Be an early applicantLess than 25 applicants

Company

BioSpace · 10 hours ago

Associate Director - Business Risks & Controls - US Consumer

United States

Full-time

Remote

Director/Executive

$126K/yr - $185K/yr

4+ years exp

Maximize your interview chances

BiotechnologyCommunities

Comp. & Benefits

No H1B

Insider Connection @BioSpace

Discover valuable connections within the company who might provide insights and potential referrals.
Get 3x more responses when you reach out via email instead of LinkedIn.

Responsibilities

Create and manage the first line Risk & Controls Assurance Program for the Global Customer Office ensuring a sustainable and disciplined end-to-end control environment and serve as the primary business liaison to second line teams

Establish GCO’s control framework process including the identification, classification and review of the control environment

Proactively monitor and evaluate control effectiveness, define key control indicators, identify gaps, and recommend enhancements to strengthen risk posture

Recognized technical authority for GCO privacy and cyber controls

Support technical, legal and compliance teams in the quality, completeness and accuracy of enterprise control frameworks applied to the GCO organization (ex: NIST and Process, Risk & Control frameworks) for Personal Information including Sensitive Personal Information

Partner with control and process owners to recommend corrective actions and improvements, provide challenge to ensure appropriate escalation in accordance with Issue Management and Escalation policies

Responsible for incident management processes associated with controls

Ensure effective identification, quantification, communication, and management of GCO’s risks, focusing on root cause analysis and resolution recommendations

Develop and maintain robust relationships, becoming a trusted partner with second line teams, technologists, assessment teams, and data officers to facilitate cross-functional collaboration and progress toward shared goals

Execute reporting and governance of controls, policies, issue management, and measurements, offering senior management insights into control effectiveness and inform governance work

Provide expertise and understanding of regulatory environment and new developments; develop and recommend action plans for initiatives that have regulatory impact

Apply specialized knowledge in particular non-financial risk domains, and broad acumen across facets of all domains including data, privacy, cybersecurity, technology, cloud, operational resiliency, third party and product risk

Coordinate risk and control responsibilities and ensure accountabilities are embedded within the business, including providing training and leading by example

Qualification

Find out how your skills align with this job's requirements. If anything seems off, you can easily click on the tags to select or unselect skills to reflect your actual expertise.

Risk ManagementControls GovernanceCybersecurityPrivacy ComplianceData SecurityRegulatory ComplianceControl FrameworksIncident ManagementStakeholder ManagementAgile DevelopmentIT Control CertificationsTechnical Communication

Required

Bachelor's degree or higher preferably in STEM-related field (e.g., Computer Science, Cybersecurity, Engineering, Data Science, or Applied Mathematics)

4+ years of experience in technology risk management and controls governance

Qualified candidates must be legally authorized to be employed in the United States. Lilly does not anticipate providing sponsorship for employment visa status (e.g., H-1B or TN status) for this employment position.

Preferred

Strong understanding of regulatory compliance requirements, best practices, and industry risk and control frameworks such as NIST CSF, CRI Cyber Profile, CSA Cloud Controls, ISO 27000, COBIT, Basel Operational Risk Principles

Familiarity with global laws and regulations related to technology, cyber and privacy

Proficient knowledge and expertise in data security, risk assessment & reporting, control evaluation, design, and governance, with a proven record of implementing effective risk mitigation strategies

Excellent leadership, analytical, and problem-solving skills

Demonstrated ability to communicate, translate and simplify complex technical risk and control concepts for non-technical stakeholders to enable clear understanding and informed decision-making

Strong collaborator able to build and maintain strong relationships with agile teams and internal/external stakeholders

High intellectual curiosity with a passion for data privacy and security controls

Experience in highly regulated industries including pharmaceutical, device manufacturer, health or financial services industries

IT-control related certifications (e.g., CISSP, CRISC, CISA, CISM, CIPT, CIPP)

Familiarity with Agile development