At Lilly, we unite caring with discovery to make life better for people around the world. We are a global healthcare leader headquartered in Indianapolis, Indiana. Our 39,000 employees around the world work to discover and bring life-changing medicines to those who need them, improve the understanding and management of disease, and give back to our communities through philanthropy and volunteerism. We give our best effort to our work, and we put people first. We’re looking for people who are determined to make life better for people around the world.
Within the Information Security organization, the Data Security Architect role is responsible for developing Lilly's data security capabilities, advising projects/initiatives on data security, and working closely with business and IT partners to deliver a comprehensive data security program and roadmap.
This role will include continual partnership with Lilly information security and IT solution delivery teams to review, design, and embed security controls into complex environments. It will require strong communication and listening skills, including the ability to explain complex technical topics to a non-technical audience (including senior leadership). The individual in this role will be encouraged to be a security champion while demonstrating well-rounded security skills across domains.
This role works directly with the Sr. Director, Information Security Architecture, Engineering, and Information Protection.
Key Objectives/Work You'll Be Doing:
Establish, publish, and maintain data security controls and direction in alignment with privacy, legal, regulatory, and HR business requirements.
Embed security within the data management lifecycle to drive continuous governance.
Develop and lead the enterprise data security strategy and roadmap while driving enterprise adoption.
Partner with the Lilly Enterprise Data Council (EDC) to consult on the design of key data projects to ensure the applicable Lilly defined security controls are adopted
Provide security support for enterprise data initiatives including mobilization, access management, enterprise catalog, and metadata/tagging.
Establish, deliver, and maintain secure patterns for complex integration of operational data stores.
Drive adoption, enforcement and monitoring of security policies through automation and technological innovations
Apply quantitative and qualitative analytics to understand business value and apply risk-based controls to enterprise data.
Operate as an advisor to the enterprise for data security and collaborate with Enterprise Architects responsible for the data domains
Research and evaluate new technologies for data protection and ensure alignment with Enterprise Architecture
Perform architecture security reviews to enable secure delivery of solutions.
Partner with project teams to support and consult on security efforts.
Perform threat modeling to identify, mitigate, and/or call out risks.
5+ years of Information Security experience
Security industry certification such as CISSP, CRISC, or GIAC.
Expertise with industry standards, frameworks, and principles such as NIST 800-53, ISO 27001, and FAIR.
Expertise with cryptographic algorithms and public key infrastructure (PKI).
Ability to differentiate the applicability of encryption, tokenization, masking, and obfuscation.
Security expertise in using standard methodologies for structured and unstructured data repositories.
Hands-on experience with data protection technologies (i.e. data loss prevention, encryption, data-masking, rights management, and database activity monitoring).
Understand business requirements to effectively identify and apply security controls.
Research and maintain current proficiency in data security trends and technology capabilities.
Become established as a data security domain authority and be a positive leader and mentor to others.
High learning agility to keep up with ever-changing business needs.
Proven high level of intellectual curiosity, external perspective and innovation interest.
Experience with large and complex data sets, advanced analytics, and data lake environments.
Knowledge of data services across the AWS, Azure, and Google clouds.
Lilly is an EEO/Affirmative Action Employer and does not discriminate on the basis of age, race, color, religion, gender, sexual orientation, gender identity, gender expression, national origin, protected veteran status, disability or any other legally protected status