Information Security Analyst II - Oklahoma City, United States - Globe Life

    Globe Life
    Globe Life Oklahoma City, United States

    1 month ago

    Default job background
    Description
    Information Security Analyst II
    Primary Duties & Responsibilities

    JOB SUMMARY
    Experience what being part of the Globe Life family feels like.

    Be inspired by your leaders, encouraged, and cheered on by your teammates to excel and be supported in your career while working with us.

    We offer a competitive salary with a great benefits package, including 401(K) match, medical, dental, and vision health plans, short – term and long–term disability, paid time off, tuition reimbursement and other career development opportunities.

    The Information Security Analyst is responsible for establishing and executing a portion of the Globe Life Information Security Program to provide information security services that support the reduction of business security risk.

    This position performs attack surface assessments of systems and networks within the network environment or enclave and identifies where those systems/networks deviate from acceptable configurations, enclave policy, or local policy.

    Measures effectiveness of defense–in–depth architecture against known threats.

    This position will evaluate activities and metrics of security programs and identify areas for improvement in execution, coverage, and reporting.

    This also supports the creation, review, and support of enterprise security policies, standards, and supporting documentation.
    PRIMARY DUTIES & RESPONSIBILITIES
    Establish, implement, and maintain Information Security programs, requirements, and standards based on the analysis of user, policy, regulatory, and resource demands
    Analyze organization's cyber defense policies and configurations and evaluate compliance with regulations and organizational directives
    Oversee and/or support authorized penetration testing on enterprise network assets
    Assess the network environment against known threats and attack techniques
    Maintain knowledge of applicable cyber defense policies, regulations, and compliance documents specifically related to cyber defense auditing
    Prepare vulnerability reports that identify technical and procedural findings, and provide recommended remediation strategies/solutions

    Perform technical (evaluation of technology) and nontechnical (evaluation of people and operations) risk and vulnerability assessments of relevant technology focus areas (e.g.

    , local computing environment, network and infrastructure, enclave boundary, supporting infrastructure, and applications)
    Participate in the analysis of business workflows to identify vulnerabilities and areas of non–compliance with company and regulatory standards
    Assist in the creation and reporting of Information Security program metrics that effectively measures program maturity
    Gather metrics and identify trends in security practices that could increase risk to the company's information assets
    Explain security principles and strategic objectives to peers within other departments
    Assist in managing incident response procedures as needed

    Serve as an escalation point for responding to questions sent to the Information Security team regarding policy, regulations, data classification, security recommendations, education, etc.

    Routinely review documentation related to regulations, standards, and trends in industry or information security for changes impacting the overall Information Security Management System or Information Security programs
    Other duties and responsibilities, as assigned

    Required Skills

    KNOWLEDGE, SKILLS, & ABILITIES
    Possess knowledge of the following program areas: Identity and Access Management, Physical Security, Third Party Risk Management, Enterprise Risk Management, Security Awareness Training, Cryptography, Threat and Vulnerability Management, Incident Response, Business Continuity Planning / Disaster Recovery, Data Classification, Insider Threat, Data Loss Prevention, and Data Protection
    Familiarity with GLBA, HIPAA and PCI
    Understanding of the purpose and applicability of ISO, NIST, FIPS, COBIT, and COSO
    Able to approach security in an objective fashion
    Able to facilitate and keep meetings objective and on point, utilizing conflict resolution skills when necessary
    Able to discuss information security in terms of business support when speaking with peers and executives
    Delivers well–organized, impactful presentations
    Knowledge in the following areas enterprise security:

    Different classes of attacks (e.g., passive, active, insider, close–in, distribution attacks)
    Cyber attackers (e.g., script kiddies, insider threat, non–nation state sponsored, and nation sponsored)
    System administration, network, and operating system hardening techniques
    Cyber–attack stages (e.g., reconnaissance, scanning, enumeration, gaining access, escalation of privileges, maintaining access, network exploitation, covering tracks)
    Network security architecture concepts including topology, protocols, components, and principles (e.g., application of defense–in–depth)
    Ethical hacking principles and techniques
    Data backup and restoration concepts
    System administration concepts for operating systems such as but not limited to Unix/Linux, IOS, Android, and Windows operating systems
    Infrastructure supporting information technology (IT) for safety, performance, and reliability
    An organization's information classification program and procedures for information compromise
    Packet–level analysis using appropriate tools (e.g., Wireshark, tcpdump)
    Cryptology
    Network protocols such as TCP/IP, Dynamic Host Configuration, Domain Name System (DNS), and directory services.
    Penetration testing principles, tools, and techniques.
    An organization's threat environment.
    Application Security Risks (e.g. Open Web Application Security Project Top 10 list)

    Able to analyze data and identify the root cause of an issue as well as providing recommendations for improvements in administrative and technical controls to address the issues identified in the root cause analysts
    Good interpersonal skills that include the ability to effectively communicate both in written and verbal forms
    Must stay up to date on the latest security trends, vulnerabilities, privacy legislation, and news items and communicate new finding with other team members
    Applicable to all employees of Globe Life & Accident and its subsidiaries:
    Reliable and predictable attendance of your assigned shift
    Ability to work full time and/or part time based on the position specifications.

    Required Knowledge & Experience

    EDUCATION & WORK EXPERIENCE REQUIRED
    At least 5–7 years of experience in information security, IT security, intelligence or a related field is preferred.
    Bachelor's or Master's degree in Information Technology, Information Systems, Information Assurance or equivalent experience is preferred
    CISSP, SSCP from (ISC)2 or GIAC Enterprise Vulnerability Assessor is preferred
    Experience in, or functional knowledge of, multiple Information Security disciplines in support of the insurance, healthcare or finance industries. Information Security disciplines are programs or controls that support the protection of the confidentiality, integrity, and availability of information
    Experience in Information Security risk management and mitigation is preferred
    Experience in implementing the NIST Risk Management Framework is desired

    #J-18808-Ljbffr