Aaron Pritz

Aaron Pritz is the CISO Advisor at TrustMAPP. Aaron has also worked for ISACA Central Indiana, Momentum Cyber, Reveal Risk, and Aaron Pritz & Associates. From June 2001 to December 2017, they were the Director - Information Security - Strategy, Risk, and Portfolio Mgmt / Office of the CISO at Eli Lilly and Company. In this role, they provided strategic direction over the Office of the CISO team ensuring alignment with organizational and program objectives. Aaron also oversaw various program aspects including risk management, program maturity measurement, workforce engagement, and portfolio management. Aaron collaborated cross-functionally to develop a global program strategy and the adoption of “Protect Lilly” concepts.

During their time at Eli Lilly and Company, they transformed the company culture to focus on business awareness and secure behaviors to protect confidential information through the innovative video campaigns, employee tools, and communications they created. Aaron also spearheaded the design and implementation of an enterprise information classification program focused on the sensitive data identification and management, which achieved executive alignment globally. In addition, they co-championed strategy definition, aligning teams, programs and projects to the NIST Cyber Security Framework and designed bi-annual maturity measurement process resulting in significant numerical improvement in CMMI maturity.

Aaron conceptualized and implemented an IS risk management program enhancing identification of top risks across eight lines of business focusing on IT systems, third party, and critical business processes. Aaron also built and developed a dynamic team to assess Lilly’s most sensitive IT systems against controls accomplishing 160+ assessments, action plans, and tracking in under year. Furthermore, they reduced insider threat risks by creating a deploying a global security program that subsequently expanded business continuity and data integrity risk management. Finally, they successfully built a process and coordinated a team to assessed 100+ business processes in 2 years through focusing on the flow of sensitive information through business processes and identifying security gaps. This work enhanced employee behaviors and measurably increased reported IS concerns through the creation of a dynamic training and communications campaign rolled out to 40K employees and 20K contractors.

Aaron Pritz has a Bachelor's Degree in Business, Operations Management, and Computer Information Systems from Indiana University Bloomington. Aaron also has a High School Diploma from Columbus East. Aaron is certified from GIAC in SANS GCCC Critical Controls Certification, from Eli Lilly and Company in Lean Six Sigma Black Belt, from IAPP in CIPP - Certified Information Privacy Professional, from ISACA in CISA (Certified Information Systems Auditor), and from Scrum Alliance in Certified ScrumMaster (CSM).