Associate Analyst Cybersecurity Compliance Issues Management

Description
Penn Medicine is dedicated to our tripartite mission of providing the highest level of care to patients, conducting innovative research, and educating future leaders in the field of medicine. Working for this leading academic medical center means collaboration with top clinical, technical and business professionals across all disciplines.

Today at Penn Medicine, someone will make a breakthrough. Someone will heal a heart, deliver hopeful news, and give comfort and reassurance. Our employees shape our future each day. Are you living your life's work?

Entity: Corporate Services

Department: Cybersecurity GRC

Location: 3535 Market Street, Philadelphia, PA

Hours: M-F, 8 hr days, hybrid

Summary:

The Associate Analyst, Cybersecurity Compliance - Issues Management, supports the intake, tracking, and remediation of cybersecurity issues across the organization. This role ensures cybersecurity findings, security exceptions, and mitigation plans are accurately documented, risk-assessed, and managed through their full lifecycle. The Associate Analyst evaluates risks, interprets policies and control requirements, and ensures alignment with regulatory and contractual obligations. Success in this role requires strong analytical and communication skills, the ability to collaborate with technical and business stakeholders, and experience with issue tracking and structured risk assessments.

Responsibilities:

• Triage and manage the Issues Management intake queue, ensuring timely review of incoming requests.
• Conduct risk assessments of common cybersecurity findings, identify compensating controls, risk treatment alternatives, and appropriate mitigation strategies.
• Monitor the status and aging of mitigation plans and exceptions, ensuring they remain current, updated, and aligned with required timelines and policies. Follow up with Stakeholders as needed.
• Perform routine data quality reviews to ensure system accuracy.
• Assist with educating Stakeholders on properly documenting findings, exceptions, and mitigation plans.
• Collaborate with Cybersecurity, IT, IS and other internal stakeholders to resolve issues identified.
• Enforce security frameworks aligned to regulatory requirements and industry best practices.
• Performs duties in accordance with Penn Medicine and entity values, policies, and procedures
• Other duties as assigned to support the unit, department, entity, and health system organization

Credentials:

• CISA - Certified Information System Auditor preferred
• CRISC - Certified Risk Information Security preferred

Education or Equivalent Experience:

• Bachelor's degree is required.
• 1+ years of IT, IS, Auditing, Risk Management or Compliance is required.
• 1+ years of performing risk assessments or managing findings or corrective action plans is preferred.
• 2+ years of equivalent work experience in IS, IT, GRC or Auditing is preferred.

We believe that the best care for our patients starts with the best care for our employees. Our employee benefits programs help our employees get healthy and stay healthy. We offer a comprehensive compensation and benefits program that includes one of the finest prepaid tuition assistance programs in the region. Penn Medicine employees are actively engaged and committed to our mission. Together we will continue to make medical advances that help people live longer, healthier lives.

Live Your Life's Work

We are an Equal Opportunity employer. Candidates are considered for employment without regard to race, ethnicity, color, sex, sexual orientation, gender identity, religion, national origin, ancestry, age, disability, marital status, familial status, genetic information, domestic or sexual violence victim status, citizenship status, military status, status as a protected veteran or any other status protected by applicable law.