Eli Lilly and Company
Associate Director - Business Risks & Controls - US Consumer
Eli Lilly and Company, Indiana, Pennsylvania, us, 15705
At Lilly, we unite caring with discovery to make life better for people around the world. We are a global healthcare leader headquartered in Indianapolis, Indiana. Our employees around the world work to discover and bring life-changing medicines to those who need them, improve the understanding and management of disease, and give back to our communities through philanthropy and volunteerism. We give our best effort to our work, and we put people first. We’re looking for people who are determined to make life better for people around the world.Associate Director – Business Risks & Controls – US ConsumerJoin our Lilly Business Insights & Analytics (BI&A) Team, a group of 150+ professionals with diverse backgrounds and experiences. We drive relevant, real-time, data-driven business decisions across marketing, sales, medical affairs, and other functions in Lilly USA, leading to Best-in-Class customer engagements that enhance patient outcomes and business performance.As the Associate Director – Business Risks & Controls, you will accelerate this transformation by leading our Risk & Controls Assurance Program, setting the business context, and driving the strategic vision for continuous controls monitoring for the US Consumer Team.In this role, you will be responsible for managing first line risk and controls within the Global Customer Office (GCO), and identifying and mitigating cybersecurity and privacy risks in line with the company’s standards. You will also provide subject matter expertise and technical guidance to technology-aligned process owners, ensuring that implemented controls are operating effectively and in compliance with regulatory, legal, and industry standards.By partnering with various stakeholders, including Product Owners, Business Control Managers, and Auditors, you will contribute to the reporting of a comprehensive view of GCO’s risk posture and its impact on the business. Your advanced knowledge of control frameworks and risk management practices will enable you to drive innovative solutions and ensure effective controls are implemented to match risk to tolerance in a dynamic and evolving risk landscape. You will need to be comfortable working with a wide range of stakeholders including senior management and foster trusted relationships across technology, risk, privacy, and control organizations.
Key Responsibilities:Create and manage the first line Risk & Controls Assurance Program for the Global Customer Office ensuring a sustainable and disciplined end-to-end control environment and serve as the primary business liaison to second line teamsEstablish GCO’s control framework process including the identification, classification and review of the control environmentProactively monitor and evaluate control effectiveness, define key control indicators, identify gaps, and recommend enhancements to strengthen risk postureRecognized technical authority for GCO privacy and cyber controlsSupport technical, legal and compliance teams in the quality, completeness and accuracy of enterprise control frameworks applied to the GCO organization (ex: NIST and Process, Risk & Control frameworks) for Personal Information including Sensitive Personal InformationPartner with control and process owners to recommend corrective actions and improvements, provide challenge to ensure appropriate escalation in accordance with Issue Management and Escalation policiesResponsible for incident management processes associated with controlsEnsure effective identification, quantification, communication, and management of GCO’s risks, focusing on root cause analysis and resolution recommendationsDevelop and maintain robust relationships, becoming a trusted partner with second line teams, technologists, assessment teams, and data officers to facilitate cross-functional collaboration and progress toward shared goalsExecute reporting and governance of controls, policies, issue management, and measurements, offering senior management insights into control effectiveness and inform governance workProvide expertise and understanding of regulatory environment and new developments; develop and recommend action plans for initiatives that have regulatory impactApply specialized knowledge in particular non-financial risk domains, and broad acumen across facets of all domains including data, privacy, cybersecurity, technology, cloud, operational resiliency, third party and product riskCoordinate risk and control responsibilities and ensure accountabilities are embedded within the business, including providing training and leading by exampleBasic Requirements:Bachelor's degree or higher preferably in STEM-related field (e.g., Computer Science, Cybersecurity, Engineering, Data Science, or Applied Mathematics)4+ years of experience in technology risk management and controls governanceQualified candidates must be legally authorized to be employed in the United States. Lilly does not anticipate providing sponsorship for employment visa status (e.g., H-1B or TN status) for this employment position.Additional Skills/ Preferences:Strong understanding of regulatory compliance requirements, best practices, and industry risk and control frameworks such as NIST CSF, CRI Cyber Profile, CSA Cloud Controls, ISO 27000, COBIT, Basel Operational Risk PrinciplesFamiliarity with global laws and regulations related to technology, cyber and privacyProficient knowledge and expertise in data security, risk assessment & reporting, control evaluation, design, and governance, with a proven record of implementing effective risk mitigation strategiesExcellent leadership, analytical, and problem-solving skillsDemonstrated ability to communicate, translate and simplify complex technical risk and control concepts for non-technical stakeholders to enable clear understanding and informed decision-makingStrong collaborator able to build and maintain strong relationships with agile teams and internal/external stakeholdersHigh intellectual curiosity with a passion for data privacy and security controlsExperience in highly regulated industries including pharmaceutical, device manufacturer, health or financial services industriesIT-control related certifications (e.g., CISSP, CRISC, CISA, CISM, CIPT, CIPP)Familiarity with Agile development
#J-18808-Ljbffr
Key Responsibilities:Create and manage the first line Risk & Controls Assurance Program for the Global Customer Office ensuring a sustainable and disciplined end-to-end control environment and serve as the primary business liaison to second line teamsEstablish GCO’s control framework process including the identification, classification and review of the control environmentProactively monitor and evaluate control effectiveness, define key control indicators, identify gaps, and recommend enhancements to strengthen risk postureRecognized technical authority for GCO privacy and cyber controlsSupport technical, legal and compliance teams in the quality, completeness and accuracy of enterprise control frameworks applied to the GCO organization (ex: NIST and Process, Risk & Control frameworks) for Personal Information including Sensitive Personal InformationPartner with control and process owners to recommend corrective actions and improvements, provide challenge to ensure appropriate escalation in accordance with Issue Management and Escalation policiesResponsible for incident management processes associated with controlsEnsure effective identification, quantification, communication, and management of GCO’s risks, focusing on root cause analysis and resolution recommendationsDevelop and maintain robust relationships, becoming a trusted partner with second line teams, technologists, assessment teams, and data officers to facilitate cross-functional collaboration and progress toward shared goalsExecute reporting and governance of controls, policies, issue management, and measurements, offering senior management insights into control effectiveness and inform governance workProvide expertise and understanding of regulatory environment and new developments; develop and recommend action plans for initiatives that have regulatory impactApply specialized knowledge in particular non-financial risk domains, and broad acumen across facets of all domains including data, privacy, cybersecurity, technology, cloud, operational resiliency, third party and product riskCoordinate risk and control responsibilities and ensure accountabilities are embedded within the business, including providing training and leading by exampleBasic Requirements:Bachelor's degree or higher preferably in STEM-related field (e.g., Computer Science, Cybersecurity, Engineering, Data Science, or Applied Mathematics)4+ years of experience in technology risk management and controls governanceQualified candidates must be legally authorized to be employed in the United States. Lilly does not anticipate providing sponsorship for employment visa status (e.g., H-1B or TN status) for this employment position.Additional Skills/ Preferences:Strong understanding of regulatory compliance requirements, best practices, and industry risk and control frameworks such as NIST CSF, CRI Cyber Profile, CSA Cloud Controls, ISO 27000, COBIT, Basel Operational Risk PrinciplesFamiliarity with global laws and regulations related to technology, cyber and privacyProficient knowledge and expertise in data security, risk assessment & reporting, control evaluation, design, and governance, with a proven record of implementing effective risk mitigation strategiesExcellent leadership, analytical, and problem-solving skillsDemonstrated ability to communicate, translate and simplify complex technical risk and control concepts for non-technical stakeholders to enable clear understanding and informed decision-makingStrong collaborator able to build and maintain strong relationships with agile teams and internal/external stakeholdersHigh intellectual curiosity with a passion for data privacy and security controlsExperience in highly regulated industries including pharmaceutical, device manufacturer, health or financial services industriesIT-control related certifications (e.g., CISSP, CRISC, CISA, CISM, CIPT, CIPP)Familiarity with Agile development
#J-18808-Ljbffr