Security Architect

Location: Indianapolis

Security Architect page is loaded## Security Architect remote type:
Remote locations:
US, Remote time type:
Full time posted on:
Posted Todayjob requisition :
R-101615

At Lilly, we unite caring with discovery to make life better for people around the world. We are a global healthcare leader headquartered in Indianapolis, Indiana. Our employees around the world work to discover and bring life-changing medicines to those who need them, improve the understanding and management of disease, and give back to our communities through philanthropy and volunteerism. We give our best effort to our work, and we put people first.

We’re looking for people who are determined to make life better for people around the world.
** What You'll Be Doing
** As a Security Architect, you will serve as a technical lead for security consulting engagements, threat modeling initiatives, and third-party security assessments. You will develop threat models, security architectures, and reference patterns — including for cloud and hybrid environments — while providing guidance on secure design principles. This role involves close collaboration across teams to integrate security into the development lifecycle and evaluate vendor security posture.

You will also leverage AI-powered tools to enhance the efficiency and depth of security assessments.
** How You'll Succeed**
* ** Technical expertise:
** Deep domain knowledge across security engineering, threat modeling, cloud architectures, application security, and third-party risk management. Ability to use AI tooling to accelerate and improve security work.
* ** Strategic thinking:
** Ability to develop reference architectures and integrate complex systems across on-premises and cloud environments, balancing security risk with business enablement.
* ** Consultative approach:
** Provide expert security guidance to teams, stakeholders, and external vendors throughout assessment engagements, including evaluating and advising on the secure use of AI platforms.
* ** Leadership:
** Lead technical initiatives and architecture reviews while mentoring junior security professionals.
* ** Innovation:
** Actively promote cloud-native security patterns and the responsible adoption of AI technologies across teams.
* ** Communication:
** Translate complex security concepts and technical risk findings into clear, business-friendly language for executive stakeholders and audiences with different technical backgrounds.
** Key Responsibilities
*** Develop and conduct threat modeling exercises across application, infrastructure, and cloud environments using established frameworks (MITRE ATT&CK, STRIDE, NIST 800-53, ISO 27001)
* Create and maintain security architectures and design patterns, including cloud and hybrid reference architectures
* Conduct security architecture reviews for internal initiatives, new technologies, and third-party vendors.
* Perform third-party security assessments, including vendor questionnaire reviews, SOC 2 evaluations, and risk acceptance documentation
* Leverage AI tools and technologies to streamline assessment workflows, analyze vendor documentation, identify risk patterns, and improve assessment quality and consistency
* Provide security consulting services across the organization, enabling business objectives while clearly communicating risk
* Develop and document security best practices, standards, and guidance — including responsible AI tool usage in security workflows
* Lead security briefings and workshops; mentor junior security engineers and drive adoption of security standards
** Your Basic Qualifications
*** High Schol Diploma/GED
* Deep expertise in threat modeling methodologies and security architecture design across cloud (AWS, Azure, GCP), SaaS, and hybrid environments
* Strong background in security consulting, risk assessment, and third-party cyber risk management, including SOC 2 review and HIPAA compliance evaluation
* Minimum seven years of cybersecurity or related experiece
* *** Qualified applicants must be authorized to work in the United States on a full-time basis. Lilly will not provide support for or sponsor work authorization or visas for this role now or in the future,…