Platform Security Consultant - Enterprise Data Platforms

Trust is the cornerstone of effective data analysis and consumption, forming a critical pillar in the Enterprise Data Platforms. To empower business partners to share, analyze, and consume data effectively, it is essential to maintain trust by ensuring appropriate access controls and safeguarding data integrity. The Ent.Data Security team is front-and-centre in delivering the features, processes, education, knowledge and consultation across all EDP teams and Lilly functional areas who are involved in building, ingesting, maintaining, analysing and consuming the capabilities of the Enterprise Data Program. Enterprise Data platforms enables the key services required for data transformation, movement across cloud and on-premise systems.

Job Description:

The Security Consultant for Enterprise Data is responsible for ensuring the security of data and compliance with applicable requirements. This role involves implementing security measures, managing risks, and addressing vulnerabilities within the enterprise data services. The Security Consultant will work closely with various teams to ensure the security and integrity of data, and to proactively manage threats.

Key Responsibilities:

Risk Management Process:

Describe and manage risks to our services, including deviations from LQP controls, internal/external audits, problem deviations, and SME assessments.

Manage risks within the Archer system, with records held centrally in the services Risk section of the Security Plan.

Vulnerability Management Process:

Focus on vulnerability management, with an increased emphasis by the Cyber Security Team in 2025.

Reduce critical vulnerabilities and ensure effective vulnerability management practices.

Proactive Threat Management (PTM) Readiness:

Respond to PTM calls by the Cyber Security team to close gaps in software vulnerabilities, typically requiring patch applications.

Maintain systems at the latest patch level to mitigate risks and ensure minor patches are applied instead of major version patching.

Information Security Controls:

Adapt to changes in cyber security controls, transitioning to a more agile response process.

Understand and interpret new controls, applying their effects to the enterprise data service catalogue.

Collaborate with subject matter experts to manage and communicate the impact of new controls to leadership.

Document Review:

Perform security reviews within enterprise data to ensure the quality of security documentation before routing to BISO approval.

Work with the cybersecurity team to approve security documentation and improve project timelines.

Qualifications:

Demonstrated expertise and experience in security-focused roles.

In-depth experience with data security, especially on AWS and Azure platforms.

Significant experience in cloud security architecture, methods, and tools.

Strong analytical and troubleshooting skills with the capability to handle and own critical issues through to resolution.

Experience in design and implementation guidance to DevSecOps processes.

Experience leading large-scale projects and mentoring other security practitioners.

Knowledge of security program management, cyber threat management, identity and access management, and data protection (encryption).