Role Description The Director of Security & Compliance will own the security and compliance program for a growing health tech company that handles protected health information across 15+ health system partners. This is the most consequential security leadership role you'll find at a company this size. Key Responsibilities: - Own the end-to-end security and compliance program: strategy, roadmap, execution - Drive HITRUST certification and establish the ongoing recertification program - Build and manage a security team - Own the company's security posture in all external contexts: board reporting, investor due diligence, partner audits, client security questionnaires - Manage IAM strategy and governance across company systems - Own the vendor security intake and assessment program - Publish and maintain security policies, procedures, and incident response plans - Drive the security scan and remediation coordination process with core engineering - Manage the relationship with our outsourced IT support vendor - Own MDM/device management strategy and compliance Qualifications - Bachelor's degree in Computer Science, Engineering, Data Science, Mathematics, or related technical field - 8+ years in information security, with 3+ years in a leadership role - Healthcare security experience required: HIPAA, HITRUST (i1 or r2), understanding of PHI handling requirements - Hands-on GRC experience — you've built compliance programs, not just advised on them - Enough technical depth to guide a security engineer on vulnerability management, infrastructure security, and secure architecture Requirements - Experience with IAM platforms (Okta, Azure AD/Entra), MDM solutions, and endpoint security - Board and executive communication experience — you can present security posture to non-technical investors - Prior experience in a growth-stage startup or fast-scaling company where the security program was being built, not maintained - CISSP, CISM, or HCISPP certification - Experience managing vendor security assessments at scale (dozens of vendors across a growing company) Benefits - Competitive salaries with equity packages - Robust medical/dental/vision insurance - Flexible working hours - Hybrid work options - Inclusive environment that fosters creativity and innovation Company Description Qualified Health is an equal opportunity employer. We believe that a diverse and inclusive workplace is essential to our success, and we are committed to building a team that reflects the world we live in. We encourage applications from all qualified individuals, regardless of race, color, religion, gender, sexual orientation, gender identity or expression, age, national origin, marital status, disability, or veteran status.

At Globe Life, we are committed to empowering our employees with the support and opportunities they need to succeed at every stage of their career. We take pride in fostering a caring and innovative culture that enables us to collectively grow and overcome challenges in a connected, collaborative, and mutually respectful environment that calls us to help Make Tomorrow Better. Role Overview: Could you be our next Information Security Analyst I? Globe Life is looking for an Information Security Analyst I to join the team! In this role, you will be responsible for supporting the organization’s information security and data protection objectives by monitoring, analyzing, and documenting security-related activity and risks. This role focuses on identifying potential data loss, misuse, or unauthorized disclosure of information, supporting broader security monitoring activities, and helping ensure business processes and technical controls align with information security policies and standards. The analyst identifies data handling risks, investigates potential policy violations, and supports the effectiveness of technical and administrative controls designed to protect organizational data assets and ensure regulatory compliance. This is a remote/work-from-home position. What You Will Do: - Review and analyze potential data loss alerts across multiple data movement and handling avenues, including email, cloud services, file sharing, endpoints, and business processes. - Identify risks related to unauthorized disclosure, misuse, or improper handling of sensitive information, regardless of detection source. - Perform initial triage of identified issues, including potential data loss, inappropriate data handling, or control gaps. - Apply information security policies, data classification standards, and handling requirements when evaluating alerts and activities. - Document analysis, decisions, and outcomes in accordance with established procedures. - Identify false positives, valid business use cases, and potential security risks. - Support implementation and maintenance of DLP policies, rules, and data classification and handling standards. - Escalate suspected or confirmed data loss events following defined workflows. - Support information security investigations by providing analysis, evidence, and reporting. - Identify common trends, security issues, and and recurring risk scenarios. - Work with business and technical stakeholders to address non-compliant or risky practices. - Recommend administrative, technical, or procedural controls to reduce identified security risks. - Assist with maintaining and improving data protection rules, policies, standards, procedures, playbooks, and detection logic across people, process, and technology. - Prepare metrics, summaries, and reports related to data protection activities and risk exposure. - Collaborate with cross-functional teams to enhance data protection strategies and response playbooks. - Assist with risk assessments and vulnerability identification to help improve security posture. - Participate in security reviews, audits, or assessments as assigned. What You Can Bring: - Bachelor’s degree in cybersecurity, information systems, risk management or a related field or equivalent experience (Preferred). - Entry-level certifications (Security+, Network+, or similar) (Preferred). - 0-2 years of experience in cybersecurity, GRC, privacy, compliance, or IT support roles (Preferred). - Experience in regulatory industries (e.g., insurance, healthcare, financial services) (Preferred). - Knowledge of information security fundamentals with emphasis on data confidentiality and protection. - Knowledge of Common cybersecurity threats, attack methods, and indicators of suspicious activity. - Knowledge of security monitoring and alerting concepts. - Knowledge of data loss and data exposure concepts, including intentional and unintentional disclosure. - Knowledge of data analysis fundamentals, including pattern recognition, trend analysis, and basic statistical concepts. - Knowledge of data classification and handling requirements for sensitive and regulatory information. - Knowledge of the fundamentals of data loss prevention technologies and use cases. - Knowledge of common data exposure and leakage scenarios across email, messaging, cloud services, file sharing, endpoints, and business processes. - Knowledge of basic cybersecurity risk concepts, including likelihood, impact, risk, mitigation, and control effectiveness. - Knowledge of policy and standards interpretation, especially related to acceptable use and data handling. - Knowledge of compliance and regulatory awareness related to data protection. - Knowledge of security control concepts across administrative, technical, and procedural domains. - Knowledge of basic incident response fundamentals and escalation criteria. - Knowledge of documentation, evidence retention, and audit defensibility principles. - Understanding of business processes and data flows across different departments. - Ability to triage and analyze alerts related to potential data loss or policy violations using a risk-based approach. - Ability to identify potential security incidents, policy violations, or data protection risks. - Ability to apply analytical thinking to distinguish normal business activity from policy violations. - Critical thinking skills to question assumptions and validate findings. - Ability to identify indicators of malicious vs. non-malicious activity during initial review. - Ability to apply information security policies and standards to real-world scenarios. - Ability to recognize data loss patterns and risk indicators across multiple avenues. - Ability to identify trends, recurring issues, and gaps in controls or processes contributing to data protection risk. - Ability to recommend practical risk mitigation actions. - Ability to document findings, decisions, rationales, and outcomes clearly and consistently. - Ability to communicate with business users to validate activity and correct non-compliant processes. - Ability to ask clarifying questions to validate business context and intent. - Ability to communicate findings effectively to technical and non-technical stakeholders. - Ability to exercise sound judgment within defined procedures and escalate appropriately. - Ability to escalate issues appropriately based on risk and defined thresholds. - Ability to manage workload effectively while following established governance processes. - Ability to work effectively as part of a security team while following defined procedures. Applicable To All Employees of Globe Life Family of Companies: - Reliable and predictable attendance of your assigned shift. - Ability to work full time and/or part time based on the position specifications. How Globe Life Will Support You: Looking to continue your career in an environment that values your contribution and invests in your growth? We've curated a benefits package that helps to ensure that you don’t just work, but thrive at Globe Life: - Competitive compensation designed to reflect your expertise and contribution. - Comprehensive health, dental, and vision insurance plans because your well-being is fundamental to your performance. - Robust life insurance benefits and retirement plans, including company-matched 401k and pension plan. - Paid holidays and time off to support a healthy work-life balance. - Parental leave to help our employees welcome their new additions. - Subsidized all-in-one subscriptions to support your fitness, mindfulness, nutrition, and sleep goals. - Company-paid counseling for assistance with mental health, stress management, and work-life balance. - Continued education reimbursement eligibility and company-paid FLMI and ICA courses to grow your career. - Discounted Texas Rangers tickets for a proud visit to Globe Life Field. Opportunity awaits! Invest in your professional legacy, realize your path, and see the direct impact you can make in a workplace that celebrates and harnesses your unique talents and perspectives to their fullest potential. At Globe Life, your voice matters.

Role Description The General Dynamics Mission Systems (GDMS) Security Operations Center (SOC) is seeking a Cybersecurity SOC Analyst with deep, hands-on expertise in Cloud Security across both Microsoft Azure and Amazon Web Services (AWS) environments. The ideal candidate will possess advanced proficiency in Splunk Search Processing Language (SPL), sophisticated threat detection methodologies, and proven incident response capabilities in complex, multi-cloud architectures. This is a critical, high-impact role responsible for monitoring, analyzing, and responding to security events across GDMS's enterprise and program environments, with a primary focus on cloud-native threats, misconfigurations, and advanced persistent threats (APTs). The successful candidate will bring a strong understanding of cloud security frameworks and cloud-native security tooling to proactively defend GDMS's mission-critical infrastructure. Representative Duties and Tasks: - Develop and optimize advanced Splunk SPL queries, dashboards, and correlation searches within Splunk Enterprise Security (ES), with a focus on cloud-native log sources from Azure, AWS CloudTrail, and cloud security services. - Maintain and continuously enhance Splunk detection content, including cloud-specific use cases for AWS and Azure environments. - Analyze logs from diverse sources including Windows Event Logs, Linux system logs, CrowdStrike telemetry, firewall logs, network traffic, and cloud-native sources such as AWS CloudTrail, AWS GuardDuty, Active Directory, and Flow Logs. - Investigate alerts to identify potential security incidents and anomalous behavior, with emphasis on cloud infrastructure, workloads, and identities. - Conduct proactive threat hunting to detect Advanced Persistent Threats (APTs), insider threats, and suspicious activity across enterprise and multi-cloud environments (AWS & Azure). - Incorporate threat hunting findings into detection content, cloud-specific response playbooks, and security runbooks. - Monitor and analyze DLP alerts for data exfiltration, data tagging, and compliance violations across both on-premises and cloud environments. - Collaborate with cross-functional teams to remediate and prevent data leakage incidents, including cloud storage misconfigurations (e.g., exposed S3 buckets, Azure Blob Storage). - Execute end-to-end IR processes including detection, analysis, containment, eradication, and recovery, with expertise in cloud-specific incident response procedures for AWS and Azure. - Document and track incidents using SOC workflows and ticketing systems, ensuring thorough post-incident analysis and lessons learned. - Monitor, assess, and continuously improve security controls across AWS and Azure environments, including network security groups, security hub findings, and compliance posture. - Identify, investigate, and remediate cloud-specific threats and misconfigurations leveraging native tools. Qualifications - Bachelor's degree in a related specialized area or equivalent is required plus a minimum of 2 years of relevant experience; or Master's degree plus a minimum of 0 years of relevant experience. - AWS and Azure security certifications. - CISSP. - Security+. - Splunk Certified Power User. - Splunk Enterprise Security Certified Admin. - CEH. - Experience working with or familiarity with AI/ML models. Requirements - Advanced Splunk SPL, dashboard, and ES proficiency with cloud-native detection content for AWS and Azure. - Experience analyzing logs from Windows, Linux, EDR, firewalls, and cloud sources (CloudTrail, Azure Monitor, VPC Flow Logs). - Proven threat hunting experience targeting APTs and insider threats across multi-cloud environments using MITRE ATT&CK. - Strong incident response background, including cloud-specific IR procedures for AWS and Azure. - Deep understanding of cloud security controls and native tooling including IAM, GuardDuty, Security Hub, and Microsoft Defender for Cloud. - Strong communication skills for presenting technical findings and security risks to diverse audiences. Benefits - Highly competitive benefits. - Flexible work environment where contributions are recognized and rewarded. Company Description General Dynamics Mission Systems (GDMS) engineers a diverse portfolio of high technology solutions, products and services that enable customers to successfully execute missions across all domains of operation. With a global team of 12,000+ top professionals, we partner with the best in industry to expand the bounds of innovation in the defense and scientific arenas. Given the nature of our work and who we are, we value trust, honesty, alignment and transparency.

Role Description As a Desktop Investigator, you will conduct medical canvasses, background investigations, and social media investigations. Your work will provide critical insights that guide our field investigators and help clients make informed decisions. Responsibilities - Conduct medical canvasses, background checks, and skip tracing assignments. - Perform social media research, public record searches, and open-source intelligence (OSINT) investigations. - Use third-party databases and online tools to build leads and support case development. - Analyze, cross-reference, and document findings in clear, actionable reports tailored to each assignment. - Identify additional investigative services that may benefit ongoing cases. - Monitor and track relevant social media activity, providing timely updates to clients. - Retrieve and review public records, including criminal, civil, business filings, professional licenses, and insurance claims. - Assist with quality assurance to ensure accuracy and consistency of investigative reports. - Experienced investigators may also mentor and help train new team members. - Perform other duties as assigned. Qualifications - Ability to work independently from a secure and private home-based location. - Experience in insurance-related investigations, particularly Workers’ Compensation fraud or personal injury claims. - Strong analytical and problem-solving skills with the ability to present findings clearly. - Excellent written and verbal communication skills. - Proficiency in social media platforms, open-source intelligence techniques, and internet research. - Experience with public record searches and familiarity with the California court system. - Skilled with Microsoft Office Suite. Preferred Skills - Bachelor’s degree in Criminal Justice, Criminology, Journalism (Investigative) or a related field. - Experience in phone canvassing for medical records. - Skip tracing or locating individuals through investigative methods. - Retrieving public records through various sources. Benefits - Medical - Dental - Vision - PTO - FSA - Simple IRA Plan - $18 - $24 an hour Equal Opportunity Employer All qualified applicants will receive consideration for employment without regard to their race, creed, color, disability, sex, sexual orientation, national origin, age, religion, Vietnam era Veteran’s status, political affiliation, or any other non-merit factor. After making a conditional offer of employment, the company will conduct a job-related background check. A comprehensive background check may consist of prior employment verification, motor vehicle records, professional reference checks, education confirmation and/or criminal record and credit checks. Third-party services will be hired to perform these checks. Employer will consider for employment qualified applicants with criminal histories in a manner consistent with the requirements of the ordinance. After an offer is made and accepted, the employer will comply with the Immigration and Nationality Act I-9 requirements to establish your identity and employment eligibility.