Overview
At Lilly, we unite caring with discovery to make life better for people around the world.
We are a global healthcare leader headquartered in Indianapolis, Indiana.
Our employees work to discover and bring life-changing medicines to those who need them, improve the understanding and management of disease, and give back to our communities through philanthropy and volunteerism.
We put people first and look for people who are determined to make life better for others.
Eli Lilly Cork is made up of a diverse team of over 2000 employees across 60 nationalities who deliver innovative solutions across the Business Service functions including Finance, Information Technology, Medical, Clinical Trials and more.
The Cork site offers a premium workspace on our campus in Little Island, with flexible hybrid working options, healthcare, pension and life assurance benefits, subsidised canteen, onsite gym, travel subsidies and on-site parking.
Wellbeing initiatives are part of the holistic benefits that enhance the career experience for our colleagues.
Eli Lilly Cork is committed to diversity, equity and inclusion (DEI) with four pillars: EnAble, embRACE, LGBTQ+ & Ally and GIN-Gender Inclusion Network.
EnAble supports people with disabilities and those who care for them, partnering with the Access Lilly initiative to promote accessibility and inclusivity.
Come join our team - Be Creative, Be an Innovator, and most of all, Be Yourself!
Third Party Risk Management (TPRM) at Lilly Cork
Lilly works with an extensive network of third party organisations.
Risks such as Cyber, Privacy, Compliance, and Business Continuity are impacted by third parties.
While third party oversight is decentralised, we are implementing a holistic program to support consistent, efficient, and effective decision making in determining potential inherent risk.
The central team's scope encompasses priority business and risk areas across all stages of the third-party collaboration lifecycle.
The scope of the Cork TPRM Team includes:
Create and maintain policies, procedures, and training to drive consistent TPRM for third party use.
Liaise with Risk Domain Partners to create and maintain: Risk Definitions, Tolerances, and Required Training for TPMOs, Engagement Owners, and Third Parties.
Construct and own the overall TPRM Program.
Own the enterprise TPRM technology solution.
Provide oversight of the TPRM initial and on-going monitoring due diligence processes.
Report progress and results to Senior Leadership including, but not limited to, the Chief Procurement Officer (CPO), the SVP of Ethics & Compliance, and the Compliance & Enterprise Risk Management Committee (CERMC).
Role
Role:
The Risk Assessor will work in partnership internally, cross-functionally and externally with third parties to assess and mitigate third party risk.
Current risk domains in scope are Cyber, Anti Corruption, Privacy and Information Systems Quality, which will expand as the programme grows.
Responsibilities
Determine, conduct and incorporate applicable risk domain screenings into due diligence activities and ongoing oversight plans.
Conduct assessments in coordination with other risk domains, including scoping the assessment, testing controls, conducting interviews, reviewing evidence, determining final disposition of findings, communicating findings, rating criticality of findings and evaluating action plans provided by the third party.
Perform ongoing monitoring activities per the inherent risk domain level as part of the TPRM Program.
Define and own risk domain assessment methodology for control assessments activities.
Provide risk domain requirements for termination and off-boarding activities, supporting these activities as required.
Maintain risk domain questions for the Inherent Risk Questionnaire (IRQ) for the TPRM tool.
Work with risk domain partners to provide risk domain specific scoring thresholds for inherent risk domain levels per common TPRM risk tiering scale.
Provide feedback on centralized intake form.
Classify and consolidate reports of findings using the centralized TPRM tool, while notifying appropriate stakeholders/partners.
Opine on/recommend risk domain specific controls to mitigate identified findings and determine residual risk domain level for respective risk domains.
Provide risk domain subject matter expertise and standard setting on findings tracking and mitigation.
Create and own standards for qualitative residual risk scoring that align with the overall scoring methodology of the TPRM Program.
Issue approvals according to the TPRM Approvals Matrix.
Provide guidance to business teams on Third Party Risk Management.
Support internal education and best practices sharing with peers and colleagues, as well as third party education and awareness.
In partnership with the Legal team, maintain inventory of risk domain specific contract principles, provide feedback on contract terms in negotiations and approve edits or adjustments to risk domain contractual principles.
Drive and deliver on risk domain IRQ and process metrics to measure control effectiveness and support decision-making.
Continually monitor and update assessments of the control environment, keeping abreast of significant control issues, trends and developments.
Integrate emerging risk control requirements into the existing risk assessment process.
Serve as an internal subject-matter expert of Lilly's TPRM procedures and standards, owning and updating as required.
Maintain list of third parties by risk domain in the centralized TPRM tool.
Consult or provide risk domain input into Lilly's framework for third party governance.
Support the TPRM Team in the implementation and maintenance of an effective enterprise risk management framework.
Participate in forums including TPRM Steer Committee, Assessment Coordination and TPRM Operations Committee.
Support TPRM projects as required and partner with risk domain business areas to ensure TPRM activities are current with risks and expectations.
Qualifications/Competencies
Bachelor's Degree or professional qualifications such as CIPP/CIPT/CTPRP/CRISC/CISA/CISM.
Experience performing third party risk assessments in areas including Anti-Corruption, Privacy, Information Systems and Information Systems Quality.
Minimum of three or more years of audit, operational risk or other risk management experience or related business experience.
Good understanding of risk management and internal control leading practices within the focus area.
Demonstrated ability to work effectively in a complex, highly regulated environment.
Ability to plan, organize, prioritize and drive workload autonomously.
Effective communication, organization and presentation skills.
Effective influence management skills.
Strong analytical and data management skills.
Ability to collaborate and build partnerships across functions and regions; works well with others.
Ability to work in a matrix organization to influence outcomes.
Lilly is dedicated to helping individuals with disabilities engage in the workforce, ensuring equal opportunities when vying for positions.
If you require accommodation to submit a resume for a position at Lilly, please complete the accommodation request form at for further assistance.
This is for individuals to request accommodation as part of the application process and any other correspondence will not receive a response.
Lilly does not discriminate on the basis of age, race, color, religion, gender, sexual orientation, gender identity, gender expression, national origin, protected veteran status, disability or any other legally protected status.
#WeAreLillyUKandIreland
#J-18808-Ljbffr