Associate Director - Governance, Risk & Compliance Analyst
Scorpion Therapeutics, Indianapolis, Indiana, us, 46262
Role Summary
Associate Director, Governance, Risk & Compliance (GRC) Analyst to join Lilly’s Digital Legal Office within the Legal department. Responsible for maintaining a robust GRC framework covering privacy, AI, and data governance; lead risk management lifecycle; ensure policy alignment with industry standards and regulatory requirements; enable risk-informed decisions and collaborate with cross-functional teams. Location Indianapolis, IN with hybrid work model. Responsibilities
Policy Development & Management: Drive the creation and adoption of Lilly’s Privacy and AI policies and standards. Lead the enterprise implementation of Lilly’s Privacy and AI policies and standards. Develop, implement, and maintain a comprehensive GRC framework that address privacy, AI, and data governance. Ensure compliance with industry standards, regulatory requirements, and organizational objectives. Supervise and analyze changes in regulations and industry trends to update policies and frameworks accordingly. Ensure policies are up to date with evolving threats, technologies, and legal requirements. Ensure that policies are reviewed and updated at a regular cadence. Refine and maintain procedures and job aids supporting the GRC framework and risk management lifecycle (e.g., maintenance, implementation, change control). Provide and support training and guidance to staff on GRC policies and procedures. Collaborate with multi-functional teams to integrate policies into business processes and technology solutions. Risk Management: Participate in the performance of internal assessments and gap analyses. Report issues and recommend corrective actions to support the maturity and effectiveness of key controls. Lead key performance and risk indicators (critical metrics/KRIs). Use data-driven insights to identify and respond to risks. Develop and maintain supervising mechanisms to ensure compliance with privacy, AI, and data governance controls. Prepare and present regular reports to senior management and collaborators. Maintain the risk registry, issues management and related processes. Support the development and/or consolidation, streamlining, simplification and execution of Privacy and AI risk management practices. Effectively apply risk methodologies as derived from Privacy and AI standards and protocols. Regulatory Compliance: Stay informed about global privacy, artificial intelligence, and data governance regulations, standards, and guidelines. Be responsible for the company's compliance with relevant laws and standards, ensuring effective implementation, monitoring and reporting. Develop and maintain the risk and control library. Maintain a solid understanding of privacy, AI, and data governance practices, tools, processes, and requirements. Prepare and lead audit and compliance documentation, working with internal and external auditors. Support various education and awareness activities. Technology Leverage technology to integrate efficiencies and improve effectiveness of GRC processes. Align the DLO risk posture with the overall company risk appetite in our GRC tool. Support the management and integration of the GRC tool and processes Leverage technology, including artificial intelligence, to automate and find efficiencies in various program controls. Qualifications
Required: 7+ years of experience in a role creating, implementing, and leading Privacy and/or AI governance, risk or compliance activities. Required: 5+ years of experience in leading or working on Enterprise Risk Management, Cybersecurity, Data Privacy or Compliance/Quality efforts. Required: Authorized to work in the United States on a full-time basis; Lilly will not sponsor work authorization or visas for this role. Education
Bachelor's degree in a discipline related to risk management, information systems/ computer science, information management or related field Skills
Required: Solid understanding of various risk management frameworks, AI and privacy laws, regulations, and standards (e.g., NIST AI RMF, NIST Privacy Framework, ISO, NIST CSF, EU AI Act, GDPR, CPRA, HIPAA). Preferred: Demonstrated ability to lead projects and appropriately advance issues and barriers. Preferred: Demonstrated ability to think and act strategically. Preferred: Problem solving, able to effectively seek ways to resolve issues in a streamlined approach with acknowledging inherent complexities. Preferred: Experience with privacy-enhancing technologies, data governance, and risk management. Preferred: Proficiency in developing and tracking privacy, AI, or security metrics and KPIs. Preferred: Proficiency in PIA/DPIA methodologies, presided over or participated in privacy by design work. Preferred: Certification in artificial intelligence, privacy, or risk management such as AIGP, CIPP, CIPM, CIPT, CRISC, CDPSE, or similar. Preferred: Organizational Change education and/or certification. Preferred: Experience as an IT/Security/Privacy/AI auditor. Preferred: Strong communication, presentation, and interpersonal skills. Preferred: Ability to work independently and multi-functionally in a fast-paced environment. Preferred: High attention to detail.
#J-18808-Ljbffr
Associate Director, Governance, Risk & Compliance (GRC) Analyst to join Lilly’s Digital Legal Office within the Legal department. Responsible for maintaining a robust GRC framework covering privacy, AI, and data governance; lead risk management lifecycle; ensure policy alignment with industry standards and regulatory requirements; enable risk-informed decisions and collaborate with cross-functional teams. Location Indianapolis, IN with hybrid work model. Responsibilities
Policy Development & Management: Drive the creation and adoption of Lilly’s Privacy and AI policies and standards. Lead the enterprise implementation of Lilly’s Privacy and AI policies and standards. Develop, implement, and maintain a comprehensive GRC framework that address privacy, AI, and data governance. Ensure compliance with industry standards, regulatory requirements, and organizational objectives. Supervise and analyze changes in regulations and industry trends to update policies and frameworks accordingly. Ensure policies are up to date with evolving threats, technologies, and legal requirements. Ensure that policies are reviewed and updated at a regular cadence. Refine and maintain procedures and job aids supporting the GRC framework and risk management lifecycle (e.g., maintenance, implementation, change control). Provide and support training and guidance to staff on GRC policies and procedures. Collaborate with multi-functional teams to integrate policies into business processes and technology solutions. Risk Management: Participate in the performance of internal assessments and gap analyses. Report issues and recommend corrective actions to support the maturity and effectiveness of key controls. Lead key performance and risk indicators (critical metrics/KRIs). Use data-driven insights to identify and respond to risks. Develop and maintain supervising mechanisms to ensure compliance with privacy, AI, and data governance controls. Prepare and present regular reports to senior management and collaborators. Maintain the risk registry, issues management and related processes. Support the development and/or consolidation, streamlining, simplification and execution of Privacy and AI risk management practices. Effectively apply risk methodologies as derived from Privacy and AI standards and protocols. Regulatory Compliance: Stay informed about global privacy, artificial intelligence, and data governance regulations, standards, and guidelines. Be responsible for the company's compliance with relevant laws and standards, ensuring effective implementation, monitoring and reporting. Develop and maintain the risk and control library. Maintain a solid understanding of privacy, AI, and data governance practices, tools, processes, and requirements. Prepare and lead audit and compliance documentation, working with internal and external auditors. Support various education and awareness activities. Technology Leverage technology to integrate efficiencies and improve effectiveness of GRC processes. Align the DLO risk posture with the overall company risk appetite in our GRC tool. Support the management and integration of the GRC tool and processes Leverage technology, including artificial intelligence, to automate and find efficiencies in various program controls. Qualifications
Required: 7+ years of experience in a role creating, implementing, and leading Privacy and/or AI governance, risk or compliance activities. Required: 5+ years of experience in leading or working on Enterprise Risk Management, Cybersecurity, Data Privacy or Compliance/Quality efforts. Required: Authorized to work in the United States on a full-time basis; Lilly will not sponsor work authorization or visas for this role. Education
Bachelor's degree in a discipline related to risk management, information systems/ computer science, information management or related field Skills
Required: Solid understanding of various risk management frameworks, AI and privacy laws, regulations, and standards (e.g., NIST AI RMF, NIST Privacy Framework, ISO, NIST CSF, EU AI Act, GDPR, CPRA, HIPAA). Preferred: Demonstrated ability to lead projects and appropriately advance issues and barriers. Preferred: Demonstrated ability to think and act strategically. Preferred: Problem solving, able to effectively seek ways to resolve issues in a streamlined approach with acknowledging inherent complexities. Preferred: Experience with privacy-enhancing technologies, data governance, and risk management. Preferred: Proficiency in developing and tracking privacy, AI, or security metrics and KPIs. Preferred: Proficiency in PIA/DPIA methodologies, presided over or participated in privacy by design work. Preferred: Certification in artificial intelligence, privacy, or risk management such as AIGP, CIPP, CIPM, CIPT, CRISC, CDPSE, or similar. Preferred: Organizational Change education and/or certification. Preferred: Experience as an IT/Security/Privacy/AI auditor. Preferred: Strong communication, presentation, and interpersonal skills. Preferred: Ability to work independently and multi-functionally in a fast-paced environment. Preferred: High attention to detail.
#J-18808-Ljbffr