Lilly Jobs

Job Information

Lilly Consultant-Info Security Risk Mgmt in Indianapolis, Indiana

At Lilly, we unite caring with discovery to make life better for people around the world. We are a global healthcare leader headquartered in Indianapolis, Indiana. Our 35,000 employees around the world work to discover and bring life-changing medicines to those who need them, improve the understanding and management of disease, and give back to our communities through philanthropy and volunteerism. We give our best effort to our work, and we put people first. We’re looking for people who are determined to make life better for people around the world.

Organization Overview:

At Lilly, we serve an extraordinary purpose. We make a difference for people around the globe by discovering, developing and delivering medicines that help them live longer, healthier, more active lives. Not only do we deliver breakthrough medications, but you also can count on us to develop creative solutions to support communities through philanthropy and volunteerism.


Information security risk management and business engagement is an integral component of Lilly’s information security strategy, program and operations. This role will help to sustain and mature the risk-based roadmap for information security risk management and business engagement programs. Qualified candidate must be legally authorized to be employed in the United States. Lilly does not anticipate providing sponsorship for employment visa status (e.g., H-1B or TN status) for this position.

The Information Security Risk Management Consultant functions as a highly skilled security, technology, and risk consultant.

The Consultant will be responsible for driving various activities, including information security risk assessments, IS risk management program development activities, risk education, risk advisory services, and external audit/assessment coordination.

The Consultant will lead or participate in requirements gathering sessions, solution design, solution delivery, and the on-going operation of GRC tools.

The Consultant will also drive and support efforts to reduce attack surface and mitigate risk.

The position requires technical and operational knowledge of information security, information technology, and risk management practices.

Position Details

  • Support the development and/or consolidation, streamlining, and simplification of information security risk management practices

  • Triage assessment requests for proper prioritization and scoping.

  • Serve as assessor for various systems, 3rd parties, and business processes across Lilly

  • Drive and support quarterly convergence reporting

  • Drive and support the management and integration of GRC tools and processes

  • Drive and support various operational change management activities and efforts

  • Support various information security education and awareness activities

  • Drive and support data classification, data handling, and data lifecycle risk management efforts

  • Develop, implement, and integrate functional procedures and standards

  • Drive and support the risk and control library and maintain a working knowledge of information technology and security risk practices, tools, processes and requirement

  • Effectively applies security and risk methodologies as derived from security and risk standards and best practices

Basic Qualifications:

  • Bachelor's Degree in a discipline related to information systems, information security, or risk

  • CRISC, CISSP, CISA, CISM or similar certification or certification within one year

  • 5 years of experience in a role conducting or coordinating risk assessments or IT/IS audit work

  • 5 years of experience in information security

  • Qualified candidates must be legally authorized to be employed in the United States. Lilly does not anticipate providing sponsorship for employment visa status (e.g., H-1B or TN status) for this employment position.

Additional Skills/Preferences:

  • Demonstrated skills at building and maintaining business relationships

  • Demonstrated ability to think and act strategically

  • GRC experience a plus

  • Six Sigma experience and certification a plus

  • Organization change management education and certification a plus

  • Willingness to travel internationally less than 10 percent of your time

  • Demonstrated ability to lead medium-scale projects or programs and appropriately escalate issues and barriers.

  • Problem solving: able to effectively seeks ways to resolve issues in a streamlined approach while acknowledging inherent complexities.

Lilly is an EEO/Affirmative Action Employer and does not discriminate on the basis of age, race, color, religion, gender, sexual orientation, gender identity, gender expression, national origin, protected veteran status, disability or any other legally protected status.

As a condition of employment with Eli Lilly and Company and its subsidiaries in the United States and Puerto Rico, you must be fully COVID-19 vaccinated and provide proof of vaccination satisfactory to the company. If you would like to request an accommodation for medical or religious reasons, you may do so at

At Lilly we strive to ensure our employees are part of a team that cares about them and our shared purpose of making life better for those around the world. How do we do this? We continue to look for ways to include, innovate, accelerate and deliver while maintaining integrity, excellence and respect for people.​ We hope that you seek to join us on our journey as we create medicine and deliver improved outcomes for patients across the globe!