Job Listings

Information Security Analyst II

3700 S. Stonebridge Dr., McKinney, Texas
Job number: 15628

Job Description:

Information Security Analyst II

Primary Duties & Responsibilities


Experience what being part of the Globe Life family feels like. Be inspired by your leaders, encouraged, and cheered on by your teammates to excel and be supported in your career while working with us. We offer a competitive salary with a great benefits package, including 401(K) match, medical, dental, and vision health plans, short – term and long-term disability, paid time off, tuition reimbursement and other career development opportunities.

The Information Security Analyst is responsible for establishing and executing a portion of the Globe Life Information Security Program to provide information security services that support the reduction of business security risk. This position performs attack surface assessments of systems and networks within the network environment or enclave and identifies where those systems/networks deviate from acceptable configurations, enclave policy, or local policy. Measures effectiveness of defense-in-depth architecture against known threats.  This position will evaluate activities and metrics of security programs and identify areas for improvement in execution, coverage, and reporting. This also supports the creation, review, and support of enterprise security policies, standards, and supporting documentation.



  • Establish, implement, and maintain Information Security programs, requirements, and standards based on the analysis of user, policy, regulatory, and resource demands
  • Analyze organization's cyber defense policies and configurations and evaluate compliance with regulations and organizational directives
  • Oversee and/or support authorized penetration testing on enterprise network assets
  • Assess the network environment against known threats and attack techniques
  • Maintain knowledge of applicable cyber defense policies, regulations, and compliance documents specifically related to cyber defense auditing
  • Prepare vulnerability reports that identify technical and procedural findings, and provide recommended remediation strategies/solutions
  • Perform technical (evaluation of technology) and nontechnical (evaluation of people and operations) risk and vulnerability assessments of relevant technology focus areas (e.g., local computing environment, network and infrastructure, enclave boundary, supporting infrastructure, and applications)
  • Participate in the analysis of business workflows to identify vulnerabilities and areas of non-compliance with company and regulatory standards
  • Assist in the creation and reporting of Information Security program metrics that effectively measures program maturity
  • Gather metrics and identify trends in security practices that could increase risk to the company’s information assets
  • Explain security principles and strategic objectives to peers within other departments
  • Assist in managing incident response procedures as needed
  • Serve as an escalation point for responding to questions sent to the Information Security team regarding policy, regulations, data classification, security recommendations, education, etc.
  • Routinely review documentation related to regulations, standards, and trends in industry or information security for changes impacting the overall Information Security Management System or Information Security programs
  • Other duties and responsibilities, as assigned



Required Skills


  • Possess knowledge of the following program areas: Identity and Access Management, Physical Security, Third Party Risk Management, Enterprise Risk Management, Security Awareness Training, Cryptography, Threat and Vulnerability Management, Incident Response, Business Continuity Planning / Disaster Recovery, Data Classification, Insider Threat, Data Loss Prevention, and Data Protection
  • Familiarity with GLBA, HIPAA and PCI
  • Understanding of the purpose and applicability of ISO, NIST, FIPS, COBIT, and COSO
  • Able to approach security in an objective fashion
  • Able to facilitate and keep meetings objective and on point, utilizing conflict resolution skills when necessary
  • Able to discuss information security in terms of business support when speaking with peers and executives
  • Delivers well-organized, impactful presentations
  • Knowledge in the following areas enterprise security:
    • Different classes of attacks (e.g., passive, active, insider, close-in, distribution attacks)
    • Cyber attackers (e.g., script kiddies, insider threat, non-nation state sponsored, and nation sponsored)
    • System administration, network, and operating system hardening techniques
    • Cyber-attack stages (e.g., reconnaissance, scanning, enumeration, gaining access, escalation of privileges, maintaining access, network exploitation, covering tracks)
    • Network security architecture concepts including topology, protocols, components, and principles (e.g., application of defense-in-depth)
    • Ethical hacking principles and techniques
    • Data backup and restoration concepts
    • System administration concepts for operating systems such as but not limited to Unix/Linux, IOS, Android, and Windows operating systems
    • Infrastructure supporting information technology (IT) for safety, performance, and reliability
    • An organization's information classification program and procedures for information compromise
    • Packet-level analysis using appropriate tools (e.g., Wireshark, tcpdump)
    • Cryptology
    • Network protocols such as TCP/IP, Dynamic Host Configuration, Domain Name System (DNS), and directory services.
    • Penetration testing principles, tools, and techniques.
    • An organization’s threat environment.
    • Application Security Risks (e.g. Open Web Application Security Project Top 10 list)
  • Able to analyze data and identify the root cause of an issue as well as providing recommendations for improvements in administrative and technical controls to address the issues identified in the root cause analysts
  • Good interpersonal skills that include the ability to effectively communicate both in written and verbal forms
  • Must stay up to date on the latest security trends, vulnerabilities, privacy legislation, and news items and communicate new finding with other team members

Applicable to all employees of Globe Life & Accident and its subsidiaries:

  • Reliable and predictable attendance of your assigned shift
  • Ability to work full time and/or part time based on the position specifications.

Required Knowledge & Experience


  • At least 5-7 years of experience in information security, IT security, intelligence or a related field is preferred.
  • Bachelor’s or Master’s degree in Information Technology, Information Systems, Information Assurance or equivalent experience is preferred
  • CISSP, SSCP from (ISC)2 or GIAC Enterprise Vulnerability Assessor is preferred
  • Experience in, or functional knowledge of, multiple Information Security disciplines in support of the insurance, healthcare or finance industries. Information Security disciplines are programs or controls that support the protection of the confidentiality, integrity, and availability of information
  • Experience in Information Security risk management and mitigation is preferred
  • Experience in implementing the NIST Risk Management Framework is desired



Location: 3700 S. Stonebridge Dr., McKinney, Texas

Savings and Investment Plan (401K) - Eligible employees may begin participating in the plan on the first day of employment.

Pension Plan - Eligible employees who complete one year of service with the Company become participants in the Pension.* (Not available to Cleveland Employees)

Medical - Benefits are available to all eligible employees and qualified dependents the first of the month following 30 days of continuous service.

Dental** and Vision - Eligible employees and qualified dependents are able to enroll the first of the month following 30 days of continuous service.

Flexible Spending Accounts (FSA) - Our FSA has two components, Health Care and Dependent Care Accounts. These accounts allow employees to set aside a portion of their earnings on a pre-tax basis to cover out-of-pocket medical and dependent care expenses. Participation is elected on a calendar year basis and is available to all eligible employees the first of the month following the completion of 30 days of continuous service.

Health Savings Accounts (HSA) - A pre-tax Health Spending Account (HSA) is offered to those who enroll in the High Deductible Plan. It allows you to pay for health care expenses. Participation is elected on a calendar year basis and is available to all eligible employees the first of the month following the completion of 30 days of continuous service. Company contributes to HSA.

Short-Term Disability - Eligible employees may be entitled to salary continuance during periods of temporary disability. Benefits are based on employee status and years of service.*

Group Life and Long-Term Disability** - Eligible employees may elect life insurance and long-term disability coverage the first of the month following 30 days of continuous service.

Vacation and Paid Holidays - Employees are eligible for vacation upon the completion of six months of employment. In addition, the Company offers eight paid holidays.

Education Assistance - The Company supports employees who wish to continue their education to secure increased responsibility and growth within their professional careers. We offer a reimbursement program for expenses incurred through approved institutions of learning. In addition, Fellow, Life Management Institute (FLMI) and International Claim Association (ICA) program courses are offered after the completion of six months of services at no cost to the employee.

Fitness Reimbursement - Eligible employees are able to receive up to 100% reimbursement for monthly dues (employee only).

Supplemental Plans** - Cancer, Heart/Stroke, Accident.

*Please note, some benefits may vary by subsidiary. Please be sure to clarify with the Human Resources Department.
**Company paid benefit

Do I have to apply for every job that I am interested in? - Yes. Though our Talent Acquisition Team searches our database for qualified candidates, the only way to ensure that we know what position is of interest to you is if you apply for it directly.

Now that I've applied, what happens? - You will receive an immediate response from our system. Someone from our Talent Acquisition Team will review your qualifications and skills. If you're a good fit, we'll contact you to conduct an initial interview by phone, followed by assessment testing and an in person interview(s).

How do I get the contact information of the hiring manager for the job I am interested in? - It is our policy not to give contact information to external applicants. If, after you apply, it is determined that your skills and qualifications match our hiring needs, you will be contacted directly for an interview by someone on our Talent Acquisition Team.

I've been interviewed, what's next? - If selected, we'll extend a conditional offer. Then, pending a successful background check and drug screen, we'll confirm a start date.

The Whole Globe

Globe Not only is it in our name, it’s in our hearts. Our Company thrives off of diversity and has created a culture focused on inclusivity. These two components are the pillars of our foundation and the guiding principles that build our employees and leaders.

No Ceiling

SmileThe insurance industry may be traditional, but Globe Life has been, is, and always will be dedicated to building an inclusive, sustainable, and inspiring environment that does not have a ceiling on growth.