×
Apply for Jobs Apply for Jobs Post a Job Post a Job Local Jobs Home
Register Here to Apply for Jobs or Post Jobs. X
More jobs:
Cybersecurity Data Security

Senior Director - GRC Engineer

Job in Indianapolis, Marion County, Indiana, 46202, USA
Listing for: Lilly
Full Time position
Listed on 2026-06-18
Job specializations:
  • IT/Tech
    Cybersecurity, Data Security
Job Description & How to Apply Below
At Lilly, we unite caring with discovery to make life better for people around the world. We are a global healthcare leader headquartered in Indianapolis, Indiana. Our employees around the world work to discover and bring life-changing medicines to those who need them, improve the understanding and management of disease, and give back to our communities through philanthropy and volunteerism.

We give our best effort to our work, and we put people first. We're looking for people who are determined to make life better for people around the world.

The Senior Director, Governance Risk and Compliance (GRC) Engineer is a senior leader within the Digital Legal Office (DLO) GRC & Service Management organization. The role translates the DLO's privacy, AI, and data governance frameworks into effective, auditable, and increasingly automated control designs. The GRC Engineer bridges the gap between  
** what
* * regulatory and policy obligations require, and  
** how
* * those obligations are implemented as operational controls by business control owners across the enterprise.

The GRC Engineer leads the engineering team that ensures controls are well-designed, produce the evidence required for KRI/KPI measurement, and can be sustained and automated over time. They also have responsibility for the control maturity roadmap; synthesizing GRC Analyst outputs, KRI/KPI performance data, and assessment findings, into a strategic plan that prioritizes where and how controls need to mature.

The GRC Engineer is the primary technical enablement partner for the DLO Embedded Team, equipping them to guide business control owners through implementation. This influence model requires a senior individual who can credibly engage at the right level across the enterprise, driving adoption of control designs with stakeholders who have contending priorities and significant organizational authority.

This role also serves as the DLO's peer-level liaison to Cyber Engineering and Security Architecture teams, ensuring that DLO-owned control designs are technically coherent with the broader enterprise security architecture, and that shared control boundaries are clearly defined.

** Key Responsibilities*
* ** 1. Control Design & Architecture*
* + Own end-to-end design of DLO-owned privacy, AI, and data governance controls-translating regulatory obligations, policy requirements, and risk appetite into auditable, repeatable control architectures.

+ Define and retain control design specifications for each control in the DLO GRC Framework, including test procedures, evidence requirements, data flows, and automation targets.

+ Apply privacy-by-design and AI-by-design principles throughout the control engineering lifecycle, from inception through deployment and ongoing sustainment.

+ Lead technical analysis to identify control gaps, design deficiencies, and automation opportunities; propose and drive remediation with appropriate urgency.

+ Develop and publish design documentation, technical specifications, and implementation guides that create consistency in how controls are built and validated.

+ Design control evidence outputs that directly feed KRI/KPI measurement-ensuring that what gets measured is a function of control design, not manual data collection.

** 2. Control Maturity Roadmap & Strategic Direction*
* + Be responsible for the DLO control maturity roadmap-a multi-year strategic plan defining how DLO-owned controls will evolve in response to regulatory change, technology advancement, and enterprise risk posture shifts.

+ Synthesize inputs from GRC Analysts (risk assessments, control effectiveness ratings, gap analyses) and KRI/KPI performance data to identify where controls are underperforming, immature, or misaligned to risk appetite-and translate those findings into prioritized maturity initiatives.

+ Define maturity targets for each control domain (privacy, AI, data governance), establishing clear progression criteria from initial/ad-hoc through optimized/automated states.

+ Lead strategic planning processes that translate the roadmap into prioritized, funded, and governed initiatives with clear milestones, owners, and success metrics.

+ Anticipate regulatory and technology trends (e.g., EU AI Act enforcement, evolving NIST frameworks, agentic AI) and proactively incorporate their implications into control design direction and maturity targets.

+ Partner with GRC Analysts and Service Management to align the control maturity roadmap with the risk assessment calendar and service delivery capacity.

+ Engage DLO leadership and senior stakeholders regularly to communicate roadmap progress, emerging risks, and recommended strategic investments in control maturity.

** 3. Embedded Team & Business Control Owner Enablement*
* + Serve as the senior technical enablement partner for the DLO Embedded Team, providing control design blueprints, reference architectures, and technical guidance that equip them to work effectively with business control owners.

+ Develop reusable…
Position Requirements
10+ Years work experience
To View & Apply for jobs on this site that accept applications from your location or country, tap the button below to make a Search.
(If this job is in fact in your jurisdiction, then you may be using a Proxy or VPN to access this site, and to progress further, you should change your connectivity to another mobile device or PC).
 
 
 
Search for further Jobs Here:
(Try combinations for better Results! Or enter less keywords for broader Results)
Location
Increase/decrease your Search Radius (miles)
0
200
Filters
Education Level
Experience Level (years)
Posted in last:
Salary
Advanced Search