At Lilly, we unite caring with discovery to make life better for people around the world. We are a global healthcare leader headquartered in Indianapolis, Indiana. Our employees around the world work to discover and bring life-changing medicines to those who need them, improve the understanding and management of disease, and give back to our communities through philanthropy and volunteerism. We give our best effort to our work, and we put people first. We're looking for people who are determined to make life better for people around the world.
Eli Lilly Cork is committed to diversity, equity, and inclusion (DEI). We cater for all dimensions ensuring inclusion of all ethnicities, nationalities, cultural backgrounds, generations, sexuality, visible and invisible disabilities and gender, with four pillars: EnAble, Age & Culture, LGBTQ+ and GIN-Gender Inclusion Network. EnAble, our pillar for people with disabilities and those that care for them, partners with the Access Lilly initiative to make our physical and digital environment accessible and inclusive for all.
Bring your skills and talents to Lilly and our Pharmaceutical Project Management team, where you'll have the opportunity to make an impact on the lives of patients around the globe.
Role: The Risk Assessor will work in partnership internally, cross functionally and externally with third parties, and to assess and mitigate third party risk. Current risk domains in scope are Anti Corruption, Privacy, Information Security and Information Systems Quality, Business Continuity, Animal Welfare which will expand as we grow the programme.
Responsibilities: Determine, conduct and incorporate applicable risk domain due diligence activities and ongoing monitoring activities as appropriate.Conduct assessments in a coordinated fashion with other risk domains including scoping the assessment, testing controls, conducting interviews, reviewing evidence, determining final disposition of findings, written and verbal communication of findings, rating criticality of findings and evaluating action plans provided by the third party.Define and own risk domain assessment methodology for control assessments activities.Provide risk domain requirements for termination and off-boarding activities, supporting these activities as required.Maintain risk domain questions for Inherent Risk Questionnaire (IRQ) for the TPRM tool.Work with risk domain partners to provide risk domain specific scoring thresholds for inherent risk domain levels per common TPRM risk tiering scale.Classify and consolidate report of findings using centralized TPRM tool whilst notifying appropriate stakeholders / partners.Opine on / recommend risk domain specific controls to mitigate identified findings and determine residual risk domain level for respective risk domains.Provide risk domain subject matter expertise and standard setting on findings tracking and mitigation.Create and own standards for qualitative residual risk scoring that adhere to the overall scoring methodology set by the TPRM Program.Issue approvals according to TPRM Approvals Matrix.Provide guidance to business teams on Third Party Risk Management.Support internal education and best practices sharing with peers and colleagues, as well as third party education & awareness.Drive and deliver on risk domain IRQ and process metrics to measure control effectiveness and allow decision making.Continually monitor and update assessments of the control environment, keeping abreast of significant control issues, trends and developments.Integrate emerging risk control requirements into the existing risk assessment process.Support the TPRM Team in the implementation and maintenance of an effective enterprise risk management framework.Participate at forums including but not limited to TPRM Steer Committee (Risk Domain Partner Leadership), Assessment Coordination and TPRM Operations Committee.Support TPRM Projects as required.Partner with risk domain business functional areas to ensure TPRM activities are maintained and reflect current risks and expectations.Qualifications/Competencies: Bachelor's Degree or CIPP/CIPT/CTPRP/CRISC/CISA/CISM qualification.Experience performing third party risk assessments in preferable in-scope risk domains.Minimum of three or more years of audit, operational risk or other risk management experience or other proven related business experience.Good understanding of risk management and internal control leading practices within specialized area of focus.Demonstrated ability to work effectively in a complex, highly regulated environment.Ability to plan, organize, prioritize and drive workload autonomously.Effective communication, organization and presentation skills.Effective influence management skills.Evidence of strong analytical and data management skills.Collaborate and builds partnerships across functions and regions, works well with others.Ability to work in a matrix organization to influence outcomes.Languages desired but not essential across all languages and in particular French, German, Italian and Spanish.
#J-18808-Ljbffr