At Lilly, we unite caring with discovery to make life better for people around the world. We are a global healthcare leader headquartered in Indianapolis, Indiana. Our employees around the world work to discover and bring life-changing medicines to those who need them, improve the understanding and management of disease, and give back to our communities through philanthropy and volunteerism. We give our best effort to our work, and we put people first. We’re looking for people who are determined to make life better for people around the world.
Cyber Technical Program Manager
Lilly Cyber is seeking a Cyber Technical Program Manager. This role is designed for someone who has lived inside the cybersecurity field: who understands attacker TTPs, can hold a credible conversation with cyber professionals, and brings genuine technical depth across security domains. The right person will operate at the intersection of program delivery and hands-on technical context, driving execution of programs that directly address the threat landscape, including emerging risks from adversarial use of AI (such as Mythos-class threats), identity exploitation, and enterprise-scale attack surface management.
What You Will Do:
You will own programs end-to-end, challenge assumptions, surface risks, and hold technical teams accountable to outcomes. You will embed in the work alongside security engineers, architects, and Cyber leaders to bring structure to complex delivery, and translate program health into executive-ready intelligence for Cyber leadership.
The programs led by this role exist because the threat environment demands them. candidate must understand the adversarial context driving each program, including:
- AI supply chain and model integrity threats: risks introduced through third-party model integrations, prompt injection, and data poisoning in enterprise AI deployments
- Identity and privilege exploitation: continued evolution of credential theft, lateral movement, and abuse of legitimate access pathways
- Enterprise attack surface expansion: the compounding risk surface introduced by cloud-native architectures, third-party dependencies, and hybrid identity environments
Understanding this landscape is important to this role. It shapes how programs are chartered, how risks are assessed, and how success is measured.
**How You Will Succeed: **
Program Governance & Cyber-Informed Planning
- Develop and own program charters grounded in the cyber context driving each initiative as well as business requirements. Charters must connect program objectives to the specific risks being mitigated.
- Drive gate-validated execution through the program lifecycle, ensuring planning rigor, resource readiness, dependency resolution, and architecture review before execution begins.
- Maintain RASCI clarity across Sponsor, Service Owner, BISO, and delivery team roles, ensuring BISOs are engaged from day one.
- Lead critical path identification and gain alignment on the milestones that matter, reducing noise in reporting and keeping delivery teams focused on the outcomes that move the security posture.
- Identify and surface risks through a technical lens along with schedule and budget, but threat-informed risks that could undermine program effectiveness.
- Contribute to continuous improvement of Cyber’s program governance processes, templates, and stage gate documentation.
Execution & Technical Delivery
- Own assigned programs through the full lifecycle: intake, charter, detailed planning, execution, and closeout with rigor and accountability at each stage.
- Maintain execution momentum on concurrent programs, leading cross-functional dependencies, resolving blockers, and coordinating with security architects, engineers, and platform teams.
- Ensure program plans include milestone roadmap, dependency map, architecture review confirmation, and resource assignments. No plan is approved without these elements.
- Coordinate release readiness, change management, and go/no-go decisions with communications partners and business stakeholders to minimize disruption.
- Engage directly with threat intelligence, red team, and detection engineering teams to ensure program scope and success criteria reflect current adversarial realities.
- Proactively identify and escalate key issues, blockers, and constraints to appropriate management and stakeholders, ensuring timely resolution and minimal program impact.
- Communicate complex cybersecurity concepts clearly and concisely across diverse audiences—from executives and business partners to technical teams—tailoring messaging to stakeholder needs.
Capacity & Resource Coordination
- Track resource needs and timelines across assigned programs, forecasting 1–2 quarters out and surfacing capacity conflicts before they become blockers.
- Coordinate alignment of external resources and vendor delivery across planning and execution phases.
- Support leadership capacity planning with accurate, data-driven forecasts tied to program criticality and threat priority.
Cybersecurity Technical Depth
- Bring working knowledge across multiple security domains: identity and access management, endpoint security, cloud security architecture, network security, application security, and security operations.
- Engage credibly with security engineers, architects, and threat intelligence teams — understanding enough to ask the right questions, challenge delivery gaps, and assess whether technical decisions align with security objectives.
- Maintain fluency in current and emerging threat actor behaviors, including AI-augmented adversarial techniques and the specific risks posed by frontier model capabilities and Mythos-class actors.
- Apply working knowledge of NIST CSF, MITRE ATT&CK, Zero Trust principles, and applicable regulatory frameworks (FDA cybersecurity guidance, GxP, SOX, HIPAA, GDPR, PCI) to program delivery decisions.
Reporting & Executive Communication
- Deliver milestone-driven status reporting aligned to critical path, surfacing what matters, what is at risk, and what decisions are needed.
- Maintain Jira-based program tracking that supports portfolio-level visibility for Cyber leadership.
- Produce executive-ready reporting that connects program progress to cyber objectives and threat mitigation outcomes.
- Facilitate steering committee and reviews, providing accurate updates on status, dependencies, financials, risks, and threat relevance.
- Adapt communication style fluidly across technical practitioners, Cyber leadership, and business executives.
Your Minimum Qualifications:
- Bachelor Degree in a STEM field
- At least 5+ years of experience in program or project management, with the majority of that time spent inside a cybersecurity organization.
- Direct hands-on experience with cybersecurity program delivery: security tool deployments, identity and access management programs, cloud security initiatives, or threat detection and response programs
- Experience with program tooling including Jira, Azure DevOps, and Power BI; ability to build and maintain dashboards that support portfolio visibility.
**What You Should Bring: **
- Understanding of cybersecurity domains: IAM, endpoint security, cloud security (AWS, Azure, or GCP), application security, network security, and security operations.
- Familiarity with current threat actor tradecraft, including the adversarial application of AI tools, large language model exploitation techniques, and AI-augmented attack patterns.
- Working knowledge of MITRE ATT&CK, NIST CSF, Zero Trust frameworks, and security architecture patterns.
- Awareness of life sciences regulatory requirements including FDA cybersecurity guidance, GxP, SOX, HIPAA, GDPR, and PCI as they apply to cyber program delivery.
- Structured, focused approach to program governance: checkpoint processes, RASCI documentation, stage-based delivery, and plan quality standards.
- Ability to translate technical cyber risk into business impact language for executive audiences.
- Strong stakeholder management across technical practitioners, security leadership, and business executives.
- Comfortable with ambiguity; able to make sound program decisions in constantly evolving environments.
- Data-driven: uses Power BI, Excel, or equivalent tooling to track, forecast, and communicate program health.
- Cybersecurity certification strongly preferred: CISSP, CISM, CCSP, or equivalent demonstrating sustained investment in the security discipline.
- PMP, Agile (SAFe, CSM), or ITIL certification a plus.
- Demonstrated track record running complex, cross-functional programs in fast-paced enterprise environments with opposing priorities.
- Champion and leverage AI tools (e.g., Claude) to streamline workflows, accelerate analysis, and improve program delivery efficiency across cybersecurity initiatives.
- Prior experience at large enterprises with complex regulatory and compliance obligations.
- Exposure to AI security governance, ML model risk, or adversarial AI research understanding how frontier model capabilities are reshaping the threat landscape.
- Experience with MITRE ATT&CK-based program scoping or threat-informed defense frameworks.
Lilly is dedicated to helping individuals with disabilities to actively engage in the workforce, ensuring equal opportunities when vying for positions. If you require accommodation to submit a resume for a position at Lilly, please complete the accommodation request form (https://careers.lilly.com/us/en/workplace-accommodation) for further assistance. Please note this is for individuals to request an accommodation as part of the application process and any other correspondence will not receive a response.
Lilly is proud to be an EEO Employer and does not discriminate on the basis of age, race, color, religion, gender identity, sex, gender expression, sexual orientation, genetic information, ancestry, national origin, protected veteran status, disability, or any other legally protected status.
Our employee resource groups (ERGs) offer strong support networks for their members and are open to all employees. Our current groups include: Africa, Middle East, Central Asia Network, Black Employees at Lilly, Chinese Culture Network, Japanese International Leadership Network (JILN), Lilly India Network, Organization of Latinx at Lilly (OLA), PRIDE (LGBTQ+ Allies), Veterans Leadership Network (VLN), Women’s Initiative for Leading at Lilly (WILL), enAble (for people with disabilities). Learn more about all of our groups.
Actual compensation will depend on a candidate’s education, experience, skills, and geographic location. The anticipated wage for this position is
$124,500 - $182,600
Full-time equivalent employees also will be eligible for a company bonus (depending, in part, on company and individual performance). In addition, Lilly offers a comprehensive benefit program to eligible employees, including eligibility to participate in a company-sponsored 401(k); pension; vacation benefits; eligibility for medical, dental, vision and prescription drug benefits; flexible benefits (e.g., healthcare and/or dependent day care flexible spending accounts); life insurance and death benefits; certain time off and leave of absence benefits; and well-being benefits (e.g., employee assistance program, fitness benefits, and employee clubs and activities).Lilly reserves the right to amend, modify, or terminate its compensation and benefit programs in its sole discretion and Lilly’s compensation practices and guidelines will apply regarding the details of any promotion or transfer of Lilly employees.
#WeAreLilly