Overview
On Site
Depends on Experience
Full Time
Skills
Research
SAP GRC
Policies and Procedures
Program Development
Risk Assessment
Due Diligence
Evaluation
Finance
Contract Management
Negotiations
Service Level
Data Security
Continuous Monitoring
Auditing
Security Controls
Regulatory Compliance
Incident Management
Collaboration
Stakeholder Engagement
Communication
Risk Management
Reporting
Oracle Linux
CISSP
Information Systems
Cisco Certifications
Cloud Security
Cyber Security
Management
Leadership
Military
Law
Job Details
Description
Penn Medicine is dedicated to our tripartite mission of providing the highest level of care to patients, conducting innovative research, and educating future leaders in the field of medicine. Working for this leading academic medical center means collaboration with top clinical, technical and business professionals across all disciplines.
Today at Penn Medicine, someone will make a breakthrough. Someone will heal a heart, deliver hopeful news, and give comfort and reassurance. Our employees shape our future each day. Are you living your life's work?
Entity: Corporate Services
Department: CyberSecurity - GRC
Hours: M-F, 8hr days, hybrid
Location: 3535 Market Street, Philadelphia, PA
Summary:
The Senior Advisor for Third Party Risk Management (TPRM) will play a critical role in overseeing and enhancing the organization's TPRM program. Reporting to the Senior Manager of TPRM, the Senior Advisor will be responsible for developing, implementing, and maintaining strategies, policies, and procedures to manage risks associated with third-party relationships effectively.
Responsibilities:
Credentials:
Education or Equivalent Experience:
We believe that the best care for our patients starts with the best care for our employees. Our employee benefits programs help our employees get healthy and stay healthy. We offer a comprehensive compensation and benefits program that includes one of the finest prepaid tuition assistance programs in the region. Penn Medicine employees are actively engaged and committed to our mission. Together we will continue to make medical advances that help people live longer, healthier lives.
Live Your Life's Work
We are an Equal Opportunity employer. Candidates are considered for employment without regard to race, ethnicity, color, sex, sexual orientation, gender identity, religion, national origin, ancestry, age, disability, marital status, familial status, genetic information, domestic or sexual violence victim status, citizenship status, military status, status as a protected veteran or any other status protected by applicable law.
Penn Medicine is dedicated to our tripartite mission of providing the highest level of care to patients, conducting innovative research, and educating future leaders in the field of medicine. Working for this leading academic medical center means collaboration with top clinical, technical and business professionals across all disciplines.
Today at Penn Medicine, someone will make a breakthrough. Someone will heal a heart, deliver hopeful news, and give comfort and reassurance. Our employees shape our future each day. Are you living your life's work?
Entity: Corporate Services
Department: CyberSecurity - GRC
Hours: M-F, 8hr days, hybrid
Location: 3535 Market Street, Philadelphia, PA
Summary:
The Senior Advisor for Third Party Risk Management (TPRM) will play a critical role in overseeing and enhancing the organization's TPRM program. Reporting to the Senior Manager of TPRM, the Senior Advisor will be responsible for developing, implementing, and maintaining strategies, policies, and procedures to manage risks associated with third-party relationships effectively.
Responsibilities:
- Program Development and Governance: Lead the development, implementation, and enhancement of the organization's TPRM program, including policies, standards, and procedures. Establish governance structures and oversight mechanisms to ensure the effectiveness and alignment of TPRM activities with organizational objectives and regulatory requirements.
- Risk Assessment and Mitigation: Conduct comprehensive risk assessments of third-party relationships to identify potential security, compliance, and operational risks. Develop risk mitigation strategies and controls to address identified risks, including contractual clauses, service-level agreements (SLAs), and security requirements.
- Vendor Due Diligence and Selection: Lead the due diligence process for evaluating and selecting new third-party vendors, suppliers, and partners. Develop standardized criteria and evaluation frameworks for assessing potential vendors' security posture, compliance with regulations, financial stability, and reputation.
- Contract Management and Compliance: Oversee the negotiation, review, and management of contracts, agreements, and service-level commitments with third parties. Ensure that contracts include provisions related to data protection, security requirements, incident response, audit rights, and termination clauses.
- Ongoing Monitoring and Assurance: Implement continuous monitoring mechanisms to track third-party activities, performance, and compliance with contractual obligations and security requirements. Conduct periodic audits, assessments, and reviews of third-party security controls and practices to ensure ongoing compliance with organizational policies and standards.
- Incident Response and Remediation: Develop and maintain incident response plans and procedures specific to third-party security incidents or breaches. Collaborate with internal teams and third parties to investigate incidents, mitigate risks, and implement corrective actions to prevent recurrence.
- Stakeholder Engagement and Communication: Communicate cybersecurity risks and mitigation strategies to internal stakeholders, including senior management, business units, and risk owners. Provide regular updates on the status of third-party risk management initiatives and key risk indicators (KRIs) and Establish protocols for reporting, investigating, and remedying security incidents involving third-party relationships.
Credentials:
- CISSP - Certified Information Systems Security. (Preferred)
- CCSP - Certified Cloud Security Professional. (Preferred)
Education or Equivalent Experience:
- Bachelor's degree. (Required)
- 5+ years of IT experience. (Required)
- 1+ years of Third Party Cyber Security experience. (Preferred)
- 1+ years of management/leadership experience. (Preferred)
We believe that the best care for our patients starts with the best care for our employees. Our employee benefits programs help our employees get healthy and stay healthy. We offer a comprehensive compensation and benefits program that includes one of the finest prepaid tuition assistance programs in the region. Penn Medicine employees are actively engaged and committed to our mission. Together we will continue to make medical advances that help people live longer, healthier lives.
Live Your Life's Work
We are an Equal Opportunity employer. Candidates are considered for employment without regard to race, ethnicity, color, sex, sexual orientation, gender identity, religion, national origin, ancestry, age, disability, marital status, familial status, genetic information, domestic or sexual violence victim status, citizenship status, military status, status as a protected veteran or any other status protected by applicable law.
Employers have access to artificial intelligence language tools (“AI”) that help generate and enhance job descriptions and AI may have been used to create this description. The position description has been reviewed for accuracy and Dice believes it to correctly reflect the job opportunity.