper prioritization and scoping.
Serve as risk and controls assessor for various systems, 3rd parties, and business processes across Lilly
Effectively deliver assessment results to stakeholders and verify that proper mitigation of risk will occur
Drive and support quarterly convergence reporting
Drive and support the management and integration of GRC tools and processes
Drive and support various operational change management activities and efforts
Support various information security education and awareness activities
Drive and support data classification, data handling, and data lifecycle risk management efforts
Develop, implement, and integrate functional procedures and standards related to risk management
Drive and support the risk and control library and maintain a working knowledge of information technology and security risk practices, tools, processes and requirement
Effectively applies security and risk methodologies as derived from security and risk standards and best practices
Basic Qualifications:
Bachelor's Degree in a discipline related to information systems, information security, or risk
CRISC, CISSP, CISA, CISM or similar certification or certification within one year
5 years of experience in a role conducting or coordinating risk assessments or IT/IS audit work
5 years of experience in information security
Additional Skills/Preferences:
Demonstrated skills at building and maintaining business relationships
Demonstrated ability to think and act strategically
GRC experience a plus
Six Sigma experience and certification a plus
Organization change management education and certification a plus
Willingness to travel internationally less than 10 percent of your time
Demonstrated ability to lead medium-scale projects or programs and appropriately escalate issues and barriers.
Problem solving: able to effectively seeks ways to resolve issues in a streamlined approach while acknowledging inherent complexities.
Eli Lilly and Company, Lilly USA, LLC and our wholly owned subsidiaries (collectively "Lilly") are committed to help individuals with disabilities to participate in the workforce and ensure equal opportunity to compete for jobs. If you require an accommodation to submit a resume for positions at Lilly, please email Lilly Human Resources ( [email protected] ) for further assistance. Please note This email address is intended for use only to request an accommodation as part of the application process. Any other correspondence will not receive a response.
Lilly is an EEO/Affirmative Action Employer and does not discriminate on the basis of age, race, color, religion, gender, sexual orientation, gender identity, gender expression, national origin, protected veteran status, disability or any other legally protected status.
Our employee resource groups (ERGs) offer strong support networks for their members and help our company develop talented individuals for future leadership roles. Our current groups include: Africa, Middle East, Central Asia Network, African American Network, Chinese Culture Network, Early Career Professionals, Japanese International Leadership Network (JILN), Lilly India Network, Organization of Latinos at Lilly, PRIDE (LGBTQ + Allies), Veterans Leadership Network, Women's Network, Working and Living with Disabilities. Learn more about all of our groups.
As a condition of employment with Eli Lilly and Company and its subsidiaries in the United States and Puerto Rico, you must be fully COVID-19 vaccinated and provide proof of vaccination satisfactory to the company (subject to applicable law).
#WeAreLilly
Date Posted
09/29/2022
Views
0
Positive
Subjectivity Score: 0.8
Similar Jobs
Remote Licensed Customer Service Representative - Liberty Mutual Insurance
Views in the last 30 days - 0
View DetailsRemote Licensed Customer Service Representative - Liberty Mutual Insurance
Views in the last 30 days - 0
View Details