Senior Director- Global Cyber Compliance

At Lilly, we unite caring with discovery to make life better for people around the world. We are a global healthcare leader headquartered in Indianapolis, Indiana. Our employees around the world work to discover and bring life-changing medicines to those who need them, improve the understanding and management of disease, and give back to our communities through philanthropy and volunteerism. We give our best effort to our work, and we put people first.

We’re looking for people who are determined to make life better for people around the world.

Lilly Cybersecurity is seeking a Senior Director of Global Cyber Compliance to lead the transformation of our compliance function into a high-performing, AI-enabled, risk-responsive program that measurably reduces regulatory risk across Lilly's global technology environment. This leader owns strategy and execution across a complex, multi-framework regulatory landscape—including FDA 21 CFR Part 11, GxP, NIS2, ISO 27001, SOC 2, HIPAA, CCPA, PIPL/CSL/DSL, and emerging AI governance requirements—while ensuring every compliance decision is anchored to Lilly's threat-based cyber program.

The successful candidate brings the technical credibility to challenge the status quo, the platform acumen to automate compliance at scale through Logic Gate Risk Cloud and AI-augmented workflows, the operational leadership to build and develop a global compliance team, and the communication skills to translate complex compliance posture into clear business language for boards, regulators, and senior leadership alike.

• Define and own the global cyber compliance program, establishing a clear approach that transitions the function from reactionary audits and inspections toward continuous, risk-responsive, program-aligned assurance.
• Set the vision and drive execution for AI, automation and GRC platform capabilities to accelerate compliance delivery, reduce manual overhead, and improve compliance outcomes.
• Own and evolve Lilly's multi-framework compliance program spanning FDA 21 CFR Part 11, GxP, ISO 27001, SOC 2, NIS2, HIPAA, CCPA, PIPL/CSL/DSL, and emerging AI/ML governance requirements across global manufacturing, research, and commercial technology environments.
• Develop scope definitions for security controls and regulatory requirements that reduce task-driven overhead through technical innovation including AI and automation.

• Maintain a current-state, executive-ready view of how Lilly's cyber control environment satisfies each applicable regulatory framework, clearly mapping satisfied obligations and characterizing gaps with meaningful regulatory risk analysis.
• Drive effort to build and sustain inspection-ready documentation, evidence packages, and response protocols enabling confident engagement with authorities, ISO auditors, and other regulators globally with minimal lead time.
• Develop deep working knowledge of how relevant regulatory bodies operate—their inspection methodologies, documentation expectations, finding classification frameworks, and how cyber evidence is evaluated, so preparation is proactive rather than reactive.
• Translate regulatory gap analysis into prioritized, risk-ranked remediation roadmaps that leadership can act on, with clear articulation of residual risk where full remediation is not immediately feasible.
• Serve as Lilly's primary internal and external subject-matter authority on cyber regulatory interpretation, advising program teams, platform owners, and business leaders on how new initiatives or technology changes affect compliance posture.

• Serve as the service owner for the Logic Gate Risk Cloud compliance module, driving object hierarchy design, workflow automation, integration architecture, and adoption.
• Champion and deliver AI-augmented compliance capabilities including policy intelligence, automated evidence collection, and natural language advisory tooling that enables teams to self-serve compliance guidance at speed.
• Define the target state for compliance automation: continuous control…