Senior Director- Global Cyber Compliance

Job Overview

At Lilly, we unite caring with discovery to make life better for people around the world. We are a global healthcare leader headquartered in Indianapolis, Indiana. Our employees around the world work to discover and bring life-changing medicines to those who need them, improve the understanding and management of disease, and give back to our communities through philanthropy and volunteerism. We give our best effort to our work, and we put people first.

We’re looking for people who are determined to make life better for people around the world.

• Regulatory acceleration — NIS2, FDA cybersecurity guidance for digital health and manufacturing, the CCPA Cybersecurity Audit Rule, the DoJ Data Rule, Chinese regulations (PIPL/CSL/DSL), and emerging AI governance mandates are creating a multi-jurisdictional compliance surface that legacy, manual processes cannot scale to address.
• Threat landscape maturity — Pharma IP, clinical trial data, OT/manufacturing systems, and drug supply chains are high-value adversary targets. Compliance not anchored to threats creates false assurance and misallocates resources.
• AI and automation imperative — Manual evidence collection, spreadsheet-based control tracking, and static policy inventories are operationally unsustainable. The next-generation compliance function requires AI-augmented workflows, automated control testing, and intelligent risk quantification delivered through a modern GRC platform.
• Global scale and complexity — Lilly’s operating footprint spans EU, US, and APAC regulatory regimes simultaneously. A single-jurisdiction compliance mindset is insufficient; this role requires an strong leader who can orchestrate compliance across manufacturing, research, and commercial technology environments at global scale.

• Define and own the global cyber compliance program, establishing a clear approach that transitions the function from reactionary audits and inspections toward continuous, risk-responsive, program-aligned assurance.
• Set the vision and drive execution for AI, automation and GRC platform capabilities to accelerate compliance delivery, reduce manual overhead, and improve compliance outcomes.
• Own and evolve Lilly’s multi-framework compliance program spanning FDA 21 CFR Part 11, GxP, ISO 27001, SOC 2, NIS2, HIPAA, CCPA, PIPL/CSL/DSL, and emerging AI/ML governance requirements across global manufacturing, research, and commercial technology environments.
• Develop scope definitions for security controls and regulatory requirements that reduce task-driven overhead through technical innovation including AI and automation.

• Maintain a current-state, executive-ready view of how Lilly’s cyber control environment satisfies each applicable regulatory framework, clearly mapping satisfied obligations and characterizing gaps with meaningful regulatory risk analysis.
• Drive effort to build and sustain inspection-ready documentation, evidence packages, and response protocols enabling confident engagement with authorities, ISO auditors, and other regulators globally with minimal lead time.
• Develop deep working knowledge of how relevant regulatory bodies operate—their inspection methodologies, documentation expectations, finding classification frameworks, and how cyber evidence is evaluated, so preparation is proactive rather than reactive.
• Translate regulatory gap analysis into prioritized, risk-ranked remediation roadmaps that leadership can act on, with clear articulation of residual risk where full remediation is not immediately feasible.
• Serve as Lilly’s primary internal and external subject-matter authority on cyber regulatory interpretation, advising program teams, platform owners, and business leaders on how new initiatives or technology changes affect compliance posture.

• Serve as the service owner for the Logic Gate Risk Cloud compliance module, driving object hierarchy design, workflow automation, integration architecture, and adoption.
• Champion and…