Sr. Director of Compliance – Cyber GRC

At Lilly, we unite caring with discovery to make life better for people around the world. We are a global healthcare leader headquartered in Indianapolis, Indiana.

Our employees around the world work to discover and bring life-changing medicines to those who need them, improve the understanding and management of disease, and give back to our communities through philanthropy and volunteerism.

We give our best effort to our work, and we put people first. We’re looking for people who are determined to make life better for people around the world.

What You’ll Be Doing :

The Sr Director of Compliance, Cybersecurity will be a key member of the lead team of Cybersecurity Governance, Risk, and Compliance (GRC) at Lilly, serving as both a hands-on practitioner and a leader / mentor for the compliance team.

The Director will be responsible for ensuring the organization adheres to all regulatory and industry standards, conducting mock audits, performing gap analyses, implementing corrective actions, managing attestations and certifications, and overseeing cyber insurance processes.

Additionally, the Director will have managerial responsibilities, collaborating with subject matter experts (SMEs) across the company, including those at Lilly.

The ideal candidate will bring extensive experience in cybersecurity compliance and a strategic mindset to drive continuous improvement in our security posture.

What You Should Bring :

Have excellent knowledge of cybersecurity frameworks and standards; proficiency in frameworks and standards such as ISO 27001, NIST, SOC 2, and others is essential for ensuring compliance and maintaining relevant certifications and attestations.

Actively participate in a leadership role in conducting audits, assessments, and gap analyses, demonstrating technical expertise and leading by example.

Contribute to the development and implementation of compliance processes, tools, and automation scripts to improve efficiency and effectiveness.

Stay up to date with the latest cybersecurity trends, technologies, and best practices, and provide guidance to the team on leveraging new solutions and methodologies.

How You'll Succeed :

Regulatory Compliance : Stay abreast of global regulatory changes and ensure the organization’s cybersecurity practices comply with relevant laws and regulations.

Mock Audits : Plan and conduct regular mock audits to assess the organization’s compliance with internal and external cybersecurity standards and regulations.

Gap Analysis : Perform comprehensive gap analyses to identify areas of non-compliance and potential security risks.

Corrective Action Plans : Develop and oversee the implementation of corrective action plans to address identified gaps and vulnerabilities.

Follow-up on Corrective Actions : Ensure timely follow-up and closure of corrective actions identified during audits and assessments.

Attestations and Certifications : Manage the process for achieving and maintaining relevant cybersecurity certifications and attestations, including ISO 27001, SOC 2, and others.

GRC tools and platforms : Knowledge of Governance, Risk, and Compliance (GRC) tools and platforms would be beneficial for managing compliance processes and reporting effectively.

Policies : Collaborate with the Cybersecurity Governance team to stay updated on cybersecurity policies and procedures.

Risk Management : Collaborate with the Cybersecurity Risk Management team to stay updated on the risk management process.

Data Analysis and Reporting : Proficiency in data analysis tools (e.g., Qualtrics, Power BI) for querying and analyzing security data.

Experience with creating and presenting comprehensive compliance reports and dashboards to senior management.

Cyber Insurance : Oversee the management of the company’s cyber insurance policy, ensuring adequate coverage and compliance with policy requirements.

Managerial Responsibilities : Lead and coach a team of compliance professionals, provide guidance, support, and professional development opportunities through hands-on mentoring, knowledge sharing, and collaborative problem-solving.

Ability to effectively balance technical hands-on work with leadership and mentoring responsibilities, serving as a player and a coach for the compliance team.

Collaboration : Work closely with other relevant SMEs at Lilly and across the organization to ensure a cohesive and comprehensive approach to cybersecurity compliance.

Your Basic Qualifications :

Bachelor’s degree in computer science, Information Technology, Cybersecurity, or a related field

8+ years of experience in cybersecurity governance, risk management, and compliance

3+ years of experience managing a team

Preferred Qualifications :

In-depth knowledge of ISO 27001 controls, including information security policies, risk assessments, and implementation of security controls.

Expertise in mapping NIST Cybersecurity Framework controls to organizational processes and systems.

Risk management certifications (e.g., CRISC, CISA)

Audit-related certifications (e.g., CISA, CGEIT)

Cloud security certifications (e.g., AWS Certified Security - Specialty, Microsoft Azure Security Engineer Associate)

Understanding of SOC 2 criteria and the ability to assess and report on relevant controls.

Familiarity with cloud security best practices and experience with cloud service provider (CSP) security controls and compliance requirements.

Proven experience in conducting audits, gap analyses, and implementing corrective actions.

Excellent understanding of regulatory requirements and industry best practices.

Strong analytical and problem-solving skills.

Exceptional communication and interpersonal skills.

Ability to manage multiple projects and priorities in a fast-paced environment.

High level of integrity and professional ethics.

Knowledge of the MITRE attack framework.

Hands-on experience with vulnerability management tools, security information and event management (SIEM) systems, and other security monitoring solutions.

Proficiency in scripting languages (e.g., Python, PowerShell) for automating tasks, data manipulation, and report generation.

Experience in the pharmaceutical industry or a similar, heavily regulated environment.

Proficiency with GRC tools and platforms.

Demonstrated leadership and team management skills.

Additional Information :

This role is in Indianapolis, IN with a hybrid work model - relocation required

Lilly is dedicated to helping individuals with disabilities to actively engage in the workforce, ensuring equal opportunities when vying for positions.

If you require accommodation to submit a resume for a position at Lilly, please complete the accommodation request form ( https : / / careers.

lilly.com / us / en / workplace-accommodation ) for further assistance. Please note this is for individuals to request an accommodation as part of the application process and any other correspondence will not receive a response.

Lilly is an EEO / Affirmative Action Employer and does not discriminate on the basis of age, race, color, religion, gender, sexual orientation, gender identity, gender expression, national origin, protected veteran status, disability or any other legally protected status.

Our employee resource groups (ERGs) offer strong support networks for their members and help our company develop talented individuals for future leadership roles.

Our current groups include : Africa, Middle East, Central Asia Network, African American Network, Chinese Culture Network, Early Career Professionals, Japanese International Leadership Network (JILN), Lilly India Network, Organization of Latinos at Lilly, PRIDE (LGBTQ + Allies), Veterans Leadership Network, Women’s Network, Working and Living with Disabilities.

Learn more about all of our groups.

WeAreLilly