Associate Director - Business Risks & Controls - US Consumer

At Lilly, we unite caring with discovery to make life better for people around the world. We are a global healthcare leader headquartered in Indianapolis, Indiana. Our employees around the world work to discover and bring life-changing medicines to those who need them, improve the understanding and management of disease, and give back to our communities through philanthropy and volunteerism. We give our best effort to our work, and we put people first. We’re looking for people who are determined to make life better for people around the world.

Associate Director – Business Risks & Controls – US Consumer

Join our Lilly Business Insights & Analytics (BI&A) Team, a group of 150+ professionals with diverse backgrounds and experiences.  We drive relevant, real-time, data-driven business decisions across marketing, sales, medical affairs, and other functions in Lilly USA, leading to Best-in-Class customer engagements that enhance patient outcomes and business performance.

Lilly is undergoing a transformation journey to redefine the customer experience.  By leveraging personalized customer insights across our brands, we are creating a unified and seamless customer journey across all channels and audiences. 

As the Associate Director – Business Risks & Controls, you will accelerate this transformation by leading our Risk & Controls Assurance Program, setting the business context, and driving the strategic vision for continuous controls monitoring for the US Consumer Team. 

In this role, you will be responsible for managing first line risk and controls within the Global Customer Office (GCO), and identifying and mitigating cybersecurity and privacy risks in line with the company’s standards.  You will also provide subject matter expertise and technical guidance to technology-aligned process owners, ensuring that implemented controls are operating effectively and in compliance with regulatory, legal, and industry standards.

By partnering with various stakeholders, including Product Owners, Business Control Managers, and Auditors, you will contribute to the reporting of a comprehensive view of GCO’s risk posture and its impact on the business. Your advanced knowledge of control frameworks and risk management practices will enable you to drive innovative solutions and ensure effective controls are implemented to match risk to tolerance in a dynamic and evolving risk landscape.  You will need to be comfortable working with a wide range of stakeholders including senior management and foster trusted relationships across technology, risk, privacy, and control organizations.

Key Responsibilities: 

• Create and manage the first line Risk & Controls Assurance Program for the Global Customer Office ensuring a sustainable and disciplined end-to-end control environment and serve as the primary business liaison to second line teams

• Establish GCO’s control framework process including the identification, classification and review of the control environment

• Proactively monitor and evaluate control effectiveness, define key control indicators, identify gaps, and recommend enhancements to strengthen risk posture

• Recognized technical authority for GCO privacy and cyber controls

• Support technical, legal and compliance teams in the quality, completeness and accuracy of enterprise control frameworks applied to the GCO organization (ex: NIST and Process, Risk & Control frameworks) for Personal Information including Sensitive Personal Information

• Partner with control and process owners to recommend corrective actions and improvements, provide challenge to ensure appropriate escalation in accordance with Issue Management and Escalation policies

• Responsible for incident management processes associated with controls

• Ensure effective identification, quantification, communication, and management of GCO’s risks, focusing on root cause analysis and resolution recommendations

• Develop and maintain robust relationships, becoming a trusted partner with second line teams, technologists, assessment teams, and data officers to facilitate cross-functional collaboration and progress toward shared goals

• Execute reporting and governance of controls, policies, issue management, and measurements, offering senior management insights into control effectiveness and inform governance work

• Provide expertise and understanding of regulatory environment and new developments; develop and recommend action plans for initiatives that have regulatory impact

• Apply specialized knowledge in particular non-financial risk domains, and broad acumen across facets of all domains including data, privacy, cybersecurity, technology, cloud, operational resiliency, third party and product risk

• Coordinate risk and control responsibilities and ensure accountabilities are embedded within the business, including providing training and leading by example

Basic Requirements: 

• Bachelor's degree or higher preferably in STEM-related field (e.g., Computer Science, Cybersecurity, Engineering, Data Science, or Applied Mathematics)

• 4+ years of experience in technology risk management and controls governance

• Qualified candidates must be legally authorized to be employed in the United States. Lilly does not anticipate providing sponsorship for employment visa status (e.g., H-1B or TN status) for this employment position.

Additional Skills/ Preferences:  

• Strong understanding of regulatory compliance requirements, best practices, and industry risk and control frameworks such as NIST CSF, CRI Cyber Profile, CSA Cloud Controls, ISO 27000, COBIT, Basel Operational Risk Principles

• Familiarity with global laws and regulations related to technology, cyber and privacy

• Proficient knowledge and expertise in data security, risk assessment & reporting, control evaluation, design, and governance, with a proven record of implementing effective risk mitigation strategies

• Excellent leadership, analytical, and problem-solving skills

• Demonstrated ability to communicate, translate and simplify complex technical risk and control concepts for non-technical stakeholders to enable clear understanding and informed decision-making

• Strong collaborator able to build and maintain strong relationships with agile teams and internal/external stakeholders

• High intellectual curiosity with a passion for data privacy and security controls

• Experience in highly regulated industries including pharmaceutical, device manufacturer, health or financial services industries

• IT-control related certifications (e.g., CISSP, CRISC, CISA, CISM, CIPT, CIPP)

• Familiarity with Agile development

Additional Information:

• Lilly currently anticipates that the base salary for this position could range from between $126,000 to $184,800 and will depend, in part, on the successful candidate’s qualifications for the role, including education and experience. Full-time equivalent employees also will be eligible for a company bonus (depending, in part, on company and individual performance). In addition, Lilly offers a comprehensive benefit program to eligible employees, including eligibility to participate in a company-sponsored 401(k); pension; vacation benefits; eligibility for medical, dental, vision and prescription drug benefits; flexible benefits (e.g., healthcare and/or dependent day care flexible spending accounts); life insurance and death benefits; certain time off and leave of absence benefits; and well-being benefits (e.g., employee assistance program, fitness benefits, and employee clubs and activities).Of course, the compensation described above is subject to change and could be higher or lower than the range described above. Further, Lilly reserves the right to amend, modify, or terminate its compensation and benefit programs in its sole discretion and Lilly’s compensation practices and guidelines will apply regarding the details of any promotion or transfer of Lilly employees.

Lilly is dedicated to helping individuals with disabilities to actively engage in the workforce, ensuring equal opportunities when vying for positions. If you require accommodation to submit a resume for a position at Lilly, please complete the accommodation request form (https://careers.lilly.com/us/en/workplace-accommodation) for further assistance. Please note this is for individuals to request an accommodation as part of the application process and any other correspondence will not receive a response.

Lilly is an EEO/Affirmative Action Employer and does not discriminate on the basis of age, race, color, religion, gender, sexual orientation, gender identity, gender expression, national origin, protected veteran status, disability or any other legally protected status.

Our employee resource groups (ERGs) offer strong support networks for their members and help our company develop talented individuals for future leadership roles. Our current groups include: Africa, Middle East, Central Asia Network, African American Network, Chinese Culture Network, Early Career Professionals, Japanese International Leadership Network (JILN), Lilly India Network, Organization of Latinos at Lilly, PRIDE (LGBTQ + Allies), Veterans Leadership Network, Women’s Network, Working and Living with Disabilities. Learn more about all of our groups.

#WeAreLilly