Information Systems Security Officer (ISSO) - Penn State Health CYBER SECURITY

Penn State Health Shared Services


Location:  US:PA:Hershey

Work Type:  Full Time

FTE:  1.0

Shift: Days
Hours: Eight (8) hours



The Office of Cybersecurity and Privacy ensures cybersecurity and privacy risks to the confidentiality, integrity, and availability of Penn State Health (PSH) and College of Medicine (COM) information are identified, assessed, and maintained at acceptable levels.  We are looking for people who are focused on delivery, prioritize data-driven decisions over opinions, are continuous learners, and are passionate about cybersecurity.










The Cyber Requirements Planner (Information System Security Officer) is responsible for ensuring operational excellence of cyber security requirements planning activities, including but not limited to:


Working with customers to evaluate functional requirements and translating the functional requirements into technical solutions


Managing the cyber security planning process to ensure that developed solutions meet business needs and cyber security requirements


Applying and incorporating information technologies into proposed solutions


Applying cyber security and privacy principles to organizational requirements (relevant to confidentiality, integrity, authentication, and non-repudiation)


Creating trending, metrics, and management reports


Effectively collaborates and communicates with stake holders and Business units and others to identify, analyze and communicate risk and provide support around DLP management within their business requirements 


Understands compliance requirements that may impact security and effectively collaborate with business areas and project teams to develop security solutions that address these requirements


Analyzes and responds to data loss incidents/alerts via enterprise console and other sources





Senior Level Requirements:


Bachelor’s degree in computer science, cybersecurity, information technology (IT) or in a related field and 8 years of experience OR 12 total years of experience and education.


Intermediate Level Requirements:


Bachelor’s degree in computer science, cybersecurity, information technology (IT) or in a related field and 4 years of experience OR 8 total years of experience and education.





Demonstrated experience in cyber security, privacy, and/or an information protection-related function 


Strong knowledge of cyber security principles, standards, practices, and technologies


Proven experience with assessment of information and information systems based on NIST 800-53 standards and working with asset custodians on remediation plans or exception processes 


Extensive technical knowledge of national security practices, procedures, standards, business continuity, disaster recover, auditing, risk management, vulnerability assessments, and regulatory compliance


Strong knowledge of computer networking concepts and protocols, and network security methodologies


Prior experience with Data Loss Prevention (DLP) (Symantec preferred) technology as well as remediation of findings


Knowledge of creating policies, rules, and tuning of DLP tools is a plus


Prior experience working with Merger and Acquisitions to ensure secure integration and handling security assessments, analysis and reporting for executive leadership


Strong knowledge of working with industry and regulatory requirements (i.e., HIPAA, PCI, etc.)


Strong knowledge of controls related to the use, processing, storage, and transmission of data


Excellent analytical and problem-solving skills


Excellent oral and written communication skills


Proven strong background in cyber security and operational processes


Demonstrated strong organizational skills with attention to detail


Proven ability to achieve results in a fast moving, dynamic environment


Ability to develop strong working relationships


Ability to multi-task and meet deadlines


Excellent communication, problem-solving, and decision-making skills





Certified Information Systems Security Professional (CISSP) or equivalent



This job description is a general outline of duties performed and is not to be misconstrued as encompassing all duties performed within the position.  All individuals (including current employees) selected for a position will undergo a background check appropriate for the position's responsibilities.


Penn State Health is fundamentally committed to the diversity of our faculty and staff. We believe diversity is unapologetically expressing itself through every person's perspectives and lived experiences. We are an equal opportunity and affirmative action employer. All qualified applicants will receive consideration for employment without regard to age, color, disability, gender identity or expression, marital status, national or ethnic origin, political affiliation, race, religion, sex (including pregnancy), sexual orientation, veteran status, and family medical or genetic information. If you are unable to use our online application process due to an impairment or disability, please call 717-531-8440 between the hours of 8:30 AM and 4:30 PM, Eastern Standard Time, Monday – Friday, email or download our Accommodation Instructions for Job Applicants PDF for more detailed steps for assistance.