At Lilly, we unite caring with discovery to make life better for people around the world. We are a global healthcare leader headquartered in Indianapolis, Indiana. Our 39,000 employees around the world work to discover and bring life-changing medicines to those who need them, improve the understanding and management of disease, and give back to our communities through philanthropy and volunteerism. We give our best effort to our work, and we put people first. We’re looking for people who are determined to make life better for people around the world. #WeAreLilly
As the Enterprise Data Security Technical Lead, you would be responsible for securing Lilly’s enterprise data assets. The role will balance data accessibility and business demands while maintaining confidentiality and integrity by defining and/or applying the appropriate policies, access methods, security, protection, and monitoring capabilities across enterprise data products and services. In collaboration with the Enterprise Data Product Owners (for the Enterprise Data Marketplace and Enterprise Data Backbone) and the Enterprise Information Architect, this role will bring to life the capabilities required to greatly improve how we find, access, trust and deliver Lilly data assets, capabilities and operations throughout Lilly.
This role resides under the Lilly’s Advanced Analytics and Data Sciences (AADS) organization within the Enterprise Data team.
Establish and maintain positive relationships with Legal, Privacy, Information Security, Infrastructure teams, and Enterprise Architecture, representing the AADS organization.
Define and implement in collaboration with the Enterprise Identity and Access Management (IAM) Service Owner, the identity and access management constructs required to secure data sets within our enterprise data backbone.
Design and implement workflows for data access and baseline activity logging and monitoring services.
Be a key contributor to revisions to (or net-new, if needed) corporate policies (Data Usage Policy, Data Classification Framework, Information Protection, and Data Access) to a published, actionable, and findable set of enterprise policies that emphasize the enablement of greater data sharing across teams at Lilly with an appropriate set of controls to protect Lilly’s intellectual property.
Own the definition of detailed specifications and the implementation, to harmonize accounts across the enterprise to facilitate sharing of data across the existing environments and enable a common set of access rules to be applied. Specifications to be delivered to the across other backbone teams.
By partnering with the Global Information Service Teams and Information Security, define the technical specifications to automatically collect data access events, monitor data access and usage, and generate necessary audit trail and monitoring mechanisms, and ensure the implementation of each.
Work with the Enterprise Data Product Owner to prioritize, deliver on the enterprise schedule and objectives driving the delivery of key data sets across Lilly.
Work closely with the Enterprise Data Marketplace Product Owner and Business Consultant responsible for the overall customer experience to deliver a strong customer and secured customer/user experience.
Design and provide specification policies to drive anonymization, pseudonymization, encryption, and de-identification mechanisms within applicable environments and provide specifications/guidelines to set up test data sets with appropriate scrambling and encryption.
Engage in architecture forums to incorporate privacy, security-by-design principles into key architectural decisions, and contribute to the design discussion for integration of data management and control solutions (e.g. security, protection, monitoring privacy, governance, quality and integrity.
Bachelor of Science degree
7+ years of experience with information security with one or more of the following: data security, protection, monitoring, and/or privacy improving technologies.
Knowledge of data security standard methodologies for structured and unstructured data repositories.
Hands-on experience with data protection technologies (i.e. data loss prevention, encryption, data-masking, rights management, and database activity monitoring).
Understand business requirements to effectively identify and apply security controls.
Research and maintain current knowledge of data security trends and technology capabilities.
Demonstrable experience excelling at building and maintaining business relationships.
Demonstrated ability to think and act strategically.
Extensive experience in working with data-intensive applications and infrastructures such as data lake, warehouse, or cloud migration.
Demonstrated ability to apply systems thinking to seek complex architectural problems across different business and functional domains as well as technology layers.
Superb communication and interpersonal skills, with the ability to communicate information concisely; and to influence others, and to negotiate, persuade and sell ideas whilst maintaining trust and confidence.
Significant experience in any or all of the following: security policy development, quality management, risk analysis, governance, six sigma, organizational change management.
Expertise with industry standards, frameworks, and principles such as NIST 800-53, ISO 27001, and FAIR.
Security industry certification such as CISSP, CRISC, or GIAC.
Working knowledge of data regulations such as General Data Protection Regulations (GDPR), California Consumer Privacy Act (CCPA), and Health Insurance Portability and Accountability Act (HIPAA).
Related experience in development of policies and/or the implementation of linked specifications.
Understanding of the security posture implications, pros and cons between on-premise and cloud infrastructure, platform, and software services.
Basic understanding of data governance and data life cycle management practices.
Process development, improvement and automation experience.
Data, Analytics and Business Intelligence implementation and delivery.
Willingness to travel internationally less than 10 percent of your time.
Lilly is an EEO/Affirmative Action Employer and does not discriminate on the basis of age, race, color, religion, gender, sexual orientation, gender identity, gender expression, national origin, protected veteran status, disability or any other legally protected status