Associate Director - Governance, Risk & Compliance Analyst

About The Position

Requirements

• Bachelor's degree in a discipline related to risk management, information systems/ computer science, information management or related field
• 7+ years of experience in a role creating, implementing, and leading Privacy and/or AI governance, risk or compliance activities.
• 5+ years of experience in leading or working on Enterprise Risk Management, Cybersecurity, Data Privacy or Compliance/Quality efforts.
• Qualified applicants must be authorized to work in the United States on a full-time basis. Lilly will not provide support for or sponsor work authorization and/or visas for this role.

Nice To Haves

• Solid understanding of various risk management frameworks, AI and privacy laws, regulations, and standards (e.g., NIST AI RMF, NIST Privacy Framework, ISO, NIST CSF, EU AI Act, GDPR, CPRA, HIPAA).
• Demonstrated ability to lead projects and appropriately advance issues and barriers
• Demonstrated ability to think and act strategically
• Demonstrated ability to problem solve, able to effectively seek ways to resolve issues in a streamlined approach with acknowledging inherent complexities
• Experience with privacy-enhancing technologies, data governance, and risk management
• Proficiency in developing and tracking privacy, AI, or security metrics and KPIs
• Proficiency in PIA/DPIA methodologies, presided over or participated in privacy by design work
• Certification in artificial intelligence, privacy, or risk management such as AIGP, CIPP, CIPM, CIPT, CRISC, CDPSE, or similar
• Organizational Change education and/or certification
• Experience as an IT/Security/Privacy/AI auditor
• Strong communication, presentation, and interpersonal skills
• Ability to work independently and multi-functionally in a fast-paced environment
• High attention to detail and accuracy

Responsibilities

• Policy Development & Management:
• Drive the creation and adoption of Lilly’s Privacy and AI policies and standards.
• Lead the enterprise implementation of Lilly’s Privacy and AI policies and standards.
• Develop, implement, and maintain a comprehensive GRC framework that address privacy, AI, and data governance.
• Ensure compliance with industry standards, regulatory requirements, and organizational objectives.
• Supervise and analyze changes in regulations and industry trends to update policies and frameworks accordingly.
• Ensure policies are up to date with evolving threats, technologies, and legal requirements.
• Ensure that policies are reviewed and updated at a regular cadence.
• Refine and maintain procedures and job aids supporting the GRC framework and risk management lifecycle (e.g., maintenance, implementation, change control).
• Provide and support training and guidance to staff on GRC policies and procedures.
• Collaborate with multi-functional teams to integrate policies into business processes and technology solutions.
• Risk Management:
• Participate in the performance of internal assessments and gap analyses.
• Report issues and recommend corrective actions to support the maturity and effectiveness of key controls.
• Lead key performance and risk indicators (critical metrics/KRIs).
• Use data-driven insights to identify and respond to risks.
• Develop and maintain supervising mechanisms to ensure compliance with privacy, AI, and data governance controls.
• Prepare and present regular reports to senior management and collaborators.
• Maintain the risk registry, issues management and related processes.
• Support the development and/or consolidation, streamlining, simplification and execution of Privacy and AI risk management practices.
• Effectively apply risk methodologies as derived from Privacy and AI standards and protocols.
• Regulatory Compliance:
• Stay informed about global privacy, artificial intelligence, and data governance regulations, standards, and guidelines.
• Be responsible for the company's compliance with relevant laws and standards, ensuring effective implementation, monitoring and reporting.
• Develop and maintain the risk and control library.
• Maintain a solid understanding of privacy, AI, and data governance practices, tools, processes, and requirements.
• Prepare and lead audit and compliance documentation, working with internal and external auditors.
• Support various education and awareness activities.
• Technology
• Leverage technology to integrate efficiencies and improve effectiveness of GRC processes.
• Align the DLO risk posture with the overall company risk appetite in our GRC tool.
• Support the management and integration of the GRC tool and processes
• Leverage technology, including artificial intelligence, to automate and find efficiencies in various program controls.

Benefits

• Lilly is dedicated to helping individuals with disabilities to actively engage in the workforce, ensuring equal opportunities when vying for positions. If you require accommodation to submit a resume for a position at Lilly, please complete the accommodation request form (https://careers.lilly.com/us/en/workplace-accommodation) for further assistance. Please note this is for individuals to request an accommodation as part of the application process and any other correspondence will not receive a response.
• Lilly is proud to be an EEO Employer and does not discriminate on the basis of age, race, color, religion, gender identity, sex, gender expression, sexual orientation, genetic information, ancestry, national origin, protected veteran status, disability, or any other legally protected status.
• Our employee resource groups (ERGs) offer strong support networks for their members and are open to all employees. Our current groups include: Africa, Middle East, Central Asia Network, Black Employees at Lilly, Chinese Culture Network, Japanese International Leadership Network (JILN), Lilly India Network, Organization of Latinx at Lilly (OLA), PRIDE (LGBTQ+ Allies), Veterans Leadership Network (VLN), Women’s Initiative for Leading at Lilly (WILL), enAble (for people with disabilities). Learn more about all of our groups.
• Actual compensation will depend on a candidate’s education, experience, skills, and geographic location.
• The anticipated wage for this position is $127,500 - $187,000
• Full-time equivalent employees also will be eligible for a company bonus (depending, in part, on company and individual performance).
• In addition, Lilly offers a comprehensive benefit program to eligible employees, including eligibility to participate in a company-sponsored 401(k); pension; vacation benefits; eligibility for medical, dental, vision and prescription drug benefits; flexible benefits (e.g., healthcare and/or dependent day care flexible spending accounts); life insurance and death benefits; certain time off and leave of absence benefits; and well-being benefits (e.g., employee assistance program, fitness benefits, and employee clubs and activities).
• Lilly reserves the right to amend, modify, or terminate its compensation and benefit programs in its sole discretion and Lilly’s compensation practices and guidelines will apply regarding the details of any promotion or transfer of Lilly employees.
• At Lilly we strive to ensure our employees are part of a team that cares about them and our shared purpose of making life better for those around the world. How do we do this? We continue to look for ways to include, innovate, accelerate and deliver while maintaining integrity, excellence and respect for people. We hope that you seek to join us on our journey as we create medicine and deliver improved outcomes for patients across the globe!