Job Information
Lilly Senior Director, Cybersecurity Governance in Indianapolis, Indiana
At Lilly, we unite caring with discovery to make life better for people around the world. We are a global healthcare leader headquartered in Indianapolis, Indiana. Our employees around the world work to discover and bring life-changing medicines to those who need them, improve the understanding and management of disease, and give back to our communities through philanthropy and volunteerism. We give our best effort to our work, and we put people first. We’re looking for people who are determined to make life better for people around the world.
What You’ll Be Doing:
The Senior Director of Governance will play a crucial role in driving the governance strategy for our cybersecurity GRC program. This senior leadership position is responsible for ensuring that our organization’s governance framework aligns with industry best practices, regulatory requirements, and organizational objectives. The Senior Director of Governance will partner with cross-functional teams, including compliance, risk management, legal, and technology teams, to design and implement robust governance structures that enable informed decision-making and effective risk management.
How You Will Succeed:
Strategic Leadership: Lead the development and execution of a governance strategy that supports the organization’s overall cybersecurity GRC goals, ensuring alignment with regulatory and corporate governance requirements.
Framework Development: Establish, maintain, and continuously improve governance frameworks, policies, and procedures that enable effective oversight, management, and reporting on cybersecurity risks and controls.
Continuous Improvements: Institute the discipline to review core processes at a regular cadence, and evaluate for optimization and improvements.
Ownership of Cyber Policies: Oversee the creation, approval, implementation, and ongoing maintenance of all cybersecurity policies. Ensure that these policies are aligned with the overall risk strategy and meet all regulatory and industry standards. Regularly draft, review, and update policies as necessary to address emerging risks and regulatory changes.
Cyber GRC Tool Management: Lead the selection, implementation, and ongoing maintenance of Lilly’s cybersecurity GRC tool. Ensure that the tool is optimized to meet the organization’s governance and risk management needs, and manage the long-term ownership of the tool, including vendor relationships, upgrades, and user adoption.
Leadership of Cybersecurity Education & Awareness: Lead the development and execution of the organization's cybersecurity education and awareness program. Drive initiatives to promote a culture of security, ensuring that all employees understand their roles and responsibilities in maintaining cyber hygiene. Take a hands-on role in review and approval of training materials, awareness campaigns, and targeted programs for various levels of the organization, from executives to frontline employees.
Collaboration with Leadership: Collaborate with senior leaders across the organization to ensure that governance practices are integrated into broader strategic and operational processes, including risk management, compliance, and technology.
Stakeholder Engagement: Serve as a trusted advisor to the executive leadership team, providing insights and recommendations on governance-related issues, emerging risks, and regulatory changes.
Governance Committee Oversight: Lead the governance committee, driving key discussions around risk tolerance, policy exceptions, and control effectiveness.
Regulatory Alignment: Ensure the organization remains compliant with relevant laws, regulations, and industry standards, particularly in relation to data privacy, cybersecurity, and governance practices.
Metrics and Reporting: Develop and maintain key performance indicators (KPIs) and reporting mechanisms to monitor governance effectiveness, ensuring timely escalation of governance issues to senior management.
Training & Awareness: Oversee the development and delivery of governance training and awareness programs to ensure a culture of governance and accountability is maintained across the organization.
Vendor and Third-Party Governance: Ensure third-party vendors adhere to governance standards, collaborating with procurement and legal teams to assess vendor governance risks and maintain due diligence processes.
Your Basic Qualifications:
Bachelor’s degree in business, law, cybersecurity, or a related field.
10+ years of experience in governance, risk management, cybersecurity, or a related field, with at least 5 years in a senior leadership role.
Deep understanding of governance frameworks, regulatory requirements, and industry standards such as NIST, ISO, and COBIT, direct/hands-on experience with one or more GRC tools.
Proven experience in designing and implementing governance structures within large, complex organizations.
Qualified candidates must be legally authorized to be employed in the United States. Lilly does not anticipate providing sponsorship for employment visa status (e.g., H-1B or TN status) for this employment position.
Additional Preferences:
Strong knowledge of cybersecurity principles and practices.
Exceptional communication and stakeholder management skills, with the ability to influence at the executive level.
Strong problem-solving and analytical abilities, with a track record of strategic thinking and execution.
Certification in governance or risk management (e.g., CISA, CISM, CGEIT, or similar).
Certification in Six Sigma, Lean, or Business Process Management (BPM).
Experience working in heavily regulated industries (e.g., pharmaceutical, financial services, healthcare).
Demonstrated success in leading cross-functional governance initiatives and driving cultural change.
Additional Information:
- Located in Indianapolis, IN with a hybrid work model
Lilly is dedicated to helping individuals with disabilities to actively engage in the workforce, ensuring equal opportunities when vying for positions. If you require accommodation to submit a resume for a position at Lilly, please complete the accommodation request form ( https://careers.lilly.com/us/en/workplace-accommodation ) for further assistance. Please note this is for individuals to request an accommodation as part of the application process and any other correspondence will not receive a response.
Lilly is an EEO/Affirmative Action Employer and does not discriminate on the basis of age, race, color, religion, gender, sexual orientation, gender identity, gender expression, national origin, protected veteran status, disability or any other legally protected status.
Our employee resource groups (ERGs) offer strong support networks for their members and help our company develop talented individuals for future leadership roles. Our current groups include: Africa, Middle East, Central Asia Network, African American Network, Chinese Culture Network, Early Career Professionals, Japanese International Leadership Network (JILN), Lilly India Network, Organization of Latinos at Lilly, PRIDE (LGBTQ + Allies), Veterans Leadership Network, Women’s Network, Working and Living with Disabilities. Learn more about all of our groups.
#WeAreLilly