At Lilly, we unite caring with discovery to make life better for people around the world. We are a global healthcare leader headquartered in Indianapolis, Indiana. Our employees around the world work to discover and bring life-changing medicines to those who need them, improve the understanding and management of disease, and give back to our communities through philanthropy and volunteerism. We give our best effort to our work, and we put people first. We’re looking for people who are determined to make life better for people around the world.
Eli Lilly Cork is made up of a talented diverse team of over 2000 employees across 60 nationalities who deliver innovative solutions that add value across a variety of Business Service functions including Finance, Information Technology, Medical, Clinical Trials and more. Eli Lilly Cork offers a premium workspace across our campus in Little Island, complete with flexible hybrid working options, healthcare, pension and life assurance benefits, subsidised canteen, onsite gym, travel subsidies and on-site parking. Inhouse People Development services, Educational Assistance, and our ‘Live Your BEST Life’
wellbeing initiatives are just some of the holistic benefits that enhance the career experience for our colleagues.
Eli Lilly Cork is committed to diversity, equity and inclusion (DEI). We cater for all dimensions ensuring inclusion of all ethnicities, nationalities, cultural backgrounds, generations, sexuality, visible and invisible disabilities and gender, with four pillars: EnAble, embRACE, LGBTQ+ & Ally and GIN-Gender Inclusion Network. EnAble, our pillar for people with disabilities and those that care for them, partners with the Access Lilly initiative to make our physical and digital environment accessible and inclusive for all. Together they are committed to promoting awareness to create a disability confident culture both at Eli Lilly Cork and beyond.
Come join our team - Be Creative, Be an Innovator, and most of all, Be Yourself!
Lilly works with an extensive network of third party organisations to perform a range of activities across the enterprise. Known risks impacting Lilly such as Cyber, Privacy, compliance, business continuity etc, are compounded with the use of third parties. While third party oversight is decentralised at Lilly, we are implementing a holistic program to support consistent, efficient, and effective decision making in determining potential inherent risk. The central team’s scope encompasses priority business and risk areas across all stages of the third-party collaboration lifecycle.
The scope of the Cork TPRM Team includes:
1. Create and maintain policies, procedures, and training to drive consistent TPRM for third party use.
2. Liaise with Risk Domain Partners to create and maintain: Risk Definitions, Tolerances, and Required Training for TPMOs, Engagement Owners, and Third Parties.
3. Construct and own the overall TPRM Program.
4. Own the enterprise TPRM technology solution.
5. Provide oversight of the TPRM initial and on-going monitoring due diligence processes.
6. Report progress and results to Senior Leadership including, but not limited to, the CPO, the SVP of Ethics & Compliance, and the Compliance & Enterprise Risk Management Committee (CERMC).
Role:
The Risk Assessor will work in partnership internally, cross functionally and externally with third parties, and to assess and mitigate third party risk. Current risk domains in scope are Cyber, Anti Corruption, Privacy and Information Systems Quality, which will expand as we grow the programme.
Responsibilities:
Determine, conduct and incorporate applicable risk domain screenings into due diligence activities and ongoing oversight planConduct assessments in a coordinated fashion with other risk domains. Assessment work includes but is not limited to scoping the assessment, testing controls, conducting interviews, reviewing evidence, determining final disposition of findings, written and verbal communication of findings, rating criticality of findings and evaluating action plans provided by the third partyPerform Ongoing Monitoring activities per the inherent risk domain level as a part of the TPRM ProgramDefine and own risk domain assessment methodology for control assessments activitiesProvide risk domain requirements for termination and off-boarding activities, supporting these activities as requiredMaintain risk domain questions for Inherent Risk Questionnaire (IRQ) for the TPRM toolWork with risk domain partners to provide risk domain specific scoring thresholds for inherent risk domain levels per common TPRM risk tiering scaleProvide feedback on centralized intake formClassify and consolidate report of findings using centralized TPRM tool whilst notifying appropriate stakeholders / partnersOpine on / recommend risk domain specific controls to mitigate identified findings and determine residual risk domain level for respective risk domainsProvide risk domain subject matter expertise and standard setting on findings tracking and mitigationCreate and own standards for qualitative residual risk scoring that adhere to the overall scoring methodology set by the TPRM ProgramIssue approvals according to TPRM Approvals MatrixProvide guidance to business teams on Third Party Risk ManagementSupport internal education and best practices sharing with peers and colleagues, as well as third party education & awarenessIn partnership with the Legal team, maintain inventory of risk domain specific contract principles, provide feedback on contract terms in contract negotiations and approve edits or adjustments to risk domain contractual principlesDrive and deliver on risk domain IRQ and process metrics to measure control effectiveness and allow decision makingContinually monitor and update assessments of the control environment, keeping abreast of significant control issues, trends and developmentsIntegrate emerging risk control requirements into the existing risk assessment processInternal subject-matter expert of Lilly’s TPRM risk procedures and standards, owning & updating as requiredMaintain list of third parties by risk domain in centralized TPRM toolConsult or provide risk domain input into Lilly’s framework for third party governanceSupport the TPRM Team in the implementation and maintenance of an effective enterprise risk management frameworkParticipate at forums including but not limited to TPRM Steer Committee (Risk Domain Partner Leadership), Assessment Coordination and TPRM Operations CommitteeSupport TPRM Projects as requiredPartner with risk domain business functional areas to ensure TPRM activities are maintained and reflect current risks and expectations.Qualifications/Competencies:
Bachelor’s Degree or CIPP/CIPT/CTPRP/CRISC/CISA/CISM qualificationExperience performing third party risk assessments in areas including but not limited to Anti-Corruption, Privacy, Information Systems and Information Systems Quality.Minimum of three or more years of audit, operational risk or other risk management experience or other proven related business experienceGood understanding of risk management and internal control leading practices within specialized area of focusDemonstrated ability to work effectively in a complex, highly regulated environmentAbility to plan, organize, prioritize and drive workload autonomouslyEffective communication, organization and presentation skillsEffective influence management skillsEvidence of strong analytical and data management skillsCollaborate and builds partnerships across functions and regions, works well with othersAbility to work in a matrix organization to influence outcomesLilly is dedicated to helping individuals with disabilities to actively engage in the workforce, ensuring equal opportunities when vying for positions. If you require accommodation to submit a resume for a position at Lilly, please complete the accommodation request form (https://careers.lilly.com/us/en/workplace-accommodation) for further assistance. Please note this is for individuals to request an accommodation as part of the application process and any other correspondence will not receive a response.
Lilly does not discriminate on the basis of age, race, color, religion, gender, sexual orientation, gender identity, gender expression, national origin, protected veteran status, disability or any other legally protected status.
#WeAreLillyUKandIreland