Information Security Cloud Domain Architect

At Lilly, we unite caring with discovery to make life better for people around the world. We are a global healthcare leader headquartered in Indianapolis, Indiana. Our 35,000 employees around the world work to discover and bring life-changing medicines to those who need them, improve the understanding and management of disease, and give back to our communities through philanthropy and volunteerism. We give our best effort to our work, and we put people first. We’re looking for people who are determined to make life better for people around the world.

Organization Overview:

At Lilly, we serve an extraordinary purpose. We make a difference for people around the globe by discovering, developing and delivering medicines that help them live longer, healthier, more active lives. Not only do we deliver breakthrough medications, but you also can count on us to develop creative solutions to support communities through philanthropy and volunteerism.

We are looking for a curious, ambitious, and innovative security practitioner to drive Lilly’s cloud security strategy as well as shaping our internal information security program to become a leader in modern and effective security capabilities.

The cloud domain architect will operate in a complex environment and be expected to balance control frameworks and ideal design with the challenges of solution delivery, regulatory expectations, and corporate policies. You will continually work cross-functionally across global business functions as well as infrastructure and Information Security teams to understand current challenges and risks and provide guidance on risk mitigation strategies that advance Lilly’s information security program.

This role will provide you with an opportunity to solve security problems at scale, design governance automation, and utilize cloud-based services to both enforce patterns and augment existing capabilities. You will be a part in securing the foundation for many emerging technologies including but not limited to advanced analytics, artificial intelligence, serverless, machine learning, natural language processing, and distributed high performance compute systems.

The domain architect will be responsible for the overall cloud security roadmap and will prioritize the implementation of processes, capabilities, and tools to protect Lilly’s expanding cloud landscape.

The domain cloud architect is recognized as the enterprise expert for cloud security and leads or participates in strategic projects, providing consultative direction to multiple stakeholders in technical and management roles.

Additionally, we want a role model, advocate, and mentor that can demonstrate patience, teaching, collaboration, and empowerment with cloud security as teams are increasing cloud knowledge and expertise.

Responsibilities:

• Managing existing technical controls portfolio, identify gaps, and determine new controls and technologies to reduce risk across the enterprise.
• Partner with engineering teams in identification and selection of new technology or capabilities and review design and implementation plans.
• Participate in processes for vetting third party cloud providers and their ability to meet expected controls.
• Perform threat modeling against new cloud patterns and solutions.
• Develop a succession plan and mentor upcoming talent.
• Lead domain governance group and ensure engagement in future cloud direction.
• Maintain an external focus by staying aware of the evolving threat landscape, monitoring industry shifts within the domain, and keeping subject matter expertise relevant.

Basic Requirements

• Security expertise with at least one of the three major cloud providers (AWS or Azure preferred).
• 3+ years of cloud security experience with extensive knowledge of native security services, security configuration management, and cloud governance technologies.
• 5+ years establishing security practices within a major organization.

Additional Preferences

• Advanced understanding of multiple security and technology domains with deep expertise in one or more domains.
• Ability to influence colleagues and leaders across teams and at all levels of the organization.
• Flexible, adaptable, and able to change course quickly as business needs change.
• Excellent learning agility and continuous learner.
• Ability to translate and communicate technology principles to executive level understanding.
• Understanding of corresponding functional organization and processes.
• Knowledge and application of security industry standards and benchmarks.
• Cloud security certifications such as the CCSP, CCSK, or specialized to a cloud provider.
• Experience with infrastructure as code, deployment orchestration, DevSecOps automation, and source code management.
• Experience with securing serverless architectures, containers, and cloud-native applications.
• Software development and framework skills a plus (i.e. Python, Go, Node).

Additional Information

• Limited travel, primarily to key vendors or professional conferences/training.
• Employee Schedule: Flexible = flexible with core hours, some evening or early morning hours to correspond with global partners. Expected to be onsite 3 days per week.

#LI-CG2

Eli Lilly and Company, Lilly USA, LLC and our wholly owned subsidiaries (collectively “Lilly”) are committed to help individuals with disabilities to participate in the workforce and ensure equal opportunity to compete for jobs. If you require an accommodation to submit a resume for positions at Lilly, please email Lilly Human Resources ( [email protected] ) for further assistance. Please note This email address is intended for use only to request an accommodation as part of the application process. Any other correspondence will not receive a response.

Lilly is an EEO/Affirmative Action Employer and does not discriminate on the basis of age, race, color, religion, gender, sexual orientation, gender identity, gender expression, national origin, protected veteran status, disability or any other legally protected status.

As a condition of employment with Eli Lilly and Company and its subsidiaries in the United States and Puerto Rico, you must be fully COVID-19 vaccinated and provide proof of vaccination satisfactory to the company. If you would like to request an accommodation for medical or religious reasons, you may do so at [email protected].