Cybersecurity Director

At Lilly, we unite caring with discovery to make life better for people around the world. We are a global healthcare leader headquartered in Indianapolis, Indiana. Our employees around the world work to discover and bring life-changing medicines to those who need them, improve the understanding and management of disease, and give back to our communities through philanthropy and volunteerism. We give our best effort to our work, and we put people first. We’re looking for people who are determined to make life better for people around the world.

What You'll Be Doing: As a Cybersecurity Director, you will lead security due diligence for mergers and acquisitions while overseeing critical security architecture reviews and special cybersecurity programs. You will evaluate security postures of potential acquisitions, develop integration strategies, and manage high-impact cyber initiatives. This role involves strategic risk assessment, executive stakeholder management, and driving security improvements across the organization through specialized programs and architecture governance.

How You'll Succeed:

• Due diligence expertise: You will demonstrate comprehensive knowledge of security risk assessment methodologies for M&A activities and critical business initiatives.
• Strategic oversight: Success requires the ability to evaluate complex security architectures and identify material risks requiring remediation.
• Program management: You will effectively lead special cyber programs from conception through implementation with measurable outcomes.
• Executive communication: Strong ability to translate technical security findings into business impact analyses for senior leadership.
• Risk prioritization: You will develop frameworks to consistently evaluate and communicate security risks across diverse technology landscapes.
• Cross-functional leadership: Coordinate effectively between technical teams, business stakeholders, and executive leadership on critical initiatives.

Key Responsibilities:

• Lead security due diligence for mergers, acquisitions, and divestitures
• Oversee security architecture reviews for high-risk or strategic projects
• Develop and manage special cybersecurity programs and initiatives
• Create risk assessment frameworks for evaluating acquisition targets
• Establish security integration roadmaps for acquired companies
• Identify material security gaps and recommend strategic remediation approaches
• Prepare executive-level security risk summaries and recommendations
• Drive security improvements through specialized programs
• Coordinate with legal, privacy, and compliance teams on due diligence activities
• Develop standardized approaches for security architecture reviews
• Leading M&A security assessments, developing integration strategies, conducting architecture reviews, and managing special cyber programs.

What You Should Bring:

• Extensive experience in cybersecurity risk assessment and due diligence processes
• Strong background in security architecture principles and evaluation methodologies
• Experience managing special cybersecurity programs or strategic initiatives
• Knowledge of security frameworks (NIST CSF, ISO 27001, MITRE ATT&CK)
• Proven track record of successful M&A security integration projects
• Ability to evaluate complex technology environments for security risks
• Experience presenting security findings to executive leadership
• Strong project management and stakeholder management skills
• Strategic thinking with practical implementation capabilities
• Understanding of industry-specific security requirements and regulations
• Risk assessment expertise: Evaluating security postures of acquisition targets, identifying material risks, developing integration strategies, and leading special cybersecurity programs across the organization.

Your Basic Qualifications:

• Bachelor's Degree in Computer Science, Information Security, or related field OR equivalent combination of education and experience
• At least ten years of experience in cybersecurity with focus on risk assessment, architecture review, or M&A due diligence
• Experience managing or leading special cybersecurity programs or initiatives
• Qualified candidates must be legally authorized to be employed in the United States. The company does not anticipate providing sponsorship for employment visa status (e.g., H-1B or TN status) now or in the future.

Lilly is dedicated to helping individuals with disabilities to actively engage in the workforce, ensuring equal opportunities when vying for positions. If you require accommodation to submit a resume for a position at Lilly, please complete the accommodation request form (https://careers.lilly.com/us/en/workplace-accommodation) for further assistance. Please note this is for individuals to request an accommodation as part of the application process and any other correspondence will not receive a response.

Lilly is proud to be an EEO Employer and does not discriminate on the basis of age, race, color, religion, gender identity, sex, gender expression, sexual orientation, genetic information, ancestry, national origin, protected veteran status, disability, or any other legally protected status.

Our employee resource groups (ERGs) offer strong support networks for their members and are open to all employees. Our current groups include: Africa, Middle East, Central Asia Network, Black Employees at Lilly, Chinese Culture Network, Japanese International Leadership Network (JILN), Lilly India Network, Organization of Latinx at Lilly (OLA), PRIDE (LGBTQ+ Allies), Veterans Leadership Network (VLN), Women’s Initiative for Leading at Lilly (WILL), enAble (for people with disabilities). Learn more about all of our groups.

Actual compensation will depend on a candidate’s education, experience, skills, and geographic location.  The anticipated wage for this position is

Full-time equivalent employees also will be eligible for a company bonus (depending, in part, on company and individual performance). In addition, Lilly offers a comprehensive benefit program to eligible employees, including eligibility to participate in a company-sponsored 401(k); pension; vacation benefits; eligibility for medical, dental, vision and prescription drug benefits; flexible benefits (e.g., healthcare and/or dependent day care flexible spending accounts); life insurance and death benefits; certain time off and leave of absence benefits; and well-being benefits (e.g., employee assistance program, fitness benefits, and employee clubs and activities).Lilly reserves the right to amend, modify, or terminate its compensation and benefit programs in its sole discretion and Lilly’s compensation practices and guidelines will apply regarding the details of any promotion or transfer of Lilly employees.

#WeAreLilly