At Lilly, we unite caring with discovery to make life better for people around the world. We are a global healthcare leader headquartered in Indianapolis, Indiana. Our employees around the world work to discover and bring life-changing medicines to those who need them, improve the understanding and management of disease, and give back to our communities through philanthropy and volunteerism. We give our best effort to our work, and we put people first. We’re looking for people who are determined to make life better for people around the world.
What You'll Be Doing:
This Security Architect will be part of the Lilly Cybersecurity team, responsible for delivering and securing technology that supports the Lilly mission, specifically focused on executing high risk segmentation plans and conducting deep network security analysis and consulting. This role is a senior technical contributor who will partner with the various business, enterprise IT, and larger information security teams to ensure technology is designed and deployed securely and aligned with Information Security and enterprise technology strategies. The Security Architect will be responsible for conducting security consulting engagements across different business units, identifying, and addressing complex technical and business problems, and providing clear requirements, mitigations, and communications to achieve the desired security posture. The Security Architect will also create and document architecture references, design patterns, and security guidance as needed.
How You'll Succeed:
The ideal candidate will have a firm understanding and experience with enterprise-level IT applications and infrastructure, and experience in designing and deploying secure solutions. They will also have broad knowledge and deep experience in one or more technical security topics, such as cloud or networking, and be able to mentor and review other team members in building threat models. Additionally, the candidate will have strong critical thinking, analytical reasoning, and communication skills, and be able to define and influence security strategy and vision, while also supporting and advising on tactical security initiatives. This candidate is expected to be able to function as a technical lead on key cybersecurity initiatives and drive practical solutions to complex problems that minimize impact to the business while enhancing security.
What You Should Bring:
Experience in network security engineering and application security, including evaluating the security and threats associated with SaaS solutions, and applying security controls and tools to mitigate them.
Experience in performing threat analysis and modeling, using various frameworks such as Cloud Security Matrix, NIST CSF, CIS Critical Security Controls, TOGAF, SABSA, MITRE ATT&CK, STRIDE, etc.
Experience in developing and documenting architecture references, security guidelines, and standards, and incorporating regulatory and industry standards into cybersecurity designs, such as ISO/IEC, PCI DSS, SOX, HIPAA, GDPR, CCPA, etc.
Experience in Cybersecurity Engineering/Operations, Incident Response, Program and project management, GRC functions, and product/service management disciplines.
A strong understanding of common services used in cloud-based architectures, with expertise in at least one cloud vendor (AWS, GCP, or Azure), and awareness of Cloud Platform Security and controls.
A strong understanding of secure application development and the tools/techniques used to ensure that the associated threats are mitigated.
Experience in addressing consumer data regulations through security controls and solution design.
Experience in cyber security for M&A integrations or Divestitures.
Strong written/verbal communication and presentation skills, with the ability to tailor to different audiences.
Strong critical thinking, analytical reasoning, and thought leadership capabilities.
Willingness to provide mentorship to more junior security engineers and analysts within the team.
Empathy for engineering teams, with the ability to balance security guidelines and policies with operational needs to maintain desired end-state corporate security posture.
Well-developed organization and time management skillset. Experience leading a large, technical program to successful resolution.
Your Basic Qualifications:
Bachelor’s degree in computer science, information security, or related field
8+ years of experience in cyber security
4+ years in a leadership role
Additional Preferences:
Master’s degree or relevant certification (e.g. CISSP, CISM, CRISC, CGEIT) preferred.
A strong working knowledge of current IT risks, security implementations, and computer operating and software programs.
Experience in designing, building, implementing, and supporting enterprise-class security systems and architectures.
Experience in performing threat analysis and modeling, using various frameworks and tools.
Experience with implement network segmentation and robust network security practices to support cybersecurity objectives.
Experience in developing and documenting security standards, guidelines, and best practices.
Experience in ensuring compliance with applicable laws and regulations, such as ISO/IEC, PCI DSS, SOX, HIPAA, GDPR, CCPA, etc.
Experience in managing security improvement projects and leading cybersecurity teams.
Experience in addressing consumer data regulations and cyber security for M&A integrations.
A strong understanding of common services used in cloud-based architectures, with expertise in at least one cloud vendor (AWS, GCP, or Azure), and awareness of cloud platform security and controls.
A strong understanding of secure application development and the tools/techniques used to mitigate associated threats.
Strong critical thinking, analytical reasoning, and thought leadership capabilities.
Strong written/verbal communication and presentation skills, with the ability to tailor to different audiences.
Willingness to provide mentorship to more junior security engineers and analysts within the team.
Additional Information:
Remote
Lilly currently anticipates that the base salary for this position could range from between $148,500 to $217,800 and will depend, in part, on the successful candidate’s qualifications for the role, including education and experience. Full-time equivalent employees also will be eligible for a company bonus (depending, in part, on company and individual performance). In addition, Lilly offers a comprehensive benefit program to eligible employees, including eligibility to participate in a company-sponsored 401(k); pension; vacation benefits; eligibility for medical, dental, vision and prescription drug benefits; flexible benefits (e.g., healthcare and/or dependent day care flexible spending accounts); life insurance and death benefits; certain time off and leave of absence benefits; and well-being benefits (e.g., employee assistance program, fitness benefits, and employee clubs and activities). Of course, the compensation described above is subject to change and could be higher or lower than the range described above. Further, Lilly reserves the right to amend, modify, or terminate its compensation and benefit programs in its sole discretion and Lilly’s compensation practices and guidelines will apply regarding the details of any promotion or transfer of Lilly employees.
Eli Lilly and Company, Lilly USA, LLC and our wholly owned subsidiaries (collectively “Lilly”) are committed to help individuals with disabilities to participate in the workforce and ensure equal opportunity to compete for jobs. If you require an accommodation to submit a resume for positions at Lilly, please email Lilly Human Resources ( Lilly_Recruiting_Compliance@lists.lilly.com ) for further assistance. Please note This email address is intended for use only to request an accommodation as part of the application process. Any other correspondence will not receive a response.
Lilly is an EEO/Affirmative Action Employer and does not discriminate on the basis of age, race, color, religion, gender, sexual orientation, gender identity, gender expression, national origin, protected veteran status, disability or any other legally protected status.
Our employee resource groups (ERGs) offer strong support networks for their members and help our company develop talented individuals for future leadership roles. Our current groups include: Africa, Middle East, Central Asia Network, African American Network, Chinese Culture Network, Early Career Professionals, Japanese International Leadership Network (JILN), Lilly India Network, Organization of Latinos at Lilly, PRIDE (LGBTQ + Allies), Veterans Leadership Network, Women’s Network, Working and Living with Disabilities. Learn more about all of our groups.
#WeAreLilly