Associate Director - Third Party Cybersecurity Risk Assessor

At Lilly, we unite caring with discovery to make life better for people around the world. We are a global healthcare leader headquartered in Indianapolis, Indiana. Our employees around the world work to discover and bring life-changing medicines to those who need them, improve the understanding and management of disease, and give back to our communities through philanthropy and volunteerism. We give our best effort to our work, and we put people first. We’re looking for people who are determined to make life better for people around the world.

Actual compensation will depend on a candidate’s education, experience, skills, and geographic location.  The anticipated wage for this position is

$123,000 - $180,400

What You'll Be Doing:

This role is a part of the Cybersecurity Governance team, responsible for analyzing proposed cybersecurity risks, validating their underlying basis and criticality/severity. You will prescribe risk treatment activities and monitor their completion. Your efforts will drive proactive process improvements and help maintain robust cybersecurity defenses.

This role is an individual contributor who will partner with the various business, Tech at Lilly, and larger information security teams to ensure third party technology is designed and deployed securely and aligned with Cybersecurity and enterprise technology strategies. This individual will perform business and technical security assessments and reviews, primarily for third parties providing product/services to Lilly. This position will be expected to complete high-quality business and technical security assessments across a diverse set of technologies and business functions, while producing high-quality reports for senior leaders.

How You'll Succeed:

• Conduct high-quality third-party assessments, but not limited to business processes, systems, products and services.

• Produce high-quality reports regarding third-party assessments, and peer review others to match consistency.

• Partner with service owners to understand and reduce risks associated with business processes, underlying systems, and/or third parties being assessed.

• Identify and recommend appropriate measures to treat third party risks that reduce potential impacts on information resources to a level acceptable to the senior management of the company.

• Efficiently and effectively triage proposed cybersecurity risks.

• Collaborate with cybersecurity subject matter experts to develop patterns for risk analysis and treatments.

• Provide insights to support ongoing monitoring and visibility of cybersecurity risks to relevant stakeholders.

• Proactively identify process improvements to ensure ongoing and robust communication of cybersecurity risk.

• As a strong verbal and written communicator, you will be able to interact with varying levels of staff and remote team members, to collectively enable and protect Lilly.

• Contribute knowledge and learnings for the team on best practices for security controls, facilitation, partnering, and engagement to provide quality service.

What You Should Bring:

• Prior cybersecurity, quality, risk management, and/or audit experience.

• Knowledge of fundamental security principles, such as identity and access management, network security, endpoint security, cloud security, etc.

• Knowledge of cybersecurity frameworks, standards, and regulations (e.g., NIST, ISO, HIPAA, etc.).

• Ability to effectively communicate with technical and non-technical resources.

• Knowledge of GRC tooling and capabilities.

• Ability to work with minimal guidance and recognize when guidance is needed.

• Excellent collaboration, communication, analytical, and organizational skills.

Your Basic Qualifications:

• Bachelor’s Degree in Computer Science, Information Systems/Management Information Systems, Information Security/Assurance, or an equivalent field of study.

• 7+ years of experience in cybersecurity, with a focus on assessment, compliance, third party risk, or audit.

• 4+ years of proven experience with vendor risk assessments.

Additional Preferences:

• Experience working in a global, multi-cultural environment, with the ability to effectively collaborate with teams across different regions and time zones.

• Excellent communication skills, with the ability to convey technical concepts to non-technical stakeholders.

• CRISC, CISA, CISSP, CISM or other industry certification a plus.

Additional Information:

• Role located in Indianapolis, IN (Hybrid schedule).

Lilly is dedicated to helping individuals with disabilities to actively engage in the workforce, ensuring equal opportunities when vying for positions. If you require accommodation to submit a resume for a position at Lilly, please complete the accommodation request form (https://careers.lilly.com/us/en/workplace-accommodation) for further assistance. Please note this is for individuals to request an accommodation as part of the application process and any other correspondence will not receive a response.
Lilly is an EEO/Affirmative Action Employer and does not discriminate on the basis of age, race, color, religion, gender, sexual orientation, gender identity, gender expression, national origin, protected veteran status, disability or any other legally protected status.

Our employee resource groups (ERGs) offer strong support networks for their members and help our company develop talented individuals for future leadership roles. Our current groups include: Africa, Middle East, Central Asia Network, African American Network, Chinese Culture Network, Early Career Professionals, Japanese International Leadership Network (JILN), Lilly India Network, Organization of Latinos at Lilly, PRIDE (LGBTQ + Allies), Veterans Leadership Network, Women’s Network, Working and Living with Disabilities. Learn more about all of our groups.

Full-time equivalent employees also will be eligible for a company bonus (depending, in part, on company and individual performance). In addition, Lilly offers a comprehensive benefit program to eligible employees, including eligibility to participate in a company-sponsored 401(k); pension; vacation benefits; eligibility for medical, dental, vision and prescription drug benefits; flexible benefits (e.g., healthcare and/or dependent day care flexible spending accounts); life insurance and death benefits; certain time off and leave of absence benefits; and well-being benefits (e.g., employee assistance program, fitness benefits, and employee clubs and activities).Lilly reserves the right to amend, modify, or terminate its compensation and benefit programs in its sole discretion and Lilly’s compensation practices and guidelines will apply regarding the details of any promotion or transfer of Lilly employees.

#WeAreLilly