At Lilly, we unite caring with discovery to make life better for people around the world. We are a global healthcare leader headquartered in Indianapolis, Indiana. Our employees around the world work to discover and bring life-changing medicines to those who need them, improve the understanding and management of disease, and give back to our communities through philanthropy and volunteerism. We give our best effort to our work, and we put people first. We’re looking for people who are determined to make life better for people around the world.

Actual compensation will depend on a candidate’s education, experience, skills, and geographic location.  The anticipated wage for this position is

The Associate Director Cyber Risk Assessor is responsible for identifying, evaluating, and managing cyber risks across various domains within the organization. With extensive experience in the field, this role is crucial in ensuring the enterprise's cybersecurity strategy aligns with its overall Cybersecurity GRC framework. The assessor will play a key role in safeguarding the enterprise's information assets by conducting thorough risk assessments, providing actionable recommendations, and supporting the continuous cybersecurity risk management process.

What You'll Be Doing:

Conduct comprehensive risk assessments and cybersecurity audits to identify vulnerabilities, threats, and potential impacts.

Analyze and interpret risk data to produce actionable insights and recommendations.

Collaborate with cross-functional teams, including Tech at Lilly , Compliance, and Legal, to assess risks related to technology, processes, and people.

Provide expert advice on risk mitigation strategies and controls.

Enable the end-to-end process of continuous cybersecurity risk management.

Support the development and maintenance of cybersecurity risk management frameworks and policies.

Prepare detailed cybersecurity risk reports for senior leadership, ensuring they are actionable, clear, and aligned with organizational priorities.

Stay up to date on emerging cybersecurity threats and regulatory requirements, ensuring compliance with relevant industry standards and best practices.

Facilitate risk workshops and training sessions to enhance the risk culture within the organization.

Your Basic Requirements:

Bachelor’s degree in computer science, management information systems, cybersecurity/information security/assurance, risk management or relevant field of study.

10+ years of experience in cybersecurity risk assessment and/or vulnerability management.

5+ years of experience cybersecurity risk management frameworks (e.g., NIST, ISO 27001, CIS).

5+ years of experience with risk management tools and platforms.

5+ years of experience of cybersecurity principles, IT governance, and compliance requirements (e.g., GDPR, HIPAA, PCI-DSS).

Additional Preferences:

Certifications such as CISSP, CISM, CISA, or CRISC, are highly preferred.

Strong analytical skills, with the ability to assess complex cybersecurity issues and translate them into business-relevant terms.

Excellent communication skills, with the ability to interact with stakeholders at all levels and clearly present risk assessments and recommendations.

Experience in threat modeling and scenario-based risk analysis.

Knowledge of cloud security, network security, and application security risks.

Familiarity with emerging technologies such as AI, or IoT and their associated risks.

A track record of successfully implementing cybersecurity risk programs in large, complex organizations.

Strong critical thinking and problem-solving abilities.

Detail-oriented, proactive, and capable of working independently.

Team-oriented, with the ability to collaborate effectively with technical and non-technical stakeholders.

Ability to adapt quickly to evolving risks and emerging threats.

Proven time and task management skills with the ability to multitask effectively and efficiently.

Additional Information:

Role located in Indianapolis, IN (Hybrid schedule).

Lilly is dedicated to helping individuals with disabilities to actively engage in the workforce, ensuring equal opportunities when vying for positions. If you require accommodation to submit a resume for a position at Lilly, please complete the accommodation request form (https://careers.lilly.com/us/en/workplace-accommodation) for further assistance. Please note this is for individuals to request an accommodation as part of the application process and any other correspondence will not receive a response.

Lilly is an EEO/Affirmative Action Employer and does not discriminate on the basis of age, race, color, religion, gender, sexual orientation, gender identity, gender expression, national origin, protected veteran status, disability or any other legally protected status.

Our employee resource groups (ERGs) offer strong support networks for their members and help our company develop talented individuals for future leadership roles. Our current groups include: Africa, Middle East, Central Asia Network, African American Network, Chinese Culture Network, Early Career Professionals, Japanese International Leadership Network (JILN), Lilly India Network, Organization of Latinos at Lilly, PRIDE (LGBTQ + Allies), Veterans Leadership Network, Women’s Network, Working and Living with Disabilities. Learn more about all of our groups.

Full-time equivalent employees also will be eligible for a company bonus (depending, in part, on company and individual performance). In addition, Lilly offers a comprehensive benefit program to eligible employees, including eligibility to participate in a company-sponsored 401(k); pension; vacation benefits; eligibility for medical, dental, vision and prescription drug benefits; flexible benefits (e.g., healthcare and/or dependent day care flexible spending accounts); life insurance and death benefits; certain time off and leave of absence benefits; and well-being benefits (e.g., employee assistance program, fitness benefits, and employee clubs and activities).Lilly reserves the right to amend, modify, or terminate its compensation and benefit programs in its sole discretion and Lilly’s compensation practices and guidelines will apply regarding the details of any promotion or transfer of Lilly employees.

#WeAreLilly