At Lilly, we unite caring with discovery to make life better for people around the world. We are a global healthcare leader headquartered in Indianapolis, Indiana. Our 39,000 employees around the world work to discover and bring life-changing medicines to those who need them, improve the understanding and management of disease, and give back to our communities through philanthropy and volunteerism. We give our best effort to our work, and we put people first. We’re looking for people who are determined to make life better for people around the world.
The Information Security organization has a mission to protect the confidentiality, integrity and availability of information that enables Lilly’s organizational mission to make medicines that help people live longer, healthier, more active lives. To deliver on its mission, the Detect and Respond team protects Lilly’s core business functions against impacts resulting from cyber-attacks through threat identification, detection, and response activities.
This role is part of the Detect and Respond - Investigation and Response team that is a dedicated point of contact and a center of excellence for information security (IS) incident investigations and response.
The Incident Response and Coordination Lead is responsible for tier three response to unmitigated IS incidents, carrying out the duties of the Incident Coordinator as outlined in the Corporate Incident Response Plan, the maintenance, testing of and maturation of the Corporate Incident Response Plan and other duties. The Incident Response and Coordination Lead must have a strong working knowledge of the Detect and Respond use cases and response plans and should be among the most experienced and knowledgeable members of the team. This role is a critical component of the Detect and Respond team.
The individual in this role must be able to facilitate and engage in discussions across a number of key leaders from multiple global business functions within Lilly, as well as key areas of IT including IT infrastructure. The role requires an after-hours response to medium and high severity IS incidents. This position is located at the Lilly Corporate Center and will report to the Director – Security Operations Center
Key responsibilities include:
Serve as the internal expert for Information Security Incident Response
Respond to potential medium and high severity level incidents as the Incident Coordinator as outlined in the Corporate Incident Response Plan
Maintain, test and mature the Corporate Incident Response Plan
Determine appropriate responses to escalated tier two IS incidents
Make complex technical or business decisions within Information Security Incident Response guidelines.
Perform periodic case reviews of IS cases for compliance to processes and lessons learned
Key contributions to IS incident use case and response plans
Engage representatives from Legal, IT, HR, Privacy, key business units across the globe, and Information Security to fully understand IS incidents, the severity and the appropriate response plan
Respond to escalated low level incidents from the tier 2 response team
Respond to IS incidents in a timely manner and adhere to documented repeatable processes
Develop collaborative information and knowledge sharing networks and build alliances with colleagues and counterparts internally and externally to the organization around IS incident response
Identify long and short term industry trends in Information Security Incident Response
Recommend and propose methods, technologies, or processes that could improve the effectiveness of IS incident response functions including counter measures or mitigating controls
Stay abreast of new regulatory and policy developments that impact Information Security Incident Response
Bachelor's degree in Computer Science, Information Technology or related field
Eight or more years’ experience in Information Security
CISSP, GCIH - GIAC Certified Incident Handler certification, or other equivalent certification
Qualified candidates must be legally authorized to be employed in the United States. Lilly does not anticipate providing sponsorship for employment visa status (e.g., H-1B or TN status) for this employment position
Ability to document and explain technical details clearly and concisely
Excellent interpersonal and organizational skills
Ability to write analytical information products and clearly articulate findings
Ability to effectively manage multiple tasks concurrently on a regular basis
Ability to problem solve and have critical thinking capabilities in complex environments
Ability to assess IS incidents promptly and effectively and communicate a course of action to respond to the incident while mitigating risk and limiting impact
Ability to communicate security principles and techniques at an executive level
Experience and Expertise in Information Security incident response
GCIA - GIAC Certified Intrusion Analyst certification or other equivalent
ECIH - EC-Council Certified Incident Handler certification or other equivalent
Strong working knowledge of:
Platform Security Basics
Threat Lifecycle Management
TCP / IP
Working knowledge of Security Information and Event Management (SIEM) technology and use
Knowledge of cyber defense techniques to defend against advanced attackers
Lilly is an EEO/Affirmative Action Employer and does not discriminate on the basis of age, race, color, religion, gender, sexual orientation, gender identity, gender expression, national origin, protected veteran status, disability or any other legally protected status
Login or Register (FREE)
Register or Login to get unlimited access. It is FREE forever. Your contact details and the companies you work(ed) for will never be visible to company users unless you allow them to see it.