Cyber User Behavior Engineer

Company :

Highmark Health

Job Description :

JOB SUMMARY

CANDIDATE MUST BE US Citizen (due to contractual/access requirements)

For candidates residing within a 50-mile radius of a Highmark office, a hybrid work schedule of three days per week (Tuesday, Wednesday, and Thursday) in the office is required.

The Cyber User Behavior Engineer is a pivotal role at Highmark, dedicated to enhancing our organization's security by cultivating a robust "security-first" culture. This individual will lead the design, implementation, and ongoing management of comprehensive security awareness programs. Their primary responsibility will be to educate, train, and inspire all Highmark employees to effectively identify and report security threats, ensuring adherence to Highmark's security policies and industry best practices. This role is crucial in minimizing human-centric security risks and fostering a vigilant and informed workforce.

ESSENTIAL RESPONSIBILITIES

• Develop, implement, and continuously improve a proactive program to identifying internal threats.

• Establish close relationships with business stakeholders outside of the security discipline, working closely with privacy, physical security, fraud, legal, human resources and senior leadership.

• Perform predictive analysis of behavior, anomalies, and concerns to identify internal threats.

• Execute campaigns designed to improve enterprise security posture.

• Continually enhance insider risk program to increase efficiencies and measure program effectiveness and report accordingly on progress.

• Utilize change management methodologies to mitigate identified security risks.

• Provide insider threat support to security operations and incident response teams in advance of and during cyber security incidents.

• Ensure clear lines of communication including but not limited to; transparency to the business on upcoming security initiatives, identifying impact to the business and to consumers, helping shape remediation, and developing external and internal communications.

• Ensure the education and awareness program is aligned with the Information Security Program, Policies and Standards.

• Other duties as assigned or requested.

EDUCATION

Required

• Bachelor's Degree in Business Education, Marketing or Information Systems

Substitutions

• Six (6) years relevant, progressive experience?

Preferred

• Bachelors in Information Security

EXPERIENCE

Required

• 3 years in IT or IT Security Focus

• 3 years of Insider Threat Program focus

To include:

• 3 years with Human Intelligence (HUMINT) OR as an Open-source Intelligence Analyst

Preferred

• 1-3 years in a Security Awareness or adjacent role

LICENSES or CERTIFICATIONS

Required

• None

Preferred

• Security + OR

• GSEC OR

• CISSP OR

• CERT Insider Threat

• SANS Security Awareness Professional (SSAP)Proofpoint Certified Security Awareness Specialist

SKILLS

• Change Management

• Presentation Delivery

• Prioritizing

• Analytical and Logical Reasoning/Thinking

• Communication Skills

• Cyber Security

• User Behavior

• Continuous Improvement

Language (Other than English):

None

Travel Requirement:

0% - 25%

PHYSICAL, MENTAL DEMANDS and WORKING CONDITIONS

Position Type

Office-based

Teaches / trains others regularly

Frequently

Travel regularly from the office to various work sites or from site-to-site

Rarely

Works primarily out-of-the office selling products/services (sales employees)

Never

Physical work site required

Yes

Lifting: up to 10 pounds

Occasionally

Lifting: 10 to 25 pounds

Rarely

Lifting: 25 to 50 pounds

Never

Disclaimer: The job description has been designed to indicate the general nature and essential duties and responsibilities of work performed by employees within this job title. It may not contain a comprehensive inventory of all duties, responsibilities, and qualifications required of employees to do this job.

Compliance Requirement : This job adheres to the ethical and legal standards and behavioral expectations as set forth in the code of business conduct and company policies.

As a component of job responsibilities, employees may have access to covered information, cardholder data, or other confidential customer information that must be protected at all times. In connection with this, all employees must comply with both the Health Insurance Portability Accountability Act of 1996 (HIPAA) as described in the Notice of Privacy Practices and Privacy Policies and Procedures as well as all data security guidelines established within the Company's Handbook of Privacy Policies and Practices and Information Security Policy.

Furthermore, it is every employee's responsibility to comply with the company's Code of Business Conduct. This includes but is not limited to adherence to applicable federal and state laws, rules, and regulations as well as company policies and training requirements.

Highmark Health and its affiliates prohibit discrimination against qualified individuals based on their status as protected veterans or individuals with disabilities and prohibit discrimination against all individuals based on any category protected by applicable federal, state, or local law.

We endeavor to make this site accessible to any and all users. If you would like to contact us regarding the accessibility of our website or need assistance completing the application process, please contact the email below.

For accommodation requests, please contact HR Services Online at HRServices@highmarkhealth.org

California Consumer Privacy Act Employees, Contractors, and Applicants Notice

Req ID: J272819