**Description** Penn Medicine is dedicated to our tripartite mission of providing the highest level of care to patients, conducting innovative research, and educating future leaders in the field of medicine. Working for this leading academic medical center means collaboration with top clinical, technical and business professionals across all disciplines. Today at Penn Medicine, someone will make a breakthrough. Someone will heal a heart, deliver hopeful news, and give comfort and reassurance. Our employees shape our future each day. Are you living your life's work? **Entity - Corporate Services** **Department - IS Cybersecurity** **Location - 3600 Civic Center Blvd, Philadelphia, PA** **Hours - M-F, Hybrid** Summary: + The Sr. Manager Cybersecurity Issue Management & Compliance reports to the Cybersecurity Director of Governance Risk and compliance and is responsible for overseeing cybersecurity issue tracking, ensuring compliance with regulatory requirements, and driving improvements in the organization's cybersecurity risk posture.This role involves overseeing the identification, tracking, and remediation of cybersecurity issues, as well as ensuring compliance with regulatory frameworks and internal policies. The Senior Manager will work cross-functionally with IT, legal, and business units to assess risk, drive security initiatives, and maintain regulatory compliance standards. Responsibilities: + Lead cybersecurity issue management program, including tracking, prioritizing, and resolving cybersecurity issues. + Collaborate with IT and business units to remediate issues and mitigate cybersecurity findings and Exceptions. + Implement a streamlined process for issue identification, triage, documentation, and resolution tracking. + Ensure cybersecurity programs align with regulatory requirements (e.g., HIPAA, CCPA, PCI-DSS, NIST). + Oversee compliance assessments, audit readiness, and manage responses to audits and regulatory inquiries. + Conduct and oversee cybersecurity control assessments to identify emerging risks, vulnerabilities, and compliance deficiencies. + Work with stakeholders to implement cybersecurity controls and best practices, including adherence to frameworks such as SCF, NIST CSF, ISO 27001. + Present regular updates to executive leadership and steering committees on the status of issue management, regulatory compliance, and remediation progress. + Performs duties in accordance with Penn Medicine and entity values, policies, and procedures + Other duties as assigned to support the unit, department, entity, and health system organization Credentials: + Cert IS Security Professional (Preferred) + Certified Cloud Security Professional (Preferred) Education or Equivalent Experience: + Bachelor's degree. (Required) + 7+ years of IT experience. (Required) + 8+ years of Third Party Cyber Security experience. (Required) + 3+ years of Management/leadership experience. (Required) Skills/Abilities: + Proven experience (typically 8+ years) in Issue management, compliance, cybersecurity, risk management, or vendor management roles, with a focus on third-party risk management. In-depth knowledge of cybersecurity principles, frameworks (e.g., NIST CSF, ISO 27001), and regulatory requirements (e.g., HIPAA, PCI DSS) related to third-party risk management. + Strong understanding of vendor risk assessment methodologies, security controls, and best practices for managing cybersecurity risks across the vendor lifecycle. + Excellent communication and interpersonal skills, with the ability to collaborate effectively with cross-functional teams and communicate complex cybersecurity concepts to non-technical stakeholders. + Demonstrated leadership and project management skills, with the ability to prioritize tasks, manage multiple projects simultaneously, and drive initiatives to successful completion. + Analytical mindset with the ability to identify, assess, and mitigate cybersecurity risks effectively, including proficiency in risk analysis techniques and tools. + Self-motivated and goal-oriented with the ability to seize the initiative, garner consensus and develop and implement an effective strategy. + Strong experience in managing technical and business-facing teams made up of individual with diverse skills and experiences. + Demonstrated ability to establish and maintain strong working relationships with stakeholders, partners, and industry peers. + Experience in staffing, mentoring, coaching, and managing multiple teams and functions. + Effective communication skills and ability to synthesize complex technical topics for non-technical audiences. We believe that the best care for our patients starts with the best care for our employees. Our employee benefits programs help our employees get healthy and stay healthy. We offer a comprehensive compensation and benefits program that includes one of the finest prepaid tuition assistance programs in the region. Penn Medicine employees are actively engaged and committed to our mission. Together we will continue to make medical advances that help people live longer, healthier lives. Live Your Life's Work We are an Equal Opportunity and Affirmative Action employer. Candidates are considered for employment without regard to race, ethnicity, color, sex, sexual orientation, gender identity, religion, national origin, ancestry, age, disability, marital status, familial status, genetic information, domestic or sexual violence victim status, citizenship status, military status, status as a protected veteran or any other status protected by applicable law. REQNUMBER: 244377