CyberSecurity Compliance Analyst

• Write policies, standards, procedures, guidelines, and other technical security documents.
• Design, implement, and enforce security policies that protect systems and data from security risks
• Maintain and manage cybersecurity GRC Metrics, risk tolerances/triggers.
• Develop automated reports and use data visualization tools to visualize GRC KPIs.
• Interpret audit request lists and perform evidence collection activities in support of various audits.
• Minimize user disruption due to burdensome security controls or duplicative evidence collection.
• Serves as a Serves as a direct contact and subject matter expert for highly technical and complex cybersecurity inquires relative to their assigned specialized areas.
• Conduct security third party risk management (TPRM) for Vendors at onboarding, contract review, RFP/RFI, and annual re-assessments while managing the continuous monitoring strategy.
• Provide risk consulting and/or training to business and technical partners to improve the efficacy of risk management across the enterprise
• Assists the Cybersecurity Architect with development of specialized design and architecture for Geisinger's Cybersecurity Program including roadmaps, technical direction, and alignment of controls to protect and enable the business.
• Implement and track measures and metrics to ensure efficiency of solutions and return on investment in assigned area of specialty.
• Leads the implementation of a sustainable and effective process to monitor cyber-threat intelligence as reported by various public, IT product vendors, security analysts and government threat sources, as well as, integrate into current systems and future security designs through a continuous improvement effort.
• Develops and leads assigned cybersecurity projects to implement new security services, extend, or improve existing services.
• Successfully completes complex assignments on schedule with limited supervision or guidance.
• Develops and proactively evaluates and assesses current processes, procedures, capabilities and execute continuous improvement activities across the organization.
• Provides feedback and have direct involvement in the ongoing implementation and maintenance of the ISO’s Cybersecurity Strategic Plan, monitors and analyzes security event data produced from system logs, server and web, network components, and security systems to identify threats and unauthorized activity.
• Gathers, monitors, analyzes and reports observed cyber-threat activity as reported by various public, IT product vendors, security researchers and government threat sources.
• Provide guidance to associate level personnel for identifying and reporting on specific threat and vulnerability topics.
• Performs risk assessments on technology, processes, and applications as needed and communicates risk to proper stakeholders.
• Authors organizational policies and standards, as well as, departmental procedures focusing on cybersecurity.

Work is typically performed in an office environment. Accountable for satisfying all job specific obligations and complying with all organization policies and procedures. The specific statements in this profile are not intended to be all-inclusive. They represent typical elements considered necessary to successfully perform the job.

*Relevant experience may be a combination of related work experience and degree obtained (Associate’s Degree = 2 years; Bachelor’s Degree = 4 years).