Penn State Health - Penn State Health Corporation
Location: US:PA: Hershey
Work Type: Full Time
FTE: 1.00
Shift: Day
Hours: 8:00a - 5:00p
SUMMARY OF POSITION:
The Cybersecurity Requirements Planner will serve as a trusted advisor within the Cybersecurity team. This role focuses on continuous cybersecurity risk assessment, effective requirements planning, exception analysis, and enterprise security advisory services. This role will apply strong cybersecurity judgement to evaluate systems against organizational policies, standards, and baselines; assess risk; recommend mitigations and compensating controls; and support enterprise data protection, security awareness, and readiness activities. This role requires a blend of technical security expertise, governance maturity, and strong communication skills in a complex academic healthcare environment.
ESSENTIAL DUTIES: The percentage of time spent performing essential functions is 95%. Qualified individuals must have the ability (with or without reasonable accommodation) to perform the following duties: Key responsibilities include:
Requirements Planning & Consultation
Review proposed IT systems and projects to ensure alignment with company cybersecurity policies, standards, security baselines, as well as regulatory and industry requirements.
Act as a consultant for internal teams, helping them understand organizational cybersecurity requirements and how to meet them.
Evaluate and document policy, standard, or baseline exception requests, recommend appropriate mitigations or compensating controls.
Serve as a Cybersecurity consultant to IT and business teams during system design, implementation, and operational change.
Translate cybersecurity requirements into clear, actionable guidance for technical and non-technical stakeholders.
Data Protection - Data Loss Prevention (DLP)
Support the day-to-day enterprise data protection activities, including work within the DLP toolsets (e.g., monitoring alerts, refining discovery rules, and tuning policies).
Investigate potential data leakage incidents and coordinating with stakeholders for remediation.
Provide regular reporting on data protection trends and risks to leadership.
Collaborate with stakeholders to protect sensitive data while minimizing business disruption.
Risk Assessment & Advisory
Assist in performing formal and informal risk assessment for on-premises, hybrid, and cloud-based systems.
Assess systems against cybersecurity policies, standards, and baselines.
Identify security gaps, evaluate risk, and recommend appropriate mitigations or compensating controls.
Recommend mitigations, compensating controls and risk-reduction strategies based on organizational risk tolerance and emerging threats.
Apply cybersecurity and privacy principles to ensure compliance with regulatory and organizational requirements.
Security Awareness & Readiness
Define training requirements based on risk assessments, Incident Response & Threat intel reports, policy requirements, regulatory requirements and relevant best security practices.
Evaluate training effectiveness and revise to address gaps.
Write professional articles covering relevant training topics for publishing to the enterprise.
Develop and deliver cybersecurity awareness training content to foster a security-first culture. Delivery methods include online videos, articles, presentations using Microsoft Teams and in-person training.
Design and facilitate Cybersecurity Tabletop Exercises (TTX) to test incident response and business continuity capabilities.
Conduct quarterly phishing exercises including development of objectives, selecting content and using associated tools to perform the testing and monitoring of the results.
Performance Metrics & Security Posture
Develop and track Key Performance Indicators (KPIs) and Key Risk Indicators (KRIs) to measure the effectiveness of security controls (e.g., DLP block rates, policy exception trends, training completion, phishing campaign results).
Conduct continuous improvement reviews using metric trends to identify gaps in current policies, standards, baselines, or processes and recommend updates.
Develop metrics, trend analysis, and management reports.
Ensure compliance with regulatory and organizational security requirements.
MINIMUM QUALIFICATION(S):
Senior Level: Bachelor's degree in computer science, Cybersecurity, IT, or related field + 8 years' experience OR twelve (12) years combined education/experience.
PREFERRED QUALIFICATION(S):
CISSP or equivalent preferred
Strong foundational knowledge of cybersecurity principles, including infrastructure security, identity and access management, logging/monitoring, and risk management.
Experience performing cybersecurity risk assessments, risk analysis, and control evaluations using NIST 800-53 controls or similar assessment methodologies.
Working knowledge of the NIST Cybersecurity Framework (CSF), and hands-on experience with NIST SP 800-53 (Rev 5) controls or similar frameworks.
Strong knowledge of risk management, and regulatory compliance (HIPAA, PCI, FERPA, GLBA, PA Law)
Proficiency with Data Loss Prevention (DLP) (Microsoft & Palo Alto preferred) including ability to create and tune DLP policies.
Excellent analytical, communication, and organizational skills.
Ability to develop and maintain cybersecurity documentation (policies, standards, procedures, SSPs, POA&Ms) aligned with NIST frameworks.
Understanding of continuous monitoring practices as discussed in NIST guidance, including evidence collection, control testing, and reporting.
WHY PENN STATE HEALTH?
Penn State Health offers exceptional opportunities to learn and grow, exposure to a wide patient population, and the ability to provide individualized, innovative, and specialized care to patients in the community.
Penn State Health offers an exceptional benefits package including medical, dental and vision with no waiting period as well as a Total Rewards Program that highlights a few of the many additional offerings below:
Be Well with Employee Wellness Programs, and Fitness Discounts (University Fitness Center, Peloton).
Be Balanced with Generous Paid Time Off, Personal Time, and Paid Parental Leave.
Be Secured with Retirement, Extended Illness Bank, Life Insurance, and Identity Theft Protection.
Be Rewarded with Competitive Pay, Tuition Reimbursement, and PAWS UP employee recognition program.
Be Supported by the HR Solution Center, Learning and Organizational Development and Virtual Benefits Orientation, Employee Exclusive Concierge Service for scheduling.
WHY PENN STATE HEALTH CORPORATION?
There are many ways to make an impact with one of the leading research, teaching, and clinical healthcare systems in the country. Through a combination of operational, corporate, clinical, and nonclinical roles, we are advancing excellence and innovation in health care together as one team. As Penn State Health continues to evolve for the future, we are committed to hiring dedicated employees who are passionate about delivering the best possible support across our entire integrated health system.
Within Penn State Health's Shared Services Entity, we encourage our employees at every turn to continue their education and advancement. Numerous opportunities are available for professional development and career growth.
YOU TAKE CARE OF THEM. WE'LL TAKE CARE OF YOU. State-of-the-art equipment, endless learning, and a culture of excellence - that's Penn State Health. But what makes our healthcare award-winning? That's all you.
This job posting is a general outline of duties performed and is not to be misconstrued as encompassing all duties performed within the position. Eligibility for shift differential pay based on the terms outlined in company policy or union contract. All individuals (including current employees) selected for a position will undergo a background check appropriate for the position's responsibilities.
Penn State Health is an Equal Opportunity Employer and does not discriminate on the basis of any protected class including disability or veteran status. Penn State Health's policies and objectives are in direct compliance with all federal and state constitutional provisions, laws, regulations, guidelines, and executive orders that prohibit or outlaw discrimination.
Union: Non Bargained
Position (Remote) Cyber Requirements Planner Senior - Cyber & Enterprise Risk
Location US | Cyber Security | Full Time
Req ID 92336
