Cybersecurity Business Analyst - Manufacturing and Quality

About The Position

Requirements

• Bachelor's degree in Computer Science, Cybersecurity, Information Technology, or a related technical field
• 5+ years of experience in cybersecurity strategy, governance, risk management, or security operations
• Comprehensive expertise across cybersecurity domains: prevention, detection, incident response, recovery, and compliance
• Deep knowledge of security frameworks (NIST CSF, ISO 27001/27002, CIS Controls) and IT risk management standards
• Proven track record managing complex security programs and cross-functional initiatives
• Industry-recognized certification (CISSP, CISM, CRISC, or equivalent)

Nice To Haves

• Master's degree in Cybersecurity, Information Security, or related field
• Experience in pharmaceutical, life sciences, or highly regulated manufacturing environments
• Knowledge of GxP regulations (GMP, CSV/CSA) and how they intersect with cybersecurity requirements
• Familiarity with OT/ICS security, SCADA systems, and IT/OT convergence challenges
• Outstanding communication skills with the ability to articulate technical cyber risks to non-technical business audiences.
• Experience influencing upward and presenting to senior leadership, including security metrics, business cases, and risk decisions
• Experience with SAP security, manufacturing execution systems (MES), or enterprise quality management systems
• Multiple security certifications (e.g., CISSP + CISM, or specialized certifications like GIAC, SANS)

Responsibilities

• Drive cybersecurity strategy and roadmap priorities for Manufacturing and Quality, balancing security requirements with operational needs and GMP compliance across 50+ global manufacturing sites
• Partner with business and IT teams to embed security into SAP manufacturing systems, OT/SCADA environments, quality management platforms, and emerging technologies through secure design principles
• Translate cyber risks into business language for Manufacturing and Quality leadership, presenting security metrics, scorecards, and risk acceptance decisions to executive stakeholders
• Build strategic relationships with internal customers and external partners (CMOs, vendors) to assess and reduce cybersecurity risks while maintaining operational continuity
• Lead security awareness and adoption initiatives within Manufacturing and Quality, influencing security-conscious behaviors and ensuring teams understand their role in protecting critical infrastructure
• Monitor compliance and drive remediation activities to improve the business security posture, ensuring alignment with security policies, industry frameworks (NIST, ISO), and regulatory requirements
• Stay ahead of emerging threats by continuously monitoring cybersecurity trends, attack vectors specific to pharma/manufacturing, and evolving mitigation techniques to enhance preventative and detective capabilities

Benefits

• Actual compensation will depend on a candidate’s education, experience, skills, and geographic location.
• The anticipated wage for this position is $64,500 - $151,800
• Full-time equivalent employees also will be eligible for a company bonus (depending, in part, on company and individual performance).
• In addition, Lilly offers a comprehensive benefit program to eligible employees, including eligibility to participate in a company-sponsored 401(k); pension; vacation benefits; eligibility for medical, dental, vision and prescription drug benefits; flexible benefits (e.g., healthcare and/or dependent day care flexible spending accounts); life insurance and death benefits; certain time off and leave of absence benefits; and well-being benefits (e.g., employee assistance program, fitness benefits, and employee clubs and activities).Lilly reserves the right to amend, modify, or terminate its compensation and benefit programs in its sole discretion and Lilly’s compensation practices and guidelines will apply regarding the details of any promotion or transfer of Lilly employees.