Company :

Highmark Health

Job Description : 

JOB SUMMARY

The Associate Cyber User Behavior Engineer plays a critical role in strengthening Highmark's overall security posture by fostering a strong security-first culture among all employees. This individual will be responsible for developing, implementing, and managing comprehensive security awareness programs designed to educate, train, and motivate employees to recognize and report security threats and adhere to Highmark's security policies and best practices.

Role Focus:

• Program Design & Strategy: Design, develop, and maintain a robust and engaging security awareness program aligned with Highmark's security objectives, policies, and regulatory requirements (e.g., HIPAA, PCI DSS). Execute Highmark’s multi-year security awareness roadmap, identifying key themes, training methodologies, and communication channels.
• Content Development & Delivery: Manage the full lifecycle of security awareness campaigns, from content creation to delivery and measurement. Develop and deliver engaging and effective training materials, including presentations, e-learning modules, newsletters, articles, posters, videos, and intranet content. Tailor content for diverse employee audiences (e.g., executives, IT staff, clinical staff, general employees) and their specific security risks.
• Collaboration & Communication: Collaborate with subject matter experts (SMEs) within Information Security and other departments to ensure content accuracy and relevance. Plan and execute internal communication strategies to promote security awareness initiatives and reinforce key security messages. Organize and facilitate security awareness events, workshops, and contests to increase engagement and knowledge retention.
• Performance & Improvement: Provide targeted feedback and remedial training to employees involved in cybersecurity incidents like phishing attempts. Develop and track key performance indicators (KPIs) to measure program effectiveness, preparing regular reports and presentations for management on progress, effectiveness, and recommendations for improvement.
• Strategic Integration & Innovation: Collaborate with HR, Legal, and Communications departments to integrate security awareness into broader employee development and communication strategies. Stay current with industry best practices, emerging threats, and security awareness trends to continuously enhance the program. Evaluate and recommend new tools, technologies, and methodologies for improving security awareness.

ESSENTIAL RESPONSIBILITIES

• Establish close relationships with business stakeholders outside of the security discipline, working closely with privacy, physical security, fraud, legal, human resources and senior leadership.
• Perform predictive analysis of behavior, anomalies, and concerns to identify potential insider threat risks.
• Develop and implement a proactive program to improve insider threat monitoring.
• Provide insider threat support to security operations and incident response teams in advance of and during cyber-security incidents.
• Ensure the education and awareness program is aligned with the Information Security Program, Policies and Standards.
• Execute campaigns designed to improve enterprise security posture.
• Utilize change management methodologies to mitigate identified security risks.
• Measure program effectiveness and report accordingly on progress.
• Ensure clear lines of communication including but not limited to; transparency to the business on upcoming security initiatives, identifying impact to the business and to consumers, helping shape remediation, and developing external and internal communications.
• Other duties as assigned or requested.

EDUCATION

Required

• Bachelor's Degree in Business Education, Marketing, Information Systems or experience and/or education as determined by the company in lieu of bachelor’s degree.

Preferred

• Bachelors in Information Security

EXPERIENCE

Required

• None

Preferred

• 1-3 years in a Security Awareness or Cybersecurity role

LICENSES or CERTIFICATIONS

Required

• None

Preferred

• SANS Security Awareness Professional (SSAP)

• Proofpoint Certified Security Awareness Specialist

• Any Cybersecurity certification

SKILLS

• Change Management
• Presentation Delivery
• Prioritizing
• Analytical and Logical Reasoning/Thinking
• Communication Skills
• Cyber Security
• User Behavior 

Languages (Other than English)

None

Travel Required

0% - 25%

PHYSICAL, MENTAL AND WORKING CONDITIONS

Position Type

Office Based

Teaches / trains others regularly

Frequently

Travel regularly from the office to various work sites or from site-to-site

Rarely

Works primarily out-of-the office selling products/services (sales employees)

Never

Physical work site required 

Yes

Lifting: up to 10 pounds

Occasionally

Lifting: 10 to 25 pounds

Rarely

Lifting: 25 to 50 pounds

Rarely

Disclaimer: The job description has been designed to indicate the general nature and essential duties and responsibilities of work performed by employees within this job title. It may not contain a comprehensive inventory of all duties, responsibilities, and qualifications required of employees to do this job.

Compliance Requirement: This position adheres to the ethical and legal standards and behavioral expectations as set forth in the code of business conduct and company policies.

As a component of job responsibilities, employees may have access to covered information, cardholder data, or other confidential customer information that must be protected at all times.  In connection with this, all employees must comply with both the Health Insurance Portability Accountability Act of 1996 (HIPAA) as described in the Notice of Privacy Practices and Privacy Policies and Procedures as well as all data security guidelines established within the Company’s Handbook of Privacy Policies and Practices and Information Security Policy. 

Furthermore, it is every employee’s responsibility to comply with the company’s Code of Business Conduct. This includes but is not limited to adherence to applicable federal and state laws, rules, and regulations as well as company policies and training requirements.

Highmark Health and its affiliates prohibit discrimination against qualified individuals based on their status as protected veterans or individuals with disabilities and prohibit discrimination against all individuals based on any category protected by applicable federal, state, or local law.

We endeavor to make this site accessible to any and all users. If you would like to contact us regarding the accessibility of our website or need assistance completing the application process, please contact the email below.

For accommodation requests, please contact HR Services Online at [email protected]

California Consumer Privacy Act Employees, Contractors, and Applicants Notice