Business Information Security Organization (BISO) Information Security Analyst

At Lilly, we unite caring with discovery to make life better for people around the world. We are a global healthcare leader headquartered in Indianapolis, Indiana. Our employees around the world work to discover and bring life-changing medicines to those who need them, improve the understanding and management of disease, and give back to our communities through philanthropy and volunteerism. We give our best effort to our work, and we put people first. We’re looking for people who are determined to make life better for people around the world.

Job Title:  Business Information Security Organization (BISO) Information Security Analyst – Tech@Lilly

Come help us manage the security of our business functions to protect it from cyber threats!

The Business Information Security Organization is actively looking for an Information Security Analyst.  Are you passionate about using technology to stop cyber actors from stealing, damaging, or disrupting our information and business processes?  If so, bring YOUR skills and talents to the Business Information Security Organization where you’ll have the chance to make an impact!

What You’ll Be Doing:

As the BISO Security Analyst, you will be responsible for aligning business area technology projects, and operations with enterprise security standards, principles, and technologies. You will focus on Risk Management activities such as findings management, risk process execution and the support of reports and metrics. You will partner with enterprise services teams to drive process execution throughout the business units. You will provide consulting and guidance to help drive a security first mindset.

How You’ll Succeed:

• Lead operational engagement and own supporting metrics for measuring cyber security maturity.
• Communicate and coordinate Lilly information security strategy, programs and services with a diverse group of business stakeholders.
• You will identify opportunities to evolve, evangelize, and embed security standards and processes into existing business processes to ensure standardization of Tech@Lilly implementations.
• You will lead risk reduction initiatives related to findings management, control exception, risk management, and incident response in partnership with information security service teams.
• You will drive ongoing continuous improvement and educational efforts focused on Functional Tech@Lilly teams
• Lead business-engaged risk exercises to identify and measure risk and develop mitigation strategies.
• Actively engage and support security incident response team in resolution and close of investigations of incidents with ownership of postmortem and remediation plans
• You will understand the threat landscape and have the ability to translate the general threats into relevant business and technical impacts and communicate relevant risk to stakeholders
• You will have strong interpersonal skills and collaborate effectively on a diverse, global team

What You Should Bring:

• Training in Cyber Security specific disciplines
• Demonstrated ability to prioritize and handle multiple initiatives.
• Demonstrated negotiation and problem resolution skills
• Demonstrated interpersonal, analytical, organizational, written and verbal communication skills.
• Demonstrated knowledge of recognized Information Security related standards and technologies including MITRE Att&K, NIST, ISO 27001
• Previous experience with information security operations
• Security+ or other information security related certifications
• Proficient in information technology knowledge including familiarity with cloud platform deployments, securing CI/CD pipelines, project integration, and secure software development.
• Self-management skills with a focus on results for prompt and accurate completion of challenging work

Basic Requirements: 

• Bachelor’s Degree in Cyber Security, Computer Science, Information Systems or Technology, or related field

Or  

• High School Diploma/GED with min 2-5 years of experience in Cyber Security or related field.

Knowledge of

• Security Audits, Governance, Risk & Compliance
• Information security operational metrics (KRI, KPIs) and dashboards, and
• GRC tools and processes to help drive and monitor adoption.

Lilly is dedicated to helping individuals with disabilities to actively engage in the workforce, ensuring equal opportunities when vying for positions. If you require accommodation to submit a resume for a position at Lilly, please complete the accommodation request form (https://careers.lilly.com/us/en/workplace-accommodation) for further assistance. Please note this is for individuals to request an accommodation as part of the application process and any other correspondence will not receive a response.

Lilly does not discriminate on the basis of age, race, color, religion, gender, sexual orientation, gender identity, gender expression, national origin, protected veteran status, disability or any other legally protected status.

#WeAreLilly