At Lilly, we unite caring with discovery to make life better for people around the world. We are a global healthcare leader headquartered in Indianapolis, Indiana. Our employees around the world work to discover and bring life-changing medicines to those who need them, improve the understanding and management of disease, and give back to our communities through philanthropy and volunteerism. We give our best effort to our work, and we put people first. We’re looking for people who are determined to make life better for people around the world. What You'll Be Doing As a Security Architect, you will serve as a technical lead for security consulting engagements, threat modeling initiatives, and third-party security assessments. You will develop threat models, security architectures, and reference patterns — including for cloud and hybrid environments — while providing guidance on secure design principles. This role involves close collaboration across teams to integrate security into the development lifecycle and evaluate vendor security posture. You will also leverage AI-powered tools to enhance the efficiency and depth of security assessments. How You'll Succeed - Technical expertise: Deep domain knowledge across security engineering, threat modeling, cloud architectures, application security, and third-party risk management. Ability to use AI tooling to accelerate and improve security work. - Strategic thinking: Ability to develop reference architectures and integrate complex systems across on-premises and cloud environments, balancing security risk with business enablement. - Consultative approach: Provide expert security guidance to teams, stakeholders, and external vendors throughout assessment engagements, including evaluating and advising on the secure use of AI platforms. - Leadership: Lead technical initiatives and architecture reviews while mentoring junior security professionals. - Innovation: Actively promote cloud-native security patterns and the responsible adoption of AI technologies across teams. - Communication: Translate complex security concepts and technical risk findings into clear, business-friendly language for executive stakeholders and audiences with different technical backgrounds. Key Responsibilities - Develop and conduct threat modeling exercises across application, infrastructure, and cloud environments using established frameworks (MITRE ATT&CK, STRIDE, NIST 800-53, ISO 27001) - Create and maintain security architectures and design patterns, including cloud and hybrid reference architectures - Conduct security architecture reviews for internal initiatives, new technologies, and third-party vendors. - Perform third-party security assessments, including vendor questionnaire reviews, SOC 2 evaluations, and risk acceptance documentation - Leverage AI tools and technologies to streamline assessment workflows, analyze vendor documentation, identify risk patterns, and improve assessment quality and consistency - Provide security consulting services across the organization, enabling business objectives while clearly communicating risk - Develop and document security best practices, standards, and guidance — including responsible AI tool usage in security workflows - Lead security briefings and workshops; mentor junior security engineers and drive adoption of security standards Your Basic Qualifications - High Schol Diploma/GED - Deep expertise in threat modeling methodologies and security architecture design across cloud (AWS, Azure, GCP), SaaS, and hybrid environments - Strong background in security consulting, risk assessment, and third-party cyber risk management, including SOC 2 review and HIPAA compliance evaluation - Minimum seven years of cybersecurity or related experiece - Qualified applicants must be authorized to work in the United States on a full-time basis. Lilly will not provide support for or sponsor work authorization or visas for this role now or in the future, including but not limited to F-1 CPT, F-1 OPT, F-1 STEM OPT, J-1, H-1B, TN, O-1, E-3, H-1B1, or L-1. What You Should Bring - Bachelor's degree in Computer Science, Information Security, or related field preferred - Experience with or willingness to adopt AI tools for document analysis, risk summarization, and pattern identification; understanding of AI/ML security considerations - Knowledge of Zero Trust principles and major security frameworks (MITRE ATT&CK, STRIDE, NIST 800-53, ISO 27001) - Excellence in technical documentation and executive-level risk communication - Experience mentoring, collaborating across teams, and engaging stakeholders at varying levels of technical expertise - Project management and strategic planning skills - Commitment to continuous learning and professional development, including staying current on developments relevant to cybersecurity Lilly is dedicated to helping individuals with disabilities to actively engage in the workforce, ensuring equal opportunities when vying for positions. If you require accommodation to submit a resume for a position at Lilly, please complete the accommodation request form (https://careers.lilly.com/us/en/workplace-accommodation) for further assistance. Please note this is for individuals to request an accommodation as part of the application process and any other correspondence will not receive a response. Lilly is proud to be an EEO Employer and does not discriminate on the basis of age, race, color, religion, gender identity, sex, gender expression, sexual orientation, genetic information, ancestry, national origin, protected veteran status, disability, or any other legally protected status. Our employee resource groups (ERGs) offer strong support networks for their members and are open to all employees. Our current groups include: Africa, Middle East, Central Asia Network, Black Employees at Lilly, Chinese Culture Network, Japanese International Leadership Network (JILN), Lilly India Network, Organization of Latinx at Lilly (OLA), PRIDE (LGBTQ+ Allies), Veterans Leadership Network (VLN), Women’s Initiative for Leading at Lilly (WILL), enAble (for people with disabilities). Learn more about all of our groups. Actual compensation will depend on a candidate’s education, experience, skills, and geographic location. The anticipated wage for this position is $141,000 - $225,000 Full-time equivalent employees also will be eligible for a company bonus (depending, in part, on company and individual performance). In addition, Lilly offers a comprehensive benefit program to eligible employees, including eligibility to participate in a company-sponsored 401(k); pension; vacation benefits; eligibility for medical, dental, vision and prescription drug benefits; flexible benefits (e.g., healthcare and/or dependent day care flexible spending accounts); life insurance and death benefits; certain time off and leave of absence benefits; and well-being benefits (e.g., employee assistance program, fitness benefits, and employee clubs and activities).Lilly reserves the right to amend, modify, or terminate its compensation and benefit programs in its sole discretion and Lilly’s compensation practices and guidelines will apply regarding the details of any promotion or transfer of Lilly employees. #WeAreLilly

• Grow profitable market share by executing the Business Unit strategy in full alignment under clear managerial direction but being able to work independent based on expertise. • Optimizes results by driving sales out of Microsoft portfolio including new Security identification, onboarding and other business development initiatives. • Demonstrates a solid stakeholder engagement. • Demonstrates application of TD SYNNEX resources to clearly assist customer in meeting their strategic objectives. • Ownership of quarterly vendor business planning and execution. • Drives overall vendor management. • Creates customer unique selling propositions that protect margin integrity and promote long term value based customer engagement. • Enable and help the sales teams to win and grow share of wallet and market share. • Relationship and engagement with Microsoft and internal & external stakeholders to ensure TD SYNNEX is seen as the “Trusted Advisor”. • Ensure ongoing use of CRM tools dashboards to ensure best in class business continuity. • Full knowledge of assigned Microsoft product/service line. • Develops tailored customer value propositions against clear understanding of customer business requirements. • Maintains Full knowledge of assigned Microsoft product/service line.

• Serve as a technical lead for security consulting engagements, threat modeling initiatives, and third-party security assessments • Develop threat models, security architectures, and reference patterns for cloud and hybrid environments • Provide guidance on secure design principles • Collaborate across teams to integrate security into the development lifecycle and evaluate vendor security posture • Leverage AI-powered tools to enhance the efficiency and depth of security assessments • Develop and conduct threat modeling exercises using established frameworks (MITRE ATT&CK, STRIDE, NIST 800-53, ISO 27001) • Create and maintain security architectures and design patterns • Conduct security architecture reviews for internal initiatives, new technologies, and third-party vendors • Perform third-party security assessments, including vendor questionnaire reviews, SOC 2 evaluations • Provide security consulting services across the organization, enabling business objectives while clearly communicating risk • Lead security briefings and workshops; mentor junior security engineers

• Lead the design and implementation of security architectures for cloud environments • Oversee security risk assessments and implement mitigation strategies • Develop security policies and best practices tailored for cloud environments • Collaborate with cross-functional teams to enhance cloud security measures • Conduct forensic investigations on cyber incidents and produce reports