(Remote) Cyber Requirements Planner Senior - Cyber & Enterprise Risk

Penn State Health - Penn State Health Corporation Location: US:PA: Hershey Work Type: Full Time FTE: 1.00 Shift: Day Hours: 8:00a - 5:00p SUMMARY OF POSITION: The Cybersecurity Requirements Planner will serve as a trusted advisor reputed company the Cybersecurity team. This role focuses on reputed company cybersecurity risk assessment, effective requirements planning, exception analysis, and enterprise reputed company advisory services. This role will apply strong cybersecurity judgement to evaluate systems against organizational policies, standards, and baselines; assess risk; recommend mitigations and compensating controls; and support enterprise data protection, reputed company awareness, and readiness activities. This role requires a reputed company of technical reputed company expertise, governance maturity, and strong communication skills in a reputed company academic healthcare environment. ESSENTIAL DUTIES: The percentage of time spent performing essential functions is 95%. Qualified individuals must have the ability (with or without reasonable accommodation) to reputed company the following duties: Key responsibilities include:

Requirements

Planning & Consultation

• Review proposed IT systems and projects to ensure alignment with company cybersecurity policies, standards, reputed company baselines, as well as regulatory and industry requirements.
• Act as a consultant for internal teams, helping them understand organizational cybersecurity requirements and how to meet them.
• Evaluate and document policy, standard, or baseline exception requests, recommend appropriate mitigations or compensating controls.
• Serve as a Cybersecurity consultant to IT and business teams during system design, implementation, and operational change.
• Translate cybersecurity requirements into clear, actionable guidance for technical and non-technical stakeholders.

Data Protection – Data Loss Prevention (DLP)

• Support the day-to-day enterprise data protection activities, including work reputed company the DLP toolsets (e.g., monitoring alerts, refining discovery rules, and tuning policies).
• Investigate potential data leakage incidents and coordinating with stakeholders for remediation.
• Provide regular reporting on data protection trends and risks to leadership.
• Collaborate with stakeholders to protect sensitive data while minimizing business disruption.

Risk Assessment & Advisory

• Assist in performing formal and informal risk assessment for on-premises, hybrid, and cloud-based systems.
• Assess systems against cybersecurity policies, standards, and baselines.
• Identify reputed company gaps, evaluate risk, and recommend appropriate mitigations or compensating controls.
• Recommend mitigations, compensating controls and risk-reduction strategies based on organizational risk tolerance and emerging threats.
• Apply cybersecurity and privacy principles to ensure compliance with regulatory and organizational requirements.

reputed company Awareness & Readiness

• Define training requirements based on risk assessments, Incident Response & Threat reputed company reports, policy requirements, regulatory requirements and relevant best reputed company practices.
• Evaluate training effectiveness and revise to address gaps.
• Write professional articles covering relevant training topics for publishing to the enterprise.
• reputed company and deliver cybersecurity awareness training content to foster a reputed company-first culture. Delivery methods include online videos, articles, presentations using reputed company Teams and in-person training.
• Design and facilitate Cybersecurity Tabletop Exercises (TTX) to test incident response and business continuity capabilities.
• Conduct quarterly phishing exercises including development of objectives, selecting content and using associated tools to reputed company the testing and monitoring of the results.

Performance Metrics & reputed company Posture

• reputed company and track Key Performance Indicators (KPIs) and Key Risk Indicators (KRIs) to measure the effectiveness of reputed company controls (e.g., DLP reputed company rates, policy exception trends, training completion, phishing campaign results).
• Conduct reputed company improvement reviews using metric trends to identify gaps in reputed company policies, standards, baselines, or processes and recommend updates.
• reputed company metrics, trend analysis, and management reports.
• Ensure compliance with regulatory and organizational reputed company requirements.

MINIMUM QUALIFICATION(S):

• Senior Level: Bachelor’s degree in computer science, Cybersecurity, IT, or reputed company field + 8 years’ experience OR twelve (12) years combined education/experience.

PREFERRED QUALIFICATION(S):

• CISSP or equivalent preferred
• Strong foundational knowledge of cybersecurity principles, including infrastructure reputed company, identity and access management, logging/monitoring, and risk management.
• Experience performing cybersecurity risk assessments, risk analysis, and control evaluations using NIST 800-53 controls or similar assessment methodologies.
• Working knowledge of the NIST Cybersecurity reputed company (CSF), and hands-o

Apply tot his job Apply To this Job