The programs led by this role exist because the threat environment demands them. candidate must understand the adversarial context driving each program, including:
AI supply chain and model integrity threats: risks introduced through third-party model integrations, prompt injection, and data poisoning in enterprise AI deployments
Identity and privilege exploitation: continued evolution of credential theft, lateral movement, and abuse of legitimate access pathways
Enterprise attack surface expansion: the compounding risk surface introduced by cloud-native architectures, third-party dependencies, and hybrid identity environments
Understanding this landscape is important to this role. It shapes how programs are chartered, how risks are assessed, and how success is measured.
How You Will Succeed:
Program Governance & Cyber-Informed Planning
Develop and own program charters grounded in the cyber context driving each initiative as well as business requirements. Charters must connect program objectives to the specific risks being mitigated.
Drive gate-validated execution through the program lifecycle, ensuring planning rigor, resource readiness, dependency resolution, and architecture review before execution begins.
Maintain RASCI clarity across Sponsor, Service Owner, BISO, and delivery team roles, ensuring BISOs are engaged from day one.
Lead critical path identification and gain alignment on the milestones that matter, reducing noise in reporting and keeping delivery teams focused on the outcomes that move the security posture.
Identify and surface risks through a technical lens along with schedule and budget, but threat-informed risks that could undermine program effectiveness.
Contribute to continuous improvement of Cyber's program governance processes, templates, and stage gate documentation.
Execution & Technical Delivery
Own assigned programs through the full lifecycle: intake, charter, detailed planning, execution, and closeout with rigor and accountability at each stage.
Maintain execution momentum on concurrent programs, leading cross-functional dependencies, resolving blockers, and coordinating with security architects, engineers, and platform teams.
Ensure program plans include milestone roadmap, dependency map, architecture review confirmation, and resource assignments. No plan is approved without these elements.
Coordinate release readiness, change management, and go/no-go decisions with communications partners and business stakeholders to minimize disruption.
Engage directly with threat intelligence, red team, and detection engineering teams to ensure program scope and success criteria reflect current adversarial realities.
Proactively identify and escalate key issues, blockers, and constraints to appropriate management and stakeholders, ensuring timely resolution and minimal program impact.
Communicate complex cybersecurity concepts clearly and concisely across diverse audiences-from executives and business partners to technical teams-tailoring messaging to stakeholder needs.
Capacity & Resource Coordination
Track resource needs and timelines across assigned programs, forecasting 1-2 quarters out and surfacing capacity conflicts before they become blockers.
Coordinate alignment of external resources and vendor delivery across planning and execution phases.
Support leadership capacity planning with accurate, data-driven forecasts tied to program critic
Benefits
Health insurance
Additional Information
At Lilly, we unite caring with discovery to make life better for people around the world. We are a global healthcare leader headquartered in Indianapolis, Indiana. Our employees around the world work to discover and bring life-changing medicines to those who need them, improve the understanding and management of disease, and give back to our communities through philanthropy and volunteerism. We give our best effort to our work, and we put people first. We're looking for people who are determined to make life better for people around the world.
Cyber Technical Program Manager
Lilly Cyber is seeking a Cyber Technical Program Manager. This role is designed for someone who has lived inside the cybersecurity field: who understands attacker TTPs, can hold a credible conversation with cyber professionals, and brings genuine technical depth across security domains. The right person will operate at the intersection of program delivery and hands-on technical context, driving execution of programs that directly address the threat landscape, including emerging risks from adversarial use of AI (such as Mythos-class threats), identity exploitation, and enterprise-scale attack surface management.
Eli Lilly · Indianapolis IN