Legal Digital Sustainability Governance, Risk & Compliance

Lilly is seeking a skilled Digital Sustainability Governance, Risk & Compliance professional to join their Legal department in Indianapolis, IN. The role involves developing and managing GRC frameworks for privacy, AI, and data governance, ensuring compliance with regulations, conducting risk assessments, and integrating technology into the Digital Sustainability Program. The ideal candidate should have experience in data governance and a strong understanding of global privacy laws.
At Lilly, we unite caring with discovery to make life better for people around the world. We are a global healthcare leader headquartered in Indianapolis, Indiana. Our employees around the world work to discover and bring life-changing medicines to those who need them, improve the understanding and management of disease, and give back to our communities through philanthropy and volunteerism. We give our best effort to our work, and we put people first. We’re looking for people who are determined to make life better for people around the world.

We are seeking a skilled and motivated Digital Sustainability Governance, Risk and Compliance (GRC) talent to join our data governance, privacy, cybersecurity, and artificial intelligence team (the “digital sustainability team”) within the Legal department. This role is pivotal in maintaining a robust framework that encompasses comprehensive privacy, artificial intelligence (AI), and data governance policies. The ideal candidate will possess a deep understanding of privacy and AI risk management practices and ensure that our policies align with industry standards, regulatory requirements, and organizational goals.

Do you have experience with data governance and risk management, using your knowledge of global laws and privacy frameworks? Bring your skills to Lilly and make an impact today! We want you on our team!
• Responsibilities
• Policy Development & Management:

+ Develop, implement, and maintain a comprehensive GRC framework that address privacy, AI, and data governance.

+ Ensure compliance with industry standards, regulatory requirements, and organizational objectives.

+ Monitor and analyze changes in regulations and industry trends to update policies and frameworks accordingly.

+ Ensure policies are up-to-date with evolving threats, technologies, and legal requirements.

+ Ensure that policies are reviewed and updated at a regular cadence.

+ Refine and maintain procedures and job aids supporting the framework.

+ Provide training and guidance to staff on GRC policies and procedures.
• *Risk Management:**

+ Contribute in the performance of internal assessments and gap analyses. Report findings and recommend corrective actions to support the maturity and effectiveness of Digital Sustainability Program.

+ Develop and implement key performance and risk indicators (KPIs/KRIs) to drive strategic decision-making, and use data-driven insights to enhance the Digital Sustainability Program.

+ Establish and maintain robust monitoring mechanisms to ensure compliance with controls. Prepare and present comprehensive reports to senior management and collaborators.

+ Maintain the risk registry and related processes.
• *Regulatory Compliance:

+ Stay informed about global privacy, artificial intelligence, and data governance regulations, standards, and best practices.

+ Oversee the company's compliance with relevant laws and standards, ensuring effective implementation and monitoring.

+ Prepare and manage audit and compliance documentation, working with internal and external auditors.
• Technology

+ Integrate the Digital Sustainability Program with technology to find efficiencies and improve effectiveness.

+ Align the Digital Sustainability Program risk posture with the overall company risk tolerance in a GRC tool.

+ Employ technology, including artificial intelligence, to automate and find efficiencies in various program controls.
• Basic Qualifications

+ Bachelor's degree in risk management, law, computer science, information management, or related field

+ Proven experience (3+ years) in a GRC or privacy program management role, preferably in a technology-focused role

+ Qualified applicants must be authorized to work in the United States on a full-time basis. Lilly will not provide support for or sponsor work authorization and/or visas for this role
• Additional Skills/Preferences

+ Experience creating, implementing and managing privacy policies/controls

+ Strong project & change management skills

+ Experience with privacy-enhancing technologies, data governance, and risk management

+ Proficiency in developing and tracking privacy metrics and Key Performance Indicators

+ Solid understanding of laws, regulations, and standards (e.g. NIST AI RMF, NIST Privacy Framework, ISO, NIST CSF, EU AI Act, GDPR, CPRA, HIPAA) in the realm of Digital Sustainability (e.g. privacy, artificial intelligence, cybersecurity, and data governance)

+ Proficiency in PIA/DPIA methodologies, presided over or contributed in privacy by design work

+ Certification in artificial intelligence, privacy, or risk management such as AIGP, CIPP, CIPM, CIPT or CRISC

+ Experience as an IT/Security/Privacy auditor

+ Strong communication, presentation, and interpersonal skills

+ Ability to work independently and collaboratively in a fast-paced environment

+ High attention to detail and accuracy

Lilly is dedicated to helping individuals with disabilities to actively engage in the workforce, ensuring equal opportunities when vying for positions. If you require accommodation to submit a resume for a position at Lilly, please complete the accommodation request form ( https://careers.lilly.com/us/en/workplace-accommodation ) for further assistance. Please note this is for individuals to request an accommodation as part of the application process and any other correspondence will not receive a response.

Lilly is an EEO/Affirmative Action Employer and does not discriminate on the basis of age, race, color, religion, gender, sexual orientation, gender identity, gender expression, national origin, protected veteran status, disability or any other legally protected status.

Our employee resource groups (ERGs) offer strong support networks for their members and help our company develop talented individuals for future leadership roles. Our current groups include: Africa, Middle East, Central Asia Network, African American Network, Chinese Culture Network, Early Career Professionals, Japanese International Leadership Network (JILN), Lilly India Network, Organization of Latinos at Lilly, PRIDE (LGBTQ + Allies), Veterans Leadership Network, Women’s Network, Working and Living with Disabilities. Learn more about all of our groups.

#WeAreLilly

At Lilly, we unite caring with discovery to make life better for people around the world. We are a global healthcare leader headquartered in Indianapolis, Indiana. Our employees around the world work to discover and bring life-changing medicines to those who need them, improve the understanding and management of disease, and give back to our communities through philanthropy and volunteerism. We give our best effort to our work, and we put people first. We’re looking for people who are determined to make life better for people around the world.

We are seeking a skilled and motivated Digital Sustainability Governance, Risk and Compliance (GRC) talent to join our data governance, privacy, cybersecurity, and artificial intelligence team (the “digital sustainability team”) within the Legal department. This role is pivotal in maintaining a robust framework that encompasses comprehensive privacy, artificial intelligence (AI), and data governance policies. The ideal candidate will possess a deep understanding of privacy and AI risk management practices and ensure that our policies align with industry standards, regulatory requirements, and organizational goals.

Do you have experience with data governance and risk management, using your knowledge of global laws and privacy frameworks? Bring your skills to Lilly and make an impact today! We want you on our team!
• Responsibilities
• Policy Development & Management:

+ Develop, implement, and maintain a comprehensive GRC framework that address privacy, AI, and data governance.

+ Ensure compliance with industry standards, regulatory requirements, and organizational objectives.

+ Monitor and analyze changes in regulations and industry trends to update policies and frameworks accordingly.

+ Ensure policies are up-to-date with evolving threats, technologies, and legal requirements.

+ Ensure that policies are reviewed and updated at a regular cadence.

+ Refine and maintain procedures and job aids supporting the framework.

+ Provide training and guidance to staff on GRC policies and procedures.
• *Risk Management:**

+ Contribute in the performance of internal assessments and gap analyses. Report findings and recommend corrective actions to support the maturity and effectiveness of Digital Sustainability Program.

+ Develop and implement key performance and risk indicators (KPIs/KRIs) to drive strategic decision-making, and use data-driven insights to enhance the Digital Sustainability Program.

+ Establish and maintain robust monitoring mechanisms to ensure compliance with controls. Prepare and present comprehensive reports to senior management and collaborators.

+ Maintain the risk registry and related processes.
• *Regulatory Compliance:

+ Stay informed about global privacy, artificial intelligence, and data governance regulations, standards, and best practices.

+ Oversee the company's compliance with relevant laws and standards, ensuring effective implementation and monitoring.

+ Prepare and manage audit and compliance documentation, working with internal and external auditors.
• Technology

+ Integrate the Digital Sustainability Program with technology to find efficiencies and improve effectiveness.

+ Align the Digital Sustainability Program risk posture with the overall company risk tolerance in a GRC tool.

+ Employ technology, including artificial intelligence, to automate and find efficiencies in various program controls.
• Basic Qualifications

+ Bachelor's degree in risk management, law, computer science, information management, or related field

+ Proven experience (3+ years) in a GRC or privacy program management role, preferably in a technology-focused role

+ Qualified applicants must be authorized to work in the United States on a full-time basis. Lilly will not provide support for or sponsor work authorization and/or visas for this role
• Additional Skills/Preferences

+ Experience creating, implementing and managing privacy policies/controls

+ Strong project & change management skills

+ Experience with privacy-enhancing technologies, data governance, and risk management

+ Proficiency in developing and tracking privacy metrics and Key Performance Indicators

+ Solid understanding of laws, regulations, and standards (e.g. NIST AI RMF, NIST Privacy Framework, ISO, NIST CSF, EU AI Act, GDPR, CPRA, HIPAA) in the realm of Digital Sustainability (e.g. privacy, artificial intelligence, cybersecurity, and data governance)

+ Proficiency in PIA/DPIA methodologies, presided over or contributed in privacy by design work

+ Certification in artificial intelligence, privacy, or risk management such as AIGP, CIPP, CIPM, CIPT or CRISC

+ Experience as an IT/Security/Privacy auditor

+ Strong communication, presentation, and interpersonal skills

+ Ability to work independently and collaboratively in a fast-paced environment

+ High attention to detail and accuracy

Lilly is dedicated to helping individuals with disabilities to actively engage in the workforce, ensuring equal opportunities when vying for positions. If you require accommodation to submit a resume for a position at Lilly, please complete the accommodation request form ( https://careers.lilly.com/us/en/workplace-accommodation ) for further assistance. Please note this is for individuals to request an accommodation as part of the application process and any other correspondence will not receive a response.

Lilly is an EEO/Affirmative Action Employer and does not discriminate on the basis of age, race, color, religion, gender, sexual orientation, gender identity, gender expression, national origin, protected veteran status, disability or any other legally protected status.

Our employee resource groups (ERGs) offer strong support networks for their members and help our company develop talented individuals for future leadership roles. Our current groups include: Africa, Middle East, Central Asia Network, African American Network, Chinese Culture Network, Early Career Professionals, Japanese International Leadership Network (JILN), Lilly India Network, Organization of Latinos at Lilly, PRIDE (LGBTQ + Allies), Veterans Leadership Network, Women’s Network, Working and Living with Disabilities. Learn more about all of our groups.

#WeAreLilly