At Elanco (NYSE: ELAN) – it all starts with animals!
As a global leader in animal health, we are dedicated to innovation and delivering products and services to prevent and treat disease in farm animals and pets. At Elanco, we are driven by our vision of Food and Companionship Enriching Life and our purpose – all to Go Beyond for Animals, Customers, Society and Our People.
At Elanco, we pride ourselves on fostering a diverse and inclusive work environment. We believe that diversity is the driving force behind innovation, creativity, and overall business success. Here, you’ll be part of a company that values and champions new ways of thinking, work with dynamic individuals, and acquire new skills and experiences that will propel your career to new heights.
Making animals’ lives better makes life better – join our team today!
Job Title: Information Security – Business Analyst for Legal and Compliance
Your Role:
Information Security at Elanco
Our Information Security mission is to protect the confidentiality, integrity and availability of information and assets, enabling Elanco to deliver our brand promise and value to our stakeholders and customers. We follow a risk-based approach, aligned with business objectives, focused on Elanco maintaining secure operations and management of information. The Information Security team at Elanco contains two top level organizations, Business Security (focused on analysis of our business processes to discover business threats) and Technology Security (focused on Risk and Compliance and building, maintaining and operating security operations through a DevSecOps-style model).
We are seeking a highly motivated and detail-oriented Business Analyst with a strong focus on Legal & Compliance to join our Business Information Security Officer (BISO) Organization. This role will be critical in bridging the gap between Legal, Compliance, Privacy, Risk, and Technical Security Teams. The successful candidate will be responsible for analyzing business processes, identifying compliance risks, translating legal and regulatory requirements into actionable security controls, and supporting the implementation of robust information security solutions that align with Elanco's legal and ethical obligations.
Your Responsibilities:
Drive legal and regulatory cybersecurity priorities in partnership with Legal, Compliance, Privacy, Risk, and Technical Security, balancing risk management, business needs, and regulatory obligations across the organization.
Partner with business, Legal, and IT teams to embed security, privacy, and compliance requirements into business processes, systems, and third-party engagements using risk-based and secure-by-design principles.
Support regulatory exams, audits, and legal inquiries related to information security.
Translate cybersecurity, legal, and compliance risks into clear business language for leadership, including presenting risk assessments, metrics, compliance status, and risk acceptance recommendations to executive stakeholders.
Build strong relationships with internal stakeholders and selective external partners (vendors, suppliers, and service providers) to assess, manage, and reduce third-party cyber, legal, and compliance risks.
Support governance, risk, and compliance (GRC) programs by helping define, implement, and socialize policies, standards, and control requirements, and by promoting security- and compliance-aware behaviors across the business.
Monitor compliance and drive remediation efforts to improve the organization’s security and compliance posture, ensuring alignment with internal policies, industry frameworks (e.g., NIST, ISO), contractual obligations, and regulatory requirements.
Stay current on evolving regulatory requirements, legal expectations, and cybersecurity risk trends, and help translate those changes into practical guidance, controls, and business-ready solutions.
Core Capabilities
Strong analytical and problem-solving skills.
Excellent written and verbal communication skills, with demonstrated ability to explain technical, security, and legal concepts clearly to non-technical and executive audiences.
Proven experience producing high-quality documentation, including business and security requirements, control specifications, process flows, and use cases.
Solid understanding of information security principles, control frameworks, and assurance standards (e.g., NIST 2.0, ISO 27001, SOC 2) and their application in regulated environments.
Strong organizational skills, attention to detail, and ability to manage multiple priorities in a fast-paced, global environment.
Ability to work independently while effectively collaborating across cross-functional and geographically distributed teams.
Risk, Compliance & Privacy Expertise
Experience supporting third-party risk management, vendor security assessments, and contractual security reviews.
Working knowledge of privacy regulations and data protection concepts and their security implications.
Understanding risk management practices, control design, and security governance processes across the solution lifecycle.
Demonstrated business acumen with the ability to understand business objectives and translate them into risk-informed security requirements and controls.
Leadership & Influence
Strong learning agility with the ability to quickly absorb new regulatory, technical, and business concepts.
Proven ability to influence, negotiate, and drive alignment.
Demonstrated ability to establish and leverage trusted relationships with Legal, Compliance, Privacy, Security, and business stakeholders to advance governance and risk objectives.
Experience operating in a global organization with distributed stakeholders and complex regulatory environments.
What You Need to Succeed (Minimum Qualifications):
- Education: Bachelor's degree in Information Technology, Computer Science, Business Administration, Legal Studies, or a related field. Equivalent years of experience in lieu of a degree will be considered and supported.
- Required Experience: 5+ years of experience as a Business Analyst, preferably within an information security, legal, or compliance department.
- Demonstrated experience working with legal and regulatory frameworks such as GDPR, CCPA, HIPAA, GxP, SOX, etc.
- Experience in risk management, audit, or compliance functions is a strong plus.
- Experience working within a BISO or similar security governance organization is highly desirable.
What Will Give You the Competitive Edge (Preferred Qualifications):
- Relevant certifications such as CISA, CISM, CRISC, GRC, CISSP, IAPP, CIPP/E, or CIPM (or equivalent).
Additional Information:
- Location: Indianapolis, IN Global HQ (Hybrid Environment)
- Supervisory Organization: Elanco-Information Business Security
- Reporting To: Senior Director – Business Information Security Officer
- Travel: Minimal
Don’t meet every single requirement? Studies have shown underrepresented groups are less likely to apply to jobs unless they meet every single qualification. At Elanco we are dedicated to building a diverse and inclusive work environment. If you think you might be a good fit for a role but don't necessarily meet every requirement, we encourage you to apply. You may be the right candidate for this role or other roles!
Elanco Benefits and Perks:
We offer a comprehensive benefits package focusing on financial, physical, and mental well-being while encouraging our employees to pursue our purpose! Some highlights include:
- Multiple relocation packages
- Two weeklong shutdowns (mid-summer and year-end) in the US (in addition to PTO)
- 8-week parental leave
- 9 Employee Resource Groups
- Annual bonus offering
- Flexible work arrangements
- Up to 6% 401K matching
Elanco is an EEO/Affirmative Action Employer and does not discriminate on the basis of age, race, color, religion, gender, sexual orientation, gender identity, gender expression, national origin, protected veteran status, disability or any other legally protected status
