Information Security Business Analyst Legal and Compliance

Position: Information Security Business Analyst for Legal and Compliance
Location: Indianapolis

** At Elanco (NYSE: ELAN) – it all starts with animals!
**** At Elanco, we pride ourselves on fostering a diverse and inclusive work environment. We believe that diversity is the driving force behind innovation, creativity, and overall business success. Here, you’ll be part of a company that values and champions new ways of thinking, work with dynamic individuals, and acquire new skills and experiences that will propel your career to new heights.
**** Making animals’ lives better makes life better – join our team today!
***
* Job Title:

** Information Security – Business Analyst for Legal and Compliance
** Your Role:
**** Information Security at Elanco
** Our Information Security mission is to protect the confidentiality, integrity and availability of information and assets, enabling Elanco to deliver our brand promise and value to our stakeholders and customers. We follow a risk-based approach, aligned with business objectives, focused on Elanco maintaining secure operations and management of information. The Information Security team at Elanco contains two top level organizations, Business Security (focused on analysis of our business processes to discover business threats) and Technology Security (focused on Risk and Compliance and building, maintaining and operating security operations through a Dev Sec Ops -style model).We

are seeking a highly motivated and detail-oriented Business Analyst with a strong focus on Legal & Compliance to join our Business Information Security Officer (BISO) Organization. This role will be critical in bridging the gap between Legal, Compliance, Privacy, Risk, and Technical Security Teams. The successful candidate will be responsible for analyzing business processes, identifying compliance risks, translating legal and regulatory requirements into actionable security controls, and supporting the implementation of robust information security solutions that align with Elanco's legal and ethical obligations.
** Your Responsibilities:
*** Drive legal and regulatory cybersecurity priorities in partnership with Legal, Compliance, Privacy, Risk, and Technical Security, balancing risk management, business needs, and regulatory obligations across the organization.
* Partner with business, Legal, and IT teams to embed security, privacy, and compliance requirements into business processes, systems, and third-party engagements using risk-based and secure-by-design principles.
* Support regulatory exams, audits, and legal inquiries related to information security.
* Translate cybersecurity, legal, and compliance risks into clear business language for leadership, including presenting risk assessments, metrics, compliance status, and risk acceptance recommendations to executive stakeholders.
* Build strong relationships with internal stakeholders and selective external partners (vendors, suppliers, and service providers) to assess, manage, and reduce third-party cyber, legal, and compliance risks.
* Support governance, risk, and compliance (GRC) programs by helping define, implement, and socialize policies, standards, and control requirements, and by promoting security- and compliance-aware behaviors across the business.
* Monitor compliance and drive remediation efforts to improve the organization’s security and compliance posture, ensuring alignment with internal policies, industry frameworks (e.g., NIST, ISO), contractual obligations, and regulatory requirements.
* Stay current on evolving regulatory requirements, legal expectations, and cybersecurity risk trends, and help translate those changes into practical guidance, controls, and business-ready solutions.
** Core Capabilities
*** Strong analytical and problem-solving skills.
* Excellent written and verbal communication skills, with demonstrated ability to explain technical, security, and legal concepts clearly to non-technical and executive audiences.
* Proven experience producing high-quality documentation, including business and security requirements, control specifications, process flows, and use cases.
* Solid understanding of information security principles, control frameworks, and assurance standards (e.g., NIST 2.0, ISO 27001,…