Information Security Manager- Governance, Risk, & Compliance

Sinclair Broadcast Group•Hunt Valley, MD

3h•$99,000 - $132,500•Hybrid

About The Position

We are looking for a detail-oriented individual to lead and drive quality-related security work for Sinclair’s enterprise Information Security program. The ideal candidate will fill the role of Information Security Manager – Governance, Risk, & Compliance with a focus on managing team operational tasks related to Third-Party Risk Assessments, automation, policy development, corporate risk registry maintenance, phishing and social engineering campaigns, and organizational security awareness training. You will track, report, and manage the day-to-day operational tasks for the Security GRC group, assist team members with prioritizing their assignments, and perform hands-on engineering tasks as a part of core responsibilities. This leadership role reports to the Senior Director of Information Security and is responsible for small team of direct reports. The candidate must be a self-starter, have excellent organizational skills, possess strong and polished communication skills, and can articulately champion security topics to internal and external customers. Must be able to thrive in a highly visible and fast-paced role, with the ability to manage multiple projects and a variety of operational tasks. This is a hybrid position which will require the candidate to work on-site in Hunt Valley Maryland up to three times per week.

Requirements

Bachelor’s degree in IT or security related discipline preferred, or 7 years of experience in lieu of a degree.
Active security certifications including CISSP, CISM, CGEIT, or other risk-based credentials.
5+ years of Information Security experience preferably in the private sector (broadcast experience a plus)
At least 1 year of experience in a manager or program manager role.
3+ years of experience executing tasks for Third-Party Risk Management, Data Privacy, policy development, and security awareness training.
Hands-on experience with MO365 Purview including eDiscovery and litigation actions.
Experience developing detailed quality trending metrics from scratch.
Experience managing Enterprise security GRC and Third-Party risk tools.
Previous engineering experience (Security Operations or Engineering).
Experience with multi-cloud platforms (Azure, O365, AWS, GPC, etc.).
High level knowledge associated with risk management, data governance and privacy, and compliance activities in a distributed environment.
Hands-on experience with security standards and compliance frameworks (SOC-2, NIST 800-53 series, FAIR, etc.).
Knowledge of current data privacy laws (CCPA, CPRA, GDPR).

Nice To Haves

broadcast experience a plus

Responsibilities

Lead day-to-day operations including the Third-Party Risk Management program, while maintaining SLAs aligned with business requirements.
Communicate and prioritize the security team’s assignments while communicating and developing milestones according to leadership direction.
Provide mentorship and knowledge transfer to other security team members on technical solutions and risk assessments.
Lead, execute, and drive processes as they apply to projects and assignments.
Ability to think strategically, plan methodically, and execute tactically.
Act as an advocate for Information Security projects while identifying creative solutions to ensure progress is made.
Drive remediation activities by developing communication channels with key stakeholders.
Develop tactical roadmaps that align with departmental goals and objectives.
Produce frequent metrics and KPI’s that measure program status.
Possess strong organizational skills with a history of successfully managing multiple team projects and operational tasks.
Display excellent communication skills with the ability to professionally and effectively.
Evaluate and recommend new products, maintain knowledge of emerging technologies, cloud security standards, and industry trends.
Maintain the annual schedule for reviewing and updating security policies and standards.
Co-develop and update new and existing security policies and standards.
Create and communicate team operational processes to maintain productivity and increase performance.
Experience collaborating with senior leadership and other levels of management.
Identify and qualify risk in on-premises or hybrid/multi-cloud deployments.
High-level of verbal skills with past success leading team and project meetings.
Work with outside vendors and consultants to identify tools to meet or exceed requirements.
Conduct Third-Party Risk Assessments and architectural reviews to support the integration of new enterprise technology solutions.
Enforce compliance with company policies and standards.
Perform litigation and data discovery actions while partnering with internal counsel.
Develop new automated solutions to increase efficiency of manual processes.
Test and integrate new Artificial Intelligence solutions to solve common problems and eliminate wasteful processes.
Help the security team to maintain a level of excellence.
Develop and evaluate high quality performance metrics to establish process success.
Produce high quality results that set the example amongst team members.
Track and report on operations while constantly looking for ways to make things work better, faster, and smoother.
Deliver team assignments on time based on leadership direction and priority.
Take ownership of personal and professional development and training needed to excel in your role.
Remain resilient and flexible to program adjustments with a positive outlook to changing priorities.