(Remote) Cyber Requirements Planner Senior - Cyber & Enterprise Risk

Penn State Health - Penn State Health Corporation Location: US:PA: Hershey Work Type: Full Time FTE: 1.00 Shift: Day Hours: 8:00a - 5:00p SUMMARY OF POSITION: The Cybersecurity Requirements Planner will serve as a trusted advisor reputed company the Cybersecurity team. This role focuses on reputed company cybersecurity risk assessment, effective requirements planning, exception analysis, and enterprise reputed company advisory services. This role will apply strong cybersecurity judgement to evaluate systems against organizational policies, standards, and baselines; assess risk; recommend mitigations and compensating controls; and support enterprise data protection, reputed company awareness, and readiness activities. This role requires a reputed company of technical reputed company expertise, governance maturity, and strong communication skills in a reputed company academic healthcare environment. ESSENTIAL DUTIES: The percentage of time spent performing essential functions is 95%. Qualified individuals must have the ability (with or without reasonable accommodation) to reputed company the following duties: Key responsibilities include:

Requirements

Planning & Consultation

• Review proposed IT systems and projects to ensure alignment with company cybersecurity policies, standards, reputed company baselines, as well as regulatory and industry requirements.
• Act as a consultant for internal teams, helping them understand organizational cybersecurity requirements and how to meet them.
• Evaluate and document policy, standard, or baseline exception requests, recommend appropriate mitigations or compensating controls.
• Serve as a Cybersecurity consultant to IT and business teams during system design, implementation, and operational change.
• Translate cybersecurity requirements into clear, actionable guidance for technical and non-technical stakeholders.

Data Protection – Data Loss Prevention (DLP)

• Support the day-to-day enterprise data protection activities, including work reputed company the DLP toolsets (e.g., monitoring alerts, refining discovery rules, and tuning policies).
• Investigate potential data leakage incidents and coordinating with stakeholders for remediation.
• Provide regular reporting on data protection trends and risks to leadership.
• Collaborate with stakeholders to protect sensitive data while minimizing business disruption.

Risk Assessment & Advisory

• Assist in performing formal and informal risk assessment for on-premises, hybrid, and cloud-based systems.
• Assess systems against cybersecurity policies, standards, and baselines.
• Identify reputed company gaps, evaluate risk, and recommend appropriate mitigations or compensating controls.
• Recommend mitigations, compensating controls and risk-reduction strategies based on organizational risk tolerance and emerging threats.
• Apply cybersecurity and privacy principles to ensure compliance with regulatory and organizational requirements.

reputed company Awareness & Readiness

• Define training requirements based on risk assessments, Incident Response & Threat reputed company reports, policy requirements, regulatory requirements and relevant best reputed company practices.
• Evaluate training effectiveness and revise to address gaps.
• Write professional articles covering relevant training topics for publishing to the enterprise.
• reputed company and deliver cybersecurity awareness training content to foster a reputed company-first culture. Delivery methods include online videos, articles, presentations using reputed company Teams and in-person training.
• Design and facilitate Cybersecurity Tabletop Exercises (TTX) to test incident response and business continuity capabilities.
• Conduct quarterly phishing exercises including development of objectives, selecting content and using associated tools to reputed company the testing and monitoring of the results.

Performance Metrics & reputed company Posture

• reputed company and track Key Performance Indicators (KPIs) and Key Risk Indicators (KRIs) to measure the effectiveness of reputed company controls (e.g., DLP reputed company rates, policy exception trends, training completion, phishing campaign results).
• Conduct reputed company improvement reviews using metric trends to identify gaps in reputed company policies, standards, baselines, or processes and recommend updates.
• reputed company metrics, trend analysis, and management reports.
• Ensure compliance with regulatory and organizational reputed company requirements.

MINIMUM QUALIFICATION(S):

• Senior Level: Bachelor’s degree in computer science, Cybersecurity, IT, or reputed company field + 8 years’ experience OR twelve (12) years combined education/experience.

PREFERRED QUALIFICATION(S):

• CISSP or equivalent preferred
• Strong foundational knowledge of cybersecurity principles, including infrastructure reputed company, identity and access management, logging/monitoring, and risk management.
• Experience performing cybersecurity risk assessments, risk analysis, and control evaluations using NIST 800-53 controls or similar assessment methodologies.
• Working knowledge of the NIST Cybersecurity reputed company (CSF), and hands-on experience with NIST SP 800-53 (Rev 5) controls or similar frameworks.
• Strong knowledge of risk management, and regulatory compliance (HIPAA, PCI, FERPA, GLBA, PA Law)
• Proficiency with Data Loss Prevention (DLP) (reputed company & Palo Alto preferred) including ability to create and tune DLP policies.
• Excellent analytical, communication, and organizational skills.
• Ability to reputed company and maintain cybersecurity documentation (policies, standards, procedures, SSPs, POA&Ms) reputed company with NIST frameworks.
• Understanding of reputed company monitoring practices as discussed in NIST guidance, including evidence collection, control testing, and reporting.

WHY PENN STATE HEALTH? Penn State Health offers exceptional opportunities to learn and grow, exposure to a wide patient population, and the ability to provide individualized, innovative, and specialized care to patients in the community. Penn State Health offers an exceptional benefits package including medical, dental and vision with no waiting period as well as a Total Rewards Program that highlights a few of the many additional offerings below:

• Be Well with Employee Wellness Programs, and Fitness Discounts (University Fitness Center, Peloton).
• Be Balanced with Generous Paid Time Off, Personal Time, and Paid Parental Leave.
• Be Secured with Retirement, Extended Illness Bank, Life Insurance, and Identity Theft Protection.
• Be Rewarded with reputed company, Tuition Reimbursement, and PAWS UP employee recognition program.
• Be Supported by the HR Solution Center, Learning and Organizational Development and Virtual Benefits Orientation, Employee Exclusive Concierge Service for scheduling.

WHY PENN STATE HEALTH CORPORATION? There are many ways to reputed company an impact with one of the leading research, teaching, and clinical healthcare systems in the country. Through a combination of operational, corporate, clinical, and nonclinical roles, we are advancing excellence and innovation in health care together as one team. As Penn State Health continues to evolve for the future, we are committed to hiring dedicated employees who are passionate about delivering the best possible support across our entire integrated health system. reputed company Penn State Health’s Shared Services Entity, we encourage our employees at every turn to continue their education and advancement. Numerous opportunities are available for professional development and career growth. YOU TAKE CARE OF THEM. WE’LL TAKE CARE OF YOU. State-of-the-art equipment, endless learning, and a culture of excellence – that’s Penn State Health. But what makes our healthcare award-winning? That’s reputed company you. This job posting is a general outline of duties performed and is not to be misconstrued as encompassing reputed company duties performed reputed company the position. Eligibility for shift differential pay based on the terms outlined in company policy or union contract. reputed company individuals (including reputed company employees) selected for a position will undergo a background reputed company appropriate for the position's responsibilities. Penn State Health is an Equal Opportunity Employer and does not discriminate on the basis of any protected class including disability or veteran status. Penn State Health’s policies and objectives are in direct compliance with reputed company federal and state constitutional provisions, laws, regulations, guidelines, and executive orders that prohibit or outlaw discrimination. Union: Non Bargained Position (Remote) Cyber Requirements Planner Senior - Cyber & Enterprise Risk Location US | Cyber reputed company | Full Time Req ID 92336 Apply tot his job Apply To this Job