Cybersecurity Compliance Analyst

Location:

Work from home (Pennsylvania)

Shift:

Days (United States of America)

Scheduled Weekly Hours:

40

Worker Type:

Regular

Exemption Status:

Yes

Job Summary:

Accountable for supporting the implementation of Geisinger’s cybersecurity strategy under the direction of leadership. Proactively analyzes and anticipates changes in the cyber-threat landscape and actively participates in the design of effective countermeasures.. Responsible for the centralized tracking, management and reporting of cybersecurity technical issues and business risks. Performs risk assessment and management activities in regards to technology, process, and applications.

Job Duties:

• Write policies, standards, procedures, guidelines, and other technical security documents.
• Design, implement, and enforce security policies that protect systems and data from security risks
• Maintain and manage cybersecurity GRC Metrics, risk tolerances/triggers.
• Develop automated reports and use data visualization tools to visualize GRC KPIs.
• Interpret audit request lists and perform evidence collection activities in support of various audits.
• Minimize user disruption due to burdensome security controls or duplicative evidence collection.
• Serves as a Serves as a direct contact and subject matter expert for highly technical and complex cybersecurity inquires relative to their assigned specialized areas.
• Conduct security third party risk management (TPRM) for Vendors at onboarding, contract review, RFP/RFI, and annual re-assessments while managing the continuous monitoring strategy.
• Provide risk consulting and/or training to business and technical partners to improve the efficacy of risk management across the enterprise
• Assists the Cybersecurity Architect with development of specialized design and architecture for Geisinger's Cybersecurity Program including roadmaps, technical direction, and alignment of controls to protect and enable the business.
• Implement and track measures and metrics to ensure efficiency of solutions and return on investment in assigned area of specialty.
• Leads the implementation of a sustainable and effective process to monitor cyber-threat intelligence as reported by various public, IT product vendors, security analysts and government threat sources, as well as, integrate into current systems and future security designs through a continuous improvement effort.
• Develops and leads assigned cybersecurity projects to implement new security services, extend, or improve existing services.
• Successfully completes complex assignments on schedule with limited supervision or guidance.
• Develops and proactively evaluates and assesses current processes, procedures, capabilities and execute continuous improvement activities across the organization.
• Provides feedback and have direct involvement in the ongoing implementation and maintenance of the ISO’s Cybersecurity Strategic Plan, monitors and analyzes security event data produced from system logs, server and web, network components, and security systems to identify threats and unauthorized activity.
• Gathers, monitors, analyzes and reports observed cyber-threat activity as reported by various public, IT product vendors, security researchers and government threat sources.
• Provide guidance to associate level personnel for identifying and reporting on specific threat and vulnerability topics.
• Performs risk assessments on technology, processes, and applications as needed and communicates risk to proper stakeholders.
• Authors organizational policies and standards, as well as, departmental procedures focusing on cybersecurity.

Work is typically performed in an office environment. Accountable for satisfying all job specific obligations and complying with all organization policies and procedures. The specific statements in this profile are not intended to be all-inclusive. They represent typical elements considered necessary to successfully perform the job.

*Relevant experience may be a combination of related work experience and degree obtained (Associate’s Degree = 2 years; Bachelor’s Degree = 4 years).

Position Details:

Education:

High School Diploma or Equivalent (GED)- (Required)

Experience:

Minimum of 2 years-Relevant experience* (Required)

Certification(s) and License(s):

Skills:

Critical Thinking, Information Security, Working Independently

OUR PURPOSE & VALUES: Everything we do is about caring for our patients, our members, our students, our Geisinger family and our communities.

• KINDNESS: We strive to treat everyone as we would hope to be treated ourselves.
• EXCELLENCE: We treasure colleagues who humbly strive for excellence.
• LEARNING: We share our knowledge with the best and brightest to better prepare the caregivers for tomorrow.
• INNOVATION: We constantly seek new and better ways to care for our patients, our members, our community, and the nation.
• SAFETY: We provide a safe environment for our patients and members and the Geisinger family. 

We offer healthcare benefits for full time and part time positions from day one, including vision, dental and domestic partners. Perhaps just as important, we encourage an atmosphere of collaboration, cooperation and collegiality.

We know that a diverse workforce with unique experiences and backgrounds makes our team stronger. Our patients, members and community come from a wide variety of backgrounds, and it takes a diverse workforce to make better health easier for all.  We are proud to be an affirmative action, equal opportunity employer and all qualified applicants will receive consideration for employment regardless to race, color, religion, sex, sexual orientation, gender identity, national origin, disability or status as a protected veteran.