1+ months

Information Security Risk Management Assessment

Indianapolis, IN 46204
49089
Information Security Risk Management Assessment
Indianapolis
Indiana
United States
North America
Local
At Lilly, we unite caring with discovery to make life better for people around the world. We are a global healthcare leader headquartered in Indianapolis, Indiana. Our 39,000 employees around the world work to discover and bring life-changing medicines to those who need them, improve the understanding and management of disease, and give back to our communities through philanthropy and volunteerism. We give our best effort to our work, and we put people first. Were looking for people who are determined to make life better for people around the world.
Information security risk management is an integral component of Lillys information security strategy, program and operations. One critical aspect of risk management is information security risk and compliance assessments across business processes, 3rd parties, and IT systems enterprise-wide. The Assessor is responsible for driving the information securitys efforts to proactively identify, assess, and communicate the information security risks through critically analyzing the probable frequency and probable magnitude of future loss. The assessor will work in close partnership with business representatives to scope assessments, gather documentation, interview clients, identify risks, document findings, and ensure transparent management of risks by following a structured risk assessment methodology. This position will be expected to complete high-quality assessments across a diverse set of technologies, business functions, and complexity. As a member of the team, this position will also be expected to support proactive process improvements, overcome barriers to success, and build professional relationships across the company.

Key Responsibilities

Risk Management

  • Identify and recommend appropriate measures to treat risks that reduce potential impacts on information resources to a level acceptable to the senior management of the company.
  • Identify and report on new and emerging security risks and risk trends, including participating in risk remediation solution discussions and updates to compliance policy and standards.
  • Fully understand business requirements and work with business areas to define appropriate solutions that satisfy security objectives while meeting business needs.
  • Manage the review of changes in processes, standards and technology to ensure the effectiveness of security controls to meet compliance requirements.
  • Integrate security risk reporting and management activities into day to day processes.
  • Partner with all areas of the business, including internal auditors, legal, IT and business partners.
  • Respond to and assist with audits, assessments and compliance requests.
  • Serve as liaison as needed on matters pertaining to Risk Management.
  • Other duties as assigned.

Support Management & Decision Making:

  • Works closely with and influences decision makers in other departments to identify, recommend, develop, implement, and support a risk informed decision and action framework.
  • Initiates and implements continuous improvements in all areas of responsibility.

Business Partner Management

  • Acts as a Change Catalyst for a risk-based approach to delivery of services and systems.
  • Partners with others in their organization to set and manage expectations; continually seeks opportunities to be a thought partner and increase internal business partner satisfaction and deepen relationships.
  • Adapts communication approach for audiences at multiple internal and external levels.

Assessments

  • Conduct assessments for various IT systems, 3rd parties, and business processes across Lilly which handle Red CI as well as other risks including data integrity and availability risks (e.g. risks that could enable unauthorized modification of critical clinical data or cyber-attacks on systems enabling connected care devices such as diabetes pumps)
  • Contribute knowledge and learnings for the team on best practices for security controls, facilitation, partnering, and engagement to provide quality service. The focus and tone of the assessments will serve as an enabling partner to help make it easy to have the right security controls (whether automated or manual)
  • Successfully establish and maintain relationships with key stakeholders across Lilly to help facilitate assessments across IT systems, process owners, and 3rd parties.

Cyber Security Hygiene

  • Partner with Information Security service owners to understand security services and how they may help to reduce risks associated with business processes, underlying systems and/or 3rd parties that are being assessed.
  • Promote services and guidance with business and application owners to help them understand the Security service value proposition for consumption in their area(s).
  • Continuously provide service and process improvement feedback from assessments through service delivery to increase efficiency and value to Lilly business stakeholders.

General Project Management

  • Continuously improve processes used for assessment, findings management, risk communication, and remediation.
  • Work with other IS teams as an Assessment SME for various projects related to improvements with controls, tools, or risk services.
49089BR
  • Bachelor's Degree
  • 5+ years of IT experience, ideally at least 3 of which are in a security domains
  • Qualified candidates must be legally authorized to be employed in the United States. Lilly does not anticipate providing sponsorship for employment visa status (e.g., H-1B or TN status) for this employment position
  • Prior information security, quality, risk management and/or audit experience (either from within these functions or from building skills and interests in other areas)
  • Strong understanding of IT security best practices
  • Ability to effectively communicate with technical and non-technical resources.
  • Effective written, verbal communication skills. Ability to tailor communication style to audience at hand.
  • Quick learning agility and a demonstrated natural curiosity.
  • Demonstrated superior skills at building and maintaining business relationships as well as exerting influence within business relationships without expressed authority
  • Knowledge of HIPAA, NIST, and IT Controls.
  • Strong organizational skills.
  • Works with minimal guidance, and recognizes when guidance needed.
  • CRISC, CISA, CISSP, CISM or other industry certification a plus.
  • Proficient in MS Office Suite (Word, Excel, Project, PowerPoint, Visio) a plus.
  • Knowledge of ArcherGRC, RiskLens, and SkyHigh ShadowIT tools a plus.
  • Knowledge of the Factor Analysis of Information Risk (FAIR) taxonomy a strong plus
  • Travel Percentage 0-10%
  • Lilly is an EEO/Affirmative Action Employer and does not discriminate on the basis of age, race, color, religion, gender, sexual orientation, gender identity, gender expression, national origin, protected veteran status, disability or any other legally protected status
Apply to job Apply Later

Categories

Industry

  • Science
Posted: 2019-05-14 Expires: 2019-07-12

As one of the oldest continuously operating companies in the United States, we are proud of all the innovative work we’ve accomplished for the last 140 years to improve global health.

We are looking forward to an even more successful future in which continued innovation and contributions from top talent in all areas of our organization will be critical.

Are you looking for a way to make life better for people around the world? We have opportunities in many areas of our organization. Please use the search feature to see the wide scope of our positions.

Featured Jobs

Career News

Before you go...

Our free job seeker tools include alerts for new jobs, saving your favorites, optimized job matching, and more! Just enter your email below.

Share this job:

Information Security Risk Management Assessment

Lilly
Indianapolis, IN 46204
Tweet
Facebook Share
Copy Job URL

Join us to start saving your Favorite Jobs!

Sign In Create Account
Powered ByCareerCast