At Lilly, we unite caring with discovery to make life better for people around the world. We are a global healthcare leader headquartered in Indianapolis, Indiana. Our employees around the world work to discover and bring life-changing medicines to those who need them, improve the understanding and management of disease, and give back to our communities through philanthropy and volunteerism. We give our best effort to our work, and we put people first. We're looking for people who are determined to make life better for people around the world.
Actual compensation will depend on a candidate's education, experience, skills, and geographic location. The anticipated wage for this position is
$122,250 - $179,300
We are seeking a skilled and motivated Associate Director - Digital Sustainability Governance, Risk and Compliance (GRC) to join our data governance, privacy, cybersecurity, and artificial intelligence team (the "digital sustainability team") within the Legal department. This role is pivotal in maintaining a robust GRC framework that encompasses comprehensive privacy, artificial intelligence (AI), and data governance policies. This role will also be responsible for developing, implementing, and maintaining privacy, AI, and data governance policies and procedures that will be adopted by all employees across our global operations. The ideal candidate will possess a deep understanding of Privacy and AI policies, risk management, and compliance combined with exceptional leadership and communication skills to ensure that our policies align with industry standards, regulatory requirements, and organizational goals. They will be responsible for driving digital sustainability policy development and implementation, program development activities, supporting and providing risk education and risk management support.
Do you have the ability to work independently and collaboratively in a fast-paced environment as well as have high attention to detail and accuracy? Bring your expertise in the GRC and privacy framework space and be part of an outstanding team and company today!
ResponsibilitiesPolicy Development & Management:- Drive the creation, adoption and enterprise implementation of Lilly's Privacy and AI policies and standards.
- Develop, implement, and maintain a comprehensive GRC framework that address privacy, AI, and data governance.
- Monitor and analyze changes in regulations and industry trends to update policies and frameworks accordingly.
- Ensure policies are up to date with evolving threats, technologies, and legal requirements, reviewing and updating policies at a regular cadence.
- Refine and maintain procedures and job aids supporting the GRC framework (e.g., maintenance, implementation, change control).
- Provide training and guidance to staff on GRC policies and procedures.
- Collaborate with cross-functional teams to integrate policies into business processes and technology solutions.
Risk Management:- Contribute in the performance of internal assessments and gap analyses. Report findings and recommend corrective actions to support the maturity and effectiveness of Digital Sustainability Program.
- Develop key performance and risk indicators (KPIs/KRIs). Use data-driven insights to enhance the Digital Sustainability Program.
- Develop and maintain monitoring mechanisms to ensure compliance with privacy, AI, and data governance controls. Prepare and present regular reports to senior management and stakeholders.
- Maintain the risk registry and related processes.
- Support the development and/or consolidation, streamlining, simplification and execution of Privacy and AI risk management practices.
- Effectively apply risk methodologies as derived from Privacy and AI standards and best practices.
Regulatory Compliance:- Stay informed about global privacy, artificial intelligence, and data governance regulations, standards, and best practices.
- Be responsible for the company's compliance with relevant laws and standards, ensuring effective implementation and monitoring.
- Develop and maintain the risk and control library.
- Maintain a working knowledge of privacy, AI, and data governance practices, tools, processes, and requirements.
- Prepare and manage audit and compliance documentation, working with internal and external auditors.
- Support various education and awareness activities.
Technology- Integrate the Digital Sustainability Program with technology to find efficiencies and improve effectiveness.
- Align the Digital Sustainability Program risk posture with the overall company risk tolerance in a GRC tool.
- Support the management and integration of the GRC tool and processes
- Use technology, including artificial intelligence, to automate and find efficiencies in various program controls.
Basic Qualifications- Bachelor's degree in a field related to risk management, information systems/ computer science, information management or similar area or High School Diploma/GED with 10+ years of Privacy, Security or Risk work experience
- A minimum of 5 years of experience in creating, implementing, and managing privacy policies and/or leading or working on Cybersecurity, Data Privacy or Compliance/Quality efforts.
- Must have working knowledge with various risk management frameworks, AI and privacy laws, regulations, and standards (e.g., NIST AI RMF, NIST Privacy Framework, ISO, NIST CSF, EU AI Act, GDPR, CPRA, HIPAA).
- Qualified applicants must be authorized to work in the United States on a full-time basis. Lilly will not provide support for or sponsor work authorization and/or visas for this role
Additional Skills/Preferences- Proven track record of leading projects and effectively addressing issues and barriers
- Strong critical thinking and decision-making skills and ability to act strategically.
- Exceptional problem-solving abilities, with a focus on resolving issues efficiently while recognizing inherent complexities.
- Experience with privacy-enhancing technologies, data governance, and risk management
- Proficiency in developing and tracking privacy metrics and key performance indicators
- Proficiency in PIA/DPIA methodologies, presided over or contributed to privacy by design work
- Certification in artificial intelligence, privacy, or risk management such as AIGP, CIPP, CIPM, CIPT or CRISC
- Organizational change management and education and certification
- Experience as an IT/Security/Privacy auditor
- Strong communication, presentation, and relationship-building skills
Additional Information:
This role is located in Indianapolis, IN with a hybrid work schedule. Relocation provided if necessary.
Lilly is dedicated to helping individuals with disabilities to actively engage in the workforce, ensuring equal opportunities when vying for positions. If you require accommodation to submit a resume for a position at Lilly, please complete the accommodation request form (https://careers.lilly.com/us/en/workplace-accommodation) for further assistance. Please note this is for individuals to request an accommodation as part of the application process and any other correspondence will not receive a response.
Lilly is an EEO/Affirmative Action Employer and does not discriminate on the basis of age, race, color, religion, gender, sexual orientation, gender identity, gender expression, national origin, protected veteran status, disability or any other legally protected status.
Our employee resource groups (ERGs) offer strong support networks for their members and help our company develop talented individuals for future leadership roles. Our current groups include: Africa, Middle East, Central Asia Network, African American Network, Chinese Culture Network, Early Career Professionals, Japanese International Leadership Network (JILN), Lilly India Network, Organization of Latinos at Lilly, PRIDE (LGBTQ + Allies), Veterans Leadership Network, Women's Network, Working and Living with Disabilities. Learn more about all of our groups.
Full-time equivalent employees also will be eligible for a company bonus (depending, in part, on company and individual performance). In addition, Lilly offers a comprehensive benefit program to eligible employees, including eligibility to participate in a company-sponsored 401(k); pension; vacation benefits; eligibility for medical, dental, vision and prescription drug benefits; flexible benefits (e.g., healthcare and/or dependent day care flexible spending accounts); life insurance and death benefits; certain time off and leave of absence benefits; and well-being benefits (e.g., employee assistance program, fitness benefits, and employee clubs and activities).Lilly reserves the right to amend, modify, or terminate its compensation and benefit programs in its sole discretion and Lilly's compensation practices and guidelines will apply regarding the details of any promotion or transfer of Lilly employees.
#WeAreLilly
