About Us
Eli Lilly and Company is a global healthcare leader dedicated to making life better for people around the world. We are headquartered in Indianapolis, Indiana, and our employees worldwide work to discover and bring life-changing medicines to those who need them, improve the understanding and management of disease, and give back to our communities through philanthropy and volunteerism.
We put people first and strive to make a positive impact on the lives of patients, customers, and communities.
Our Team
Eli Lilly Cork is home to a talented and diverse team of 2000 employees across 60 nationalities. Our team delivers innovative solutions that add value across various Business Service functions, including Finance, Information Technology, Medical, Clinical Trials, and more.
Lilly offers a premium workspace across our campus in Little Island, complete with flexible hybrid working options, healthcare, pension and life assurance benefits, subsidised canteen, onsite gym, travel subsidies, and on-site parking.
In-house People Development services, Educational Assistance, and our 'Live Your BEST Life' wellbeing initiatives enhance the career experience for our colleagues.
Role Overview
The Risk Assessor will work in partnership internally, cross-functionally, and externally with third parties to assess and mitigate third-party risk. Current risk domains in scope are Cyber, Anti-Corruption, Privacy, and Information Systems Quality, which will expand as we grow the programme.
Key Responsibilities
1. Determine, conduct, and incorporate applicable risk domain screenings into due diligence activities and ongoing oversight plans.
2. Conduct assessments in a coordinated fashion with other risk domains, including scoping the assessment, testing controls, conducting interviews, reviewing evidence, determining final disposition of findings, communicating findings, rating criticality of findings, and evaluating action plans provided by the third party.
3. Perform Ongoing Monitoring activities per the inherent risk domain level as a part of the TPRM Program.
4. Define and own risk domain assessment methodology for control assessments activities.
5. Provide risk domain requirements for termination and off-boarding activities, supporting these activities as required.
6. Maintain risk domain questions for Inherent Risk Questionnaire (IRQ) for the TPRM tool.
7. Work with risk domain partners to provide risk domain specific scoring thresholds for inherent risk domain levels per common TPRM risk tiering scale.
8. Provide feedback on centralized intake form.
9. Classify and consolidate report of findings using centralized TPRM tool whilst notifying appropriate stakeholders/partners.
10. Opine on/recommend risk domain specific controls to mitigate identified findings and determine residual risk domain level for respective risk domains.
11. Provide risk domain subject matter expertise and standard setting on findings tracking and mitigation.
12. Create and own standards for qualitative residual risk scoring that adhere to the overall scoring methodology set by the TPRM Program.
13. Issue approvals according to TPRM Approvals Matrix.
14. Provide guidance to business teams on Third Party Risk Management.
15. Support internal education and best practices sharing with peers and colleagues, as well as third-party education & awareness.
16. In partnership with the Legal team, maintain inventory of risk domain specific contract principles, provide feedback on contract terms in contract negotiations, and approve edits or adjustments to risk domain contractual principles.
17. Drive and deliver on risk domain IRQ and process metrics to measure control effectiveness and allow decision making.
18. Continually monitor and update assessments of the control environment, keeping abreast of significant control issues, trends, and developments.
19. Integrate emerging risk control requirements into the existing risk assessment process.
20. Internal subject-matter expert of Lilly's TPRM risk procedures and standards, owning & updating as required.
21. Maintain list of third parties by risk domain in centralized TPRM tool.
22. Consult or provide risk domain input into Lilly's framework for third-party governance.
23. Support the TPRM Team in the implementation and maintenance of an effective enterprise risk management framework.
24. Participate at forums including but not limited to TPRM Steer Committee (Risk Domain Partner Leadership), Assessment Coordination and TPRM Operations Committee.
25. Support TPRM Projects as required.
26. Partner with risk domain business functional areas to ensure TPRM activities are maintained and reflect current risks and expectations.
Qualifications/Competencies
* Bachelor's Degree or CIPP/CIPT/CTPRP/CRISC/CISA/CISM qualification.
* Experience performing third-party risk assessments in areas including but not limited to Anti-Corruption, Privacy, Information Systems, and Information Systems Quality.
* Minimum of three or more years of audit, operational risk, or other risk management experience or other proven related business experience.
* Good understanding of risk management and internal control leading practices within specialized area of focus.
* Demonstrated ability to work effectively in a complex, highly regulated environment.
* Ability to plan, organize, prioritize, and drive workload autonomously.
* Effective communication, organization, and presentation skills.
* Effective influence management skills.
* Evidence of strong analytical and data management skills.
* Collaborate and build partnerships across functions and regions, works well with others.
* Ability to work in a matrix organization to influence outcomes.
What We Offer
Lilly is dedicated to helping individuals with disabilities actively engage in the workforce, ensuring equal opportunities when vying for positions. If you require accommodation to submit a resume for a position at Lilly, please complete the accommodation request form for further assistance.
Please note this is for individuals to request an accommodation as part of the application process and any other correspondence will not receive a response.
Equality Statement
Lilly does not discriminate on the basis of age, race, color, religion, gender, sexual orientation, gender identity, gender expression, national origin, protected veteran status, disability, or any other legally protected status.