Sr Analyst Cybersecurity Issues Mgmt Compliance

DescriptionPenn Medicine is dedicated to our tripartite mission of providing the highest level of care to patients, conducting innovative research, and educating future leaders in the field of medicine. Working for this leading academic medical center means collaboration with top clinical, technical and business professionals across all disciplines. Today at Penn Medicine, someone will make a breakthrough. Someone will heal a heart, deliver hopeful news, and give comfort and reassurance. Our employees shape our future each day. Are you living your life's work? Department: IS-Cybersecurity Summary: The Sr Analyst, Cybersecurity Issues Management and Compliance, will be responsible for managing the lifecycle of cybersecurity findings, exceptions and mitigation plans and ensuring effective risk mitigation is in place. The Sr. Analyst will also participate in the planning, execution and reporting of other key compliance activities related to assessments, audits and testing to ensure cybersecurity controls align with regulatory and contractual cybersecurity obligations. The ideal candidate will have strong analytical skills, experience with issue tracking, risk assessments, and the ability to collaborate cross-functionally with technical and business teams. Responsibilities: • Document, track and manage the full lifecycle of cybersecurity findings which emanate from various sources, including but not limited to, internal assessments, audits, testing, regulatory reviews, self-identified findings, and third-party risk assessments. • Collaborate with business owners, subject matter experts, and other key stakeholders to provide guidance on cybersecurity requirements, policies and regulatory impacts. • Define clear, actionable, and realistic remediation plans and identify and document compensating controls or alternative risk treatments for approved exceptions. • Assist with coordination and execution of compliance assessments, audit readiness, and responses to audits and regulatory inquiries. • Perform control assessments to identify gaps and deficiencies in the cybersecurity control environment. • Develop and deliver Issues Management and Compliance reports and dashboards for GRC leaders. • Create and maintain process documentation as well as educational material on the Cybersecurity Issues Management and Compliance Program. Deliver training as needed. • Assist in monitoring program workstreams and provide feedback for continuous improvements. Credentials: • CRISC- Certified Risk Information Security, preferred • CISA- Certified Information System Auditor, preferred • CISPP- Certified Information Systems Security Professional, preferred Education or Equivalent Experience: • Bachelor's Degree is required, Information Security, Information Technology, or a related field • 6+ years' experience working in IT, IS, Auditing, Risk Management or Compliance is required • 5+ years' experience performing assessments, controls testing, or managing findings or corrective action plans is preferred • 10+ years of equivalent work experience in Information Security, Information Technology, Auditing, or Governance, Risk and Compliance (GRC) is preferred We believe that the best care for our patients starts with the best care for our employees. Our employee benefits programs help our employees get healthy and stay healthy. We offer a comprehensive compensation and benefits program that includes one of the finest prepaid tuition assistance programs in the region. Penn Medicine employees are actively engaged and committed to our mission. Together we will continue to make medical advances that help people live longer, healthier lives. Live Your Life's Work We are an Equal Opportunity employer. Candidates are considered for employment without regard to race, ethnicity, color, sex, sexual orientation, gender identity, religion, national origin, ancestry, age, disability, marital status, familial status, genetic information, domestic or sexual violence victim status, citizenship status, military status, status as a protected veteran or any other status protected by applicable law.