Associate Director - Governance, Risk and Compliance Analyst job at Lilly in Indianapolis, IN

Title: Associate Director - Governance, Risk & Compliance Analyst Location: Indianapolis United States Job Description: Full time job requisition id R-99889 At Lilly, we unite caring with discovery to make life better for people around the world. We are a global healthcare leader headquartered in Indianapolis, Indiana. Our employees around the world work to discover and bring life-changing medicines to those who need them, improve the understanding and management of disease, and give back to our communities through philanthropy and volunteerism. We give our best effort to our work, and we put people first. We’re looking for people who are determined to make life better for people around the world. Purpose: We are seeking a skilled and motivated Associate Director- Governance, Risk and Compliance (GRC) Analyst to join our data governance, privacy, cybersecurity, and artificial intelligence team (the “Digital Legal Office”) within the Legal department. This role is pivotal in maintaining a robust GRC framework that encompasses comprehensive privacy, artificial intelligence (AI), and data governance requirements. The ideal candidate will possess a deep understanding of the risk management rigor, Privacy and AI risks & controls, digital governance and compliance combined with exceptional leadership and communication skills to ensure that our policies and processes align with industry standards, regulatory requirements, and organizational goals. They will be responsible for maintaining and orchestrating the risk management lifecycle and associated processes to enable risk-informed decisions for the DLO areas of oversight in managing our risks.

Responsibilities

Policy Development & Management: Drive the creation and adoption of Lilly’s Privacy and AI policies and standards. Lead the enterprise implementation of Lilly’s Privacy and AI policies and standards. Develop, implement, and maintain a comprehensive GRC framework that address privacy, AI, and data governance. Ensure compliance with industry standards, regulatory requirements, and organizational objectives. Supervise and analyze changes in regulations and industry trends to update policies and frameworks accordingly. Ensure policies are up to date with evolving threats, technologies, and legal requirements. Ensure that policies are reviewed and updated at a regular cadence. Refine and maintain procedures and job aids supporting the GRC framework and risk management lifecycle (e.g., maintenance, implementation, change control). Provide and support training and guidance to staff on GRC policies and procedures. Collaborate with multi-functional teams to integrate policies into business processes and technology solutions. Risk Management: Participate in the performance of internal assessments and gap analyses. Report issues and recommend corrective actions to support the maturity and effectiveness of key controls. Lead key performance and risk indicators (critical metrics/KRIs). Use data-driven insights to identify and respond to risks. Develop and maintain supervising mechanisms to ensure compliance with privacy, AI, and data governance controls. Prepare and present regular reports to senior management and collaborators. Maintain the risk registry, issues management and related processes. Support the development and/or consolidation, streamlining, simplification and execution of Privacy and AI risk management practices. Effectively apply risk methodologies as derived from Privacy and AI standards and protocols. Regulatory Compliance: Stay informed about global privacy, artificial intelligence, and data governance regulations, standards, and guidelines. Be responsible for the company's compliance with relevant laws and standards, ensuring effective implementation, monitoring and reporting. Develop and maintain the risk and control library. Maintain a solid understanding of privacy, AI, and data governance practices, tools, processes, and requirements. Prepare and lead audit and compliance documentation, working with internal and external auditors. Support various education and awareness activities. Technology Leverage technology to integrate efficiencies and improve effectiveness of GRC processes. Align the DLO risk posture with the overall company risk appetite in our GRC tool. Support the management and integration of the GRC tool and processes Leverage technology, including artificial intelligence, to automate and find efficiencies in various program controls. Basic Qualifications: Bachelor's degree in a discipline related to risk management, information systems/ computer science, information management or related field 7+ years of experience in a role creating, implementing, and leading Privacy and/or AI governance, risk or compliance activities. 5+ years of experience in leading or working on Enterprise Risk Management, Cybersecurity, Data Privacy or Compliance/Quality efforts. Qualified applicants must be authorized to work in the United States on a full-time basis. Lilly will not provide support for or sponsor work authorization and/or visas for this role. Additional Skills/Preferences: Solid understanding of various risk management frameworks, AI and privacy laws, regulations, and standards (e.g., NIST AI RMF, NIST Privacy Framework, ISO, NIST CSF, EU AI Act, GDPR, CPRA, HIPAA). Demonstrated ability to lead projects and appropriately advance issues and barriers Demonstrated ability to think and act strategically Demonstrated ability to problem solve, able to effectively seek ways to resolve issues in a streamlined approach with acknowledging inherent complexities Experience with privacy-enhancing technologies, data governance, and risk management Proficiency in developing and tracking privacy, AI, or security metrics and KPIs Proficiency in PIA/DPIA methodologies, presided over or participated in privacy by design work Certification in artificial intelligence, privacy, or risk management such as AIGP, CIPP, CIPM, CIPT, CRISC, CDPSE, or similar Organizational Change education and/or certification Experience as an IT/Security/Privacy/AI auditor Strong communication, presentation, and interpersonal skills Ability to work independently and multi-functionally in a fast-paced environment High attention to detail and accuracy Additional Information: Role located in Indianapolis, IN with a hybrid work model. Lilly is dedicated to helping individuals with disabilities to actively engage in the workforce, ensuring equal opportunities when vying for positions. If you require accommodation to submit a resume for a position at Lilly, please complete the accommodation request form ( for further assistance. Please note this is for individuals to request an accommodation as part of the application process and any other correspondence will not receive a response. Lilly is proud to be an EEO Employer and does not discriminate on the basis of age, race, color, religion, gender identity, sex, gender expression, sexual orientation, genetic information, ancestry, national origin, protected veteran status, disability, or any other legally protected status. Our employee resource groups (ERGs) offer strong support networks for their members and are open to all employees. Our current groups include: Africa, Middle East, Central Asia Network, Black Employees at Lilly, Chinese Culture Network, Japanese International Leadership Network (JILN), Lilly India Network, Organization of Latinx at Lilly (OLA), PRIDE (LGBTQ+ Allies), Veterans Leadership Network (VLN), Women’s Initiative for Leading at Lilly (WILL), enAble (for people with disabilities). Learn more about all of our groups. Actual compensation will depend on a candidate’s education, experience, skills, and geographic location. The anticipated wage for this position is $127,500 - $187,000 Full-time equivalent employees also will be eligible for a company bonus (depending, in part, on company and individual performance). In addition, Lilly offers a comprehensive benefit program to eligible employees, including eligibility to participate in a company-sponsored 401(k); pension; vacation benefits; eligibility for medical, dental, vision and prescription drug benefits; flexible benefits (e.g., healthcare and/or dependent day care flexible spending accounts); life insurance and death benefits; certain time off and leave of absence benefits; and well-being benefits (e.g., employee assistance program, fitness benefits, and employee clubs and activities).Lilly reserves the right to amend, modify, or terminate its compensation and benefit programs in its sole discretion and Lilly’s compensation practices and guidelines will apply regarding the details of any promotion or transfer of Lilly employees. #WeAreLilly Apply tot his job Apply tot his job Apply To this Job