Associate Vice President - Cyber Threat Mitigations

At Lilly, we unite caring with discovery to make life better for people around the world. We are a global healthcare leader headquartered in Indianapolis, Indiana. Our employees around the world work to discover and bring life-changing medicines to those who need them, improve the understanding and management of disease, and give back to our communities through philanthropy and volunteerism. We give our best effort to our work, and we put people first. We’re looking for people who are determined to make life better for people around the world.

Actual compensation will depend on a candidate’s education, experience, skills, and geographic location.  The anticipated wage for this position is

What You'll Do:

Lead a team overseeing the planning, operations and delivery of the organization's cybersecurity tactical and strategic mitigation programs. Leverage threat intelligence and incident response expertise to prioritize tactical and strategic mitigations. Collaborate with cyber leadership on technical security strategy, architectures and roadmaps to enhance defenses. Provide strategic counsel to executives on relevant cybersecurity topics.

Key Responsibilities:

- Direct team of cybersecurity program managers and engineers responsible for identifying, evaluating and mitigating cyber threats across the enterprise

- Incorporate knowledge of the attacker landscape and evolving tactics to proactively harden security posture

- Partner with stakeholders across the organization to drive cybersecurity transformation and alignment with tactical and strategic objectives

-Strong communication (both verbal and written) and client intimacy skills with experience briefing corporate executives and professionals in leadership positions.

- Provide strategic input and an active role in driving the transformation and alignment to the overall cyber security mission.

- Oversee development of mitigation programs spanning cloud, applications, infrastructure while maintaining visibility of risks

- Enhance operational processes, metrics and reporting to optimally track and communicate program progress

- Overall leadership of the cybersecurity program management office: planning, execution, delivery of key initiatives and KPIs

- Mentor, develop and build cyber security technical, prioritization and communication skills across your team and the larger organization.

- Drive the planning and execution of Cyber Security Program portfolio; accountable for the delivery of all Program KPIs.

- Own and ensure adoption of core program management lifecycle processes and stage gate discipline (agile & waterfall) across all Cyber Security programs and projects appropriately.

- Hands-on delivery/leadership of the most critical tactical and strategic efforts; parachute in to help define a critical path, dive into details, dependency analysis and identification, and resource plans; help escalate issues and propose creative solutions.

What You'll Bring:

- Extensive leadership (10+ years) experience managing multi-disciplinary cybersecurity teams, including  incident response exposure

- Deep subject matter expertise across information security domains (engineering, cloud, app sec, vulnerability management, etc.)

- Thought leadership capabilities with proven ability to design and influence security strategy and technical direction

- Expert knowledge of threat analysis techniques, common security frameworks/controls and architectural practices

- Outstanding communication abilities to effectively liaise with technical and non-technical stakeholders at all levels

- BA/BS degree in computer science, cybersecurity or related technical field; graduate degree preferred

- Strong written/verbal communication and presentation skills with the ability to tailor to both leadership, technical, and non-technical audiences.

- Experience developing and documenting architecture references, security guidelines, and standards.

- Understanding of and experience applying security controls (Cloud Security Matrix.; NIST CSF; CIS Critical Security Controls, etc.), architecture (TOGAF; SABSA; etc.) or threat analysis frameworks (MITRE ATT&CK STRIDE, etc.).

- Experience performing threat analysis and modeling.

- A strong understanding of Cybersecurity Engineering/Operations, Incident Response, Cloud Security, Secure Development, Vulnerability Management and GRC functions.

- A strong understanding of common services used in cloud-based architectures with expertise in at least one cloud vendor (AWS, GCP or Azure) and awareness of Cloud Platform Security and controls.

- A strong understanding of secure application development and the tools/techniques used to ensure that the associated threats are mitigated.

- Experience with cyber security for M&A integrations.

- Previous experience in a senior leadership position in a technical role. The experience should include designing, managing or testing systems, parceling out work to team members and managing the entire process including team mentoring, schedules and deliverables.

Desired Experience:

- Cybersecurity leadership experience with large scale M&A integration and digital transformation initiatives

- Skilled in talent development and workforce planning to scale technical teams

- Service-oriented mindset with track record driving continuous improvement in operations and customer satisfaction

- Strong sense of urgency and commitment, as well as sound business sense with a strategic, conceptual and operational orientation.

- A highly service-oriented approach with a track record of improving service levels and client satisfaction.

- Experience advising and representing senior executives and business line leadership on technical-related issues.

- Exceptional influencing skills and preferred experience working across many areas and levels of an organization.

- Excellent relationships with key vendors and other relevant industry contacts.

- Highly collaborative; personally and professionally self-aware; able to and interested in interacting with employees at all levels; embody integrity; and represent and inspire the highest ethical standards.

Lilly is dedicated to helping individuals with disabilities to actively engage in the workforce, ensuring equal opportunities when vying for positions. If you require accommodation to submit a resume for a position at Lilly, please complete the accommodation request form (https://careers.lilly.com/us/en/workplace-accommodation) for further assistance. Please note this is for individuals to request an accommodation as part of the application process and any other correspondence will not receive a response.

Lilly is an EEO/Affirmative Action Employer and does not discriminate on the basis of age, race, color, religion, gender, sexual orientation, gender identity, gender expression, national origin, protected veteran status, disability or any other legally protected status.

Our employee resource groups (ERGs) offer strong support networks for their members and help our company develop talented individuals for future leadership roles. Our current groups include: Africa, Middle East, Central Asia Network, African American Network, Chinese Culture Network, Early Career Professionals, Japanese International Leadership Network (JILN), Lilly India Network, Organization of Latinos at Lilly, PRIDE (LGBTQ + Allies), Veterans Leadership Network, Women’s Network, Working and Living with Disabilities. Learn more about all of our groups.

Full-time equivalent employees also will be eligible for a company bonus (depending, in part, on company and individual performance). In addition, Lilly offers a comprehensive benefit program to eligible employees, including eligibility to participate in a company-sponsored 401(k); pension; vacation benefits; eligibility for medical, dental, vision and prescription drug benefits; flexible benefits (e.g., healthcare and/or dependent day care flexible spending accounts); life insurance and death benefits; certain time off and leave of absence benefits; and well-being benefits (e.g., employee assistance program, fitness benefits, and employee clubs and activities).Lilly reserves the right to amend, modify, or terminate its compensation and benefit programs in its sole discretion and Lilly’s compensation practices and guidelines will apply regarding the details of any promotion or transfer of Lilly employees.

#WeAreLilly