Jane Harper serves as Associate Vice President, Information Security Risk, Compliance and Education at Eli Lilly and Company and is a member of Lilly’s Information Digital Systems and Information Security leadership teams.
Prior to joining Lilly, Jane served as director, privacy and security risk management at Henry Ford Health System. She has more than 18 years of experience in risk, compliance, audit and security, including managing risk and implementing controls in highly regulated industries such as insurance, healthcare and financial services internationally and domestically.
Jane has earned a number of industry recognitions and awards, including Crain’s Detroit’s 40 under 40, Crain’s Detroit Notable Woman in Tech, Oakland County Elite 40 Under 40, and Michigan Chronicle’s Woman of Excellence.
Jane holds both undergraduate and graduate degrees from Oakland University and Walsh College respectively.
In addition to being published in risk management, compliance and security, Jane also holds several designations and certifications, including CRISC (Certified in Risk and Information Systems Control), CHC (Certified in Healthcare Compliance), CISA (Certified Information Systems Auditor), ITIL (Information Technology Infrastructure Library V3 Foundations), CRCMP (Certified Risk Compliance Management Professional), ISA (Internal Security Assessor), PCIP (Payment Card Industry Professional) and CISSP (Certified Information Systems Security Professional).
Jane was a founding member of the Michigan Healthcare Cybersecurity Council, Co-Chaired the Third Party Risk Management Sub-Committee, and has served on the HIMSS (Healthcare Information and Management Systems Society) National Professional Development and Workforce Committee.
Get to know Jane Harper
Why did you decide to join the NCA Board of Directors?
The Information Security discipline spends a lot of time looking at shiny boxes and blinking lights. But people are the strongest and weakest link in the information security chain. It is impossible to enable and protect without people. The National Cybersecurity Alliance recognizes this and has made it a priority. I am passionate about that priority and I fully support it.
Where do you see NCA fitting in at the intersection of healthcare and technology?
I think we have great opportunities ahead of us. We have the opportunity to help translate what is going on in the industry for many types and sizes of organizations. I also think we have the opportunity to take security awareness and training to the next evolution which includes education and development as foundational competencies.
You hold several designations and certifications in risk management, compliance and security. Is there one that you are most proud of?
I am proud of each one, because each one focuses on a certain discipline. I didn’t grandfather into any of them – not that there is anything wrong with grandfathering, but the journey to get them and demonstrate proficiency was definitely part of the learnings for me.
What is something new you’ve learned recently in information security/risk management? Are there any topics or trends in your field that you are especially focused on today?
I have published before, but I learned this year that publishing as an individual author rather than a co-author or contributor, is easier than I thought it would be. My book, Risk Management 101, will be released soon and writing it reminded me that risk is for everyone, and we all have been doing it since we were babies so I want to help tell that story.
What do you like most about your job?
My team, I really like developing people. It is a very serendipitous role as a leader. The team grows and benefits and you do as well. I have had the pleasure of partnering with and leading some of the most interesting, talented, and hardworking people in the industry and that has stretched me and grown me in ways I would have never imagine twenty years ago when I was starting out.