Information Systems Security Officer (ISSO) - Penn State Health CYBER SECURITY

Penn State Health Shared Services

 

Location:  US:PA:Hershey

Work Type:  Full Time

FTE:  1.0

Shift: Days
Hours: Eight (8) hours

 

 

The Office of Cybersecurity and Privacy ensures cybersecurity and privacy risks to the confidentiality, integrity, and availability of Penn State Health (PSH) and College of Medicine (COM) information are identified, assessed, and maintained at acceptable levels.  We are looking for people who are focused on delivery, prioritize data-driven decisions over opinions, are continuous learners, and are passionate about cybersecurity.

 

 

**100% REMOTE POSITION**

 

** WE ARE OPEN TO BOTH INTERMEDIATE AND SENIOR LEVEL APPLICANTS**

 

 

JOB SUMMARY:

 

The Cyber Requirements Planner (Information System Security Officer) is responsible for ensuring operational excellence of cyber security requirements planning activities, including but not limited to:

 

Working with customers to evaluate functional requirements and translating the functional requirements into technical solutions

 

Managing the cyber security planning process to ensure that developed solutions meet business needs and cyber security requirements

 

Applying and incorporating information technologies into proposed solutions

 

Applying cyber security and privacy principles to organizational requirements (relevant to confidentiality, integrity, authentication, and non-repudiation)

 

Creating trending, metrics, and management reports

 

Effectively collaborates and communicates with stake holders and Business units and others to identify, analyze and communicate risk and provide support around DLP management within their business requirements 

 

Understands compliance requirements that may impact security and effectively collaborate with business areas and project teams to develop security solutions that address these requirements

 

Analyzes and responds to data loss incidents/alerts via enterprise console and other sources

 

 

MINIMUM QUALIFICATIONS:

 

Senior Level Requirements:

 

Bachelor’s degree in computer science, cybersecurity, information technology (IT) or in a related field and 8 years of experience OR 12 total years of experience and education.

 

Intermediate Level Requirements:

 

Bachelor’s degree in computer science, cybersecurity, information technology (IT) or in a related field and 4 years of experience OR 8 total years of experience and education.

 

 

PREFERRED QUALIFICATIONS

 

Demonstrated experience in cyber security, privacy, and/or an information protection-related function 

 

Strong knowledge of cyber security principles, standards, practices, and technologies

 

Proven experience with assessment of information and information systems based on NIST 800-53 standards and working with asset custodians on remediation plans or exception processes 

 

Extensive technical knowledge of national security practices, procedures, standards, business continuity, disaster recover, auditing, risk management, vulnerability assessments, and regulatory compliance

 

Strong knowledge of computer networking concepts and protocols, and network security methodologies

 

Prior experience with Data Loss Prevention (DLP) (Symantec preferred) technology as well as remediation of findings

 

Knowledge of creating policies, rules, and tuning of DLP tools is a plus

 

Prior experience working with Merger and Acquisitions to ensure secure integration and handling security assessments, analysis and reporting for executive leadership

 

Strong knowledge of working with industry and regulatory requirements (i.e., HIPAA, PCI, etc.)

 

Strong knowledge of controls related to the use, processing, storage, and transmission of data

 

Excellent analytical and problem-solving skills

 

Excellent oral and written communication skills

 

Proven strong background in cyber security and operational processes

 

Demonstrated strong organizational skills with attention to detail

 

Proven ability to achieve results in a fast moving, dynamic environment

 

Ability to develop strong working relationships

 

Ability to multi-task and meet deadlines

 

Excellent communication, problem-solving, and decision-making skills

 

 

CERTIFICATIONS:

 

Certified Information Systems Security Professional (CISSP) or equivalent

 

 

This job description is a general outline of duties performed and is not to be misconstrued as encompassing all duties performed within the position.  All individuals (including current employees) selected for a position will undergo a background check appropriate for the position's responsibilities.

 

Penn State Health is fundamentally committed to the diversity of our faculty and staff. We believe diversity is unapologetically expressing itself through every person's perspectives and lived experiences. We are an equal opportunity and affirmative action employer. All qualified applicants will receive consideration for employment without regard to age, color, disability, gender identity or expression, marital status, national or ethnic origin, political affiliation, race, religion, sex (including pregnancy), sexual orientation, veteran status, and family medical or genetic information. If you are unable to use our online application process due to an impairment or disability, please call 717-531-8440 between the hours of 8:30 AM and 4:30 PM, Eastern Standard Time, Monday – Friday, email hrsolutions@pennstatehealth.psu.edu or download our Accommodation Instructions for Job Applicants PDF for more detailed steps for assistance.