Cybersecurity Business Analyst - Manufacturing and Quality

At Lilly, we unite caring with discovery to make life better for people around the world. We are a global healthcare leader headquartered in Indianapolis, Indiana. Our employees around the world work to discover and bring life-changing medicines to those who need them, improve the understanding and management of disease, and give back to our communities through philanthropy and volunteerism. We give our best effort to our work, and we put people first. We’re looking for people who are determined to make life better for people around the world.

Protect the manufacturing systems that deliver life-changing medicines to millions of patients worldwide. As a Manufacturing & Quality Cybersecurity Business Analyst, you'll be at the intersection of cutting-edge cybersecurity and pharmaceutical manufacturing, ensuring that our global operations remain secure, compliant, and resilient against evolving threats.

This is a rare opportunity to shape cybersecurity strategy across Lilly's global manufacturing and quality operations. You'll work at the convergence of IT/OT security, GxP compliance, and business enablement—translating complex cyber risks into actionable insights for manufacturing leaders while embedding security into mission-critical systems like SAP, SCADA, and quality management platforms.

You'll be a strategic partner, not just a security enforcer. This role requires someone who can influence upward, build trust across diverse stakeholders, and drive security adoption through collaboration rather than mandates. If you thrive in ambiguity, love solving complex problems, and want your work to directly impact patient safety and product quality, this role is for you.

• Drive cybersecurity strategy and roadmap priorities for Manufacturing and Quality, balancing security requirements with operational needs and GMP compliance across 50+ global manufacturing sites

• Partner with business and IT teams to embed security into SAP manufacturing systems, OT/SCADA environments, quality management platforms, and emerging technologies through secure design principles

• Translate cyber risks into business language for Manufacturing and Quality leadership, presenting security metrics, scorecards, and risk acceptance decisions to executive stakeholders

• Build strategic relationships with internal customers and external partners (CMOs, vendors) to assess and reduce cybersecurity risks while maintaining operational continuity

• Lead security awareness and adoption initiatives within Manufacturing and Quality, influencing security-conscious behaviors and ensuring teams understand their role in protecting critical infrastructure

• Monitor compliance and drive remediation activities to improve the business security posture, ensuring alignment with security policies, industry frameworks (NIST, ISO), and regulatory requirements

• Stay ahead of emerging threats by continuously monitoring cybersecurity trends, attack vectors specific to pharma/manufacturing, and evolving mitigation techniques to enhance preventative and detective capabilities

• Bachelor's degree in Computer Science, Cybersecurity, Information Technology, or a related technical field

• 5+ years of experience in cybersecurity strategy, governance, risk management, or security operations

• Comprehensive expertise across cybersecurity domains: prevention, detection, incident response, recovery, and compliance

• Deep knowledge of security frameworks (NIST CSF, ISO 27001/27002, CIS Controls) and IT risk management standards

• Industry-recognized certification (CISSP, CISM, CRISC, or equivalent)

• Qualified applicants must be authorized to work in the United States on a full-time basis. Lilly will not provide support for or sponsor work authorization or visas for this role, including but not limited to F-1 CPT, F-1 OPT, F-1 STEM OPT, J-1, H-1B, TN, O-1, E-3, H-1B1, or L-1

What You Should Bring

• Master's degree in Cybersecurity, Information Security, or related field

• Experience in pharmaceutical, life sciences, or highly regulated manufacturing environments

• Knowledge of GxP regulations (GMP, CSV/CSA) and how they intersect with cybersecurity requirements

• Proven track record managing complex security programs and cross-functional initiatives

• Familiarity with OT/ICS security, SCADA systems, and IT/OT convergence challenges

• Outstanding communication skills with the ability to articulate technical cyber risks to non-technical business audiences. Experience influencing upward and presenting to senior leadership, including security metrics, business cases, and risk decisions

• Experience with SAP security, manufacturing execution systems (MES), or enterprise quality management systems

• Multiple security certifications (e.g., CISSP + CISM, or specialized certifications like GIAC, SANS)

• Direct impact on patient safety: Your work protects the systems that manufacture medicines for patients worldwide

• Strategic influence: Shape enterprise-wide security strategy and drive security roadmaps across global operations

• Unique technical exposure: Work at the intersection of IT/OT security, SAP manufacturing systems, GxP compliance, and cutting-edge cyber threats

• Continuous learning: Stay ahead of emerging threats, gain expertise in pharmaceutical manufacturing security, and work with world-class cybersecurity and operations teams

• Professional development: Support for advanced certifications, training, conferences, and career growth opportunities within Lilly's cybersecurity organization

• Global collaboration: Partner with manufacturing sites, cybersecurity teams, and business leaders across the world

You'll join the Manufacturing & Quality SAP Cyber Lead Organization, a specialized team within Lilly's Cybersecurity organization dedicated to supporting Manufacturing and Quality functions globally. Our team consists of cybersecurity professionals who understand both the technical intricacies of cyber defense and the operational realities of pharmaceutical manufacturing.

We value partnership over enforcement—bringing security expertise while respecting manufacturing operations and GMP requirements. Our culture emphasizes collaboration, continuous learning, innovation, and pragmatic risk management. We believe security should enable the business, not block it, and we work closely with stakeholders to find the right balance between protection and operational efficiency.

This role requires an experienced professional who can operate at both strategic and tactical levels. You'll be expected to:

• Influence across and upward: Build credibility and present security recommendations to Manufacturing and Quality business partners while navigating organizational complexity

• Bring structure to ambiguity: Take on complex, undefined challenges and create frameworks, processes, and solutions that work in the real world

• Exercise expert judgment: Make informed risk decisions, balance competing priorities, and provide guidance on security vs. operational trade-offs

• Think innovatively: Challenge conventional approaches, identify opportunities for transformational improvements, and stay ahead of industry trends

• Travel: Less than 10%

• Location: Indianapolis, IN

Join us in protecting the systems that make medicines possible.

Lilly is dedicated to helping individuals with disabilities to actively engage in the workforce, ensuring equal opportunities when vying for positions. If you require accommodation to submit a resume for a position at Lilly, please complete the accommodation request form (https://careers.lilly.com/us/en/workplace-accommodation) for further assistance. Please note this is for individuals to request an accommodation as part of the application process and any other correspondence will not receive a response.

Lilly is proud to be an EEO Employer and does not discriminate on the basis of age, race, color, religion, gender identity, sex, gender expression, sexual orientation, genetic information, ancestry, national origin, protected veteran status, disability, or any other legally protected status.

Our employee resource groups (ERGs) offer strong support networks for their members and are open to all employees. Our current groups include: Africa, Middle East, Central Asia Network, Black Employees at Lilly, Chinese Culture Network, Japanese International Leadership Network (JILN), Lilly India Network, Organization of Latinx at Lilly (OLA), PRIDE (LGBTQ+ Allies), Veterans Leadership Network (VLN), Women’s Initiative for Leading at Lilly (WILL), enAble (for people with disabilities). Learn more about all of our groups.

Actual compensation will depend on a candidate’s education, experience, skills, and geographic location.  The anticipated wage for this position is

Full-time equivalent employees also will be eligible for a company bonus (depending, in part, on company and individual performance). In addition, Lilly offers a comprehensive benefit program to eligible employees, including eligibility to participate in a company-sponsored 401(k); pension; vacation benefits; eligibility for medical, dental, vision and prescription drug benefits; flexible benefits (e.g., healthcare and/or dependent day care flexible spending accounts); life insurance and death benefits; certain time off and leave of absence benefits; and well-being benefits (e.g., employee assistance program, fitness benefits, and employee clubs and activities).Lilly reserves the right to amend, modify, or terminate its compensation and benefit programs in its sole discretion and Lilly’s compensation practices and guidelines will apply regarding the details of any promotion or transfer of Lilly employees.

#WeAreLilly