Associate Director - Governance, Risk & Compliance Analyst
Company: Eli Lilly and Company
Location: Indianapolis
Posted on: February 1, 2026
|
|
|
Job Description:
At Lilly, we unite caring with discovery to make life better for
people around the world. We are a global healthcare leader
headquartered in Indianapolis, Indiana. Our employees around the
world work to discover and bring life-changing medicines to those
who need them, improve the understanding and management of disease,
and give back to our communities through philanthropy and
volunteerism. We give our best effort to our work, and we put
people first. We’re looking for people who are determined to make
life better for people around the world. At Lilly, we unite caring
with discovery to make life better for people around the world. We
are a global healthcare leader headquartered in Indianapolis,
Indiana. Our 39,000 employees around the world work to discover and
bring life-changing medicines to those who need them, improve the
understanding and management of disease, and give back to our
communities through philanthropy and volunteerism. We give our best
effort to our work, and we put people first. We are looking for
people who are determined to make life better for people around the
world. WeAreLilly. Purpose: We are seeking a skilled and motivated
Associate Director- Governance, Risk and Compliance (GRC) Analyst
to join our data governance, privacy, cybersecurity, and artificial
intelligence team (the “Digital Legal Office”) within the Legal
department. This role is pivotal in maintaining a robust GRC
framework that encompasses comprehensive privacy, artificial
intelligence (AI), and data governance requirements. The ideal
candidate will possess a deep understanding of the risk management
rigor, Privacy and AI risks & controls, digital governance and
compliance combined with exceptional leadership and communication
skills to ensure that our policies and processes align with
industry standards, regulatory requirements, and organizational
goals. They will be responsible for maintaining and orchestrating
the risk management lifecycle and associated processes to enable
risk-informed decisions for the DLO areas of oversight in managing
our risks. Responsibilities Policy Development & Management: Drive
the creation and adoption of Lilly’s Privacy and AI policies and
standards. Lead the enterprise implementation of Lilly’s Privacy
and AI policies and standards. Develop, implement, and maintain a
comprehensive GRC framework that address privacy, AI, and data
governance. Ensure compliance with industry standards, regulatory
requirements, and organizational objectives. Supervise and analyze
changes in regulations and industry trends to update policies and
frameworks accordingly. Ensure policies are up to date with
evolving threats, technologies, and legal requirements. Ensure that
policies are reviewed and updated at a regular cadence. Refine and
maintain procedures and job aids supporting the GRC framework and
risk management lifecycle (e.g., maintenance, implementation,
change control). Provide and support training and guidance to staff
on GRC policies and procedures. Collaborate with multi-functional
teams to integrate policies into business processes and technology
solutions. Risk Management: Participate in the performance of
internal assessments and gap analyses. Report issues and recommend
corrective actions to support the maturity and effectiveness of key
controls. Lead key performance and risk indicators (critical
metrics/KRIs). Use data-driven insights to identify and respond to
risks. Develop and maintain supervising mechanisms to ensure
compliance with privacy, AI, and data governance controls. Prepare
and present regular reports to senior management and collaborators.
Maintain the risk registry, issues management and related
processes. Support the development and/or consolidation,
streamlining, simplification and execution of Privacy and AI risk
management practices. Effectively apply risk methodologies as
derived from Privacy and AI standards and protocols. Regulatory
Compliance: Stay informed about global privacy, artificial
intelligence, and data governance regulations, standards, and
guidelines. Be responsible for the company's compliance with
relevant laws and standards, ensuring effective implementation,
monitoring and reporting. Develop and maintain the risk and control
library. Maintain a solid understanding of privacy, AI, and data
governance practices, tools, processes, and requirements. Prepare
and lead audit and compliance documentation, working with internal
and external auditors. Support various education and awareness
activities. Technology Leverage technology to integrate
efficiencies and improve effectiveness of GRC processes. Align the
DLO risk posture with the overall company risk appetite in our GRC
tool. Support the management and integration of the GRC tool and
processes Leverage technology, including artificial intelligence,
to automate and find efficiencies in various program controls.
Basic Qualifications : Bachelor's degree in a discipline related to
risk management, information systems/ computer science, information
management or related field 7 years of experience in a role
creating, implementing, and leading Privacy and/or AI governance,
risk or compliance activities. 5 years of experience in leading or
working on Enterprise Risk Management, Cybersecurity, Data Privacy
or Compliance/Quality efforts. Qualified applicants must be
authorized to work in the United States on a full-time basis. Lilly
will not provide support for or sponsor work authorization and/or
visas for this role. Additional Skills/Preferences: Solid
understanding of various risk management frameworks, AI and privacy
laws, regulations, and standards (e.g., NIST AI RMF, NIST Privacy
Framework, ISO, NIST CSF, EU AI Act, GDPR, CPRA, HIPAA).
Demonstrated ability to lead projects and appropriately advance
issues and barriers Demonstrated ability to think and act
strategically Demonstrated ability to problem solve, able to
effectively seek ways to resolve issues in a streamlined approach
with acknowledging inherent complexities Experience with
privacy-enhancing technologies, data governance, and risk
management Proficiency in developing and tracking privacy, AI, or
security metrics and KPIs Proficiency in PIA/DPIA methodologies,
presided over or participated in privacy by design work
Certification in artificial intelligence, privacy, or risk
management such as AIGP, CIPP, CIPM, CIPT, CRISC, CDPSE, or similar
Organizational Change education and/or certification Experience as
an IT/Security/Privacy/AI auditor Strong communication,
presentation, and interpersonal skills Ability to work
independently and multi-functionally in a fast-paced environment
High attention to detail and accuracy Additional Information: Role
located in Indianapolis, IN with a hybrid work model. Lilly is
dedicated to helping individuals with disabilities to actively
engage in the workforce, ensuring equal opportunities when vying
for positions. If you require accommodation to submit a resume for
a position at Lilly, please complete the accommodation request form
( https://careers.lilly.com/us/en/workplace-accommodation ) for
further assistance. Please note this is for individuals to request
an accommodation as part of the application process and any other
correspondence will not receive a response. Lilly is proud to be an
EEO Employer and does not discriminate on the basis of age, race,
color, religion, gender identity, sex, gender expression, sexual
orientation, genetic information, ancestry, national origin,
protected veteran status, disability, or any other legally
protected status. Our employee resource groups (ERGs) offer strong
support networks for their members and are open to all employees.
Our current groups include: Africa, Middle East, Central Asia
Network, Black Employees at Lilly, Chinese Culture Network,
Japanese International Leadership Network (JILN), Lilly India
Network, Organization of Latinx at Lilly (OLA), PRIDE (LGBTQ
Allies), Veterans Leadership Network (VLN), Women’s Initiative for
Leading at Lilly (WILL), enAble (for people with disabilities).
Learn more about all of our groups. Actual compensation will depend
on a candidate’s education, experience, skills, and geographic
location. The anticipated wage for this position is $127,500 -
$187,000 Full-time equivalent employees also will be eligible for a
company bonus (depending, in part, on company and individual
performance). In addition, Lilly offers a comprehensive benefit
program to eligible employees, including eligibility to participate
in a company-sponsored 401(k); pension; vacation benefits;
eligibility for medical, dental, vision and prescription drug
benefits; flexible benefits (e.g., healthcare and/or dependent day
care flexible spending accounts); life insurance and death
benefits; certain time off and leave of absence benefits; and
well-being benefits (e.g., employee assistance program, fitness
benefits, and employee clubs and activities).Lilly reserves the
right to amend, modify, or terminate its compensation and benefit
programs in its sole discretion and Lilly’s compensation practices
and guidelines will apply regarding the details of any promotion or
transfer of Lilly employees. WeAreLilly
Keywords: Eli Lilly and Company, Terre Haute , Associate Director - Governance, Risk & Compliance Analyst, IT / Software / Systems , Indianapolis, Indiana
