Information Security Manager, Governance, Risk, and Compliance-Remote

Job Description

We are looking for a detail-oriented individual to drive quality-related security work related to Sinclair's enterprise security Governance, Risk, & Compliance (GRC) program. You will fill the role of Information Security Manager – Governance, Risk, & Compliance with a focus on managing tasks related to 3rd party risk assessments, policy development, corporate risk register maintenance, data protection, phishing and social engineering campaigns, and organizational security awareness training. You will manage and assess security risks as they pertain to the NextGen broadcast datacenter, cloud, or hybrid security environments. You will work with internal stakeholders and consultants to develop data governance solutions to protect the confidentiality and integrity of Sinclair sensitive data. This is an individual contributor role without any direct reports.

Responsibilities:

Leadership & execution
• Manage processes and solutions pertaining to data security, data governance, and other security services as required.
• Provide mentorship and knowledge transfer to other security team members.
• Lead, execute, and drive processes as they apply to projects and assignments.
• Excellent communication skills with the ability to professionally and effectively collaborate with company stakeholders and business partners.
• Ability to think strategically, plan methodically, and execute tactically.
• Take ownership of personal and professional development and training needed to excel in your role.
• Lead security GRC initiatives to develop and mature security services as they apply to team and organizational goals.
• Act as an advocate for Information Security projects while identifying creative solutions to ensure progress is made.
• Drive remediation activities by understanding the impact of findings and developing communication channels with key stakeholders.
Operations, Collaboration & Partnerships
• Evaluate and recommend new products, maintain knowledge of emerging technologies, cloud security standards, and compliance regulations.
• Lead initiatives for security solutions by specifying methodologies to implement preventive, detective, and reactive security measures and supporting documentation.
• Identifying and qualifying risk in on-premises or hybrid/multi-cloud deployments.
• Work with stakeholders to develop policy exceptions for tracking risk remediation.
• Producing weekly metrics to measure the efficacy and effectiveness of the responsible areas of the security program.
• Gather requirements, plan, and assess data mapping activities as it applies to enterprise assets, databases, cloud environments, and applications.
• Work with outside vendors and consultants to identify tools to meet or exceed requirements.
• Conduct 3rd party risk assessments to support the integration of new enterprise technology solutions.
• Demonstrate good judgment in identifying and solving problems and provide creative solutions that align with team and corporate goals.
• Ensure and enforce compliance with company policies and standards.
• Lead the effort for developing security policies and standards.
• Develop governance controls within M0365 or other Data Loss Prevention (DLP) tools to ensure sensitive information is being handled according to company policy and standards.

Performance Improvement
• Help the security team to maintain a level of excellence.
• Develop and evaluate performance metrics to establish process success.
• Design, document, and implement procedures and techniques that are consistent with best practices for analyzing and evaluating risk (software & business).
• Track operations and constantly look for ways to make things work better, faster, and smoother.
• Align security framework (NIST) to information systems to select, assess, and monitor security control effectiveness.

Qualifications:
• Bachelor's degree in IT or security discipline or equivalent work experience.
• 8+ years working for a large-scale security team, preferably for broadcast/media applications.
• 5+ years of experience with data privacy, 3rd party risk evaluation, policy creation, and control frameworks.
• Experience leading practices for security design, implementation, and support of public and private cloud services.
• Experience managing Enterprise GRC tools.
• Knowledge of security engineering principles.
• Strong understanding of multi-cloud platforms (Azure, O365, AWS, etc.) to be able to identify and prioritize potential security challenges.
• Hands-on experience with MO365 governance and security controls including Purview, DLP, eDiscovery, and data mapping.
• High level knowledge associated with risk management, data governance and privacy, and compliance activities in a distributed environment.
• Active security certification including CISSP, CISM, CAP, CGEIT, or other risk-based credentials.
• Deep knowledge of security industry standards (ISO 27001, NIST 800-53 series, or other standards) and best practices to implement and test control frameworks.
• Working knowledge of network and/or security technologies
• Knowledge of current data privacy laws (CCPA, GDPR).

Sinclair Broadcast Group, Inc. is proud to be an Equal Opportunity Employer and Drug Free Workplace!

The Company is committed to fair and equitable compensation practices. The base compensation range for this role is $115,000 to $136,750 and this position is eligible for benefits that include participation in a retirement plan, life and disability insurance, health, dental and vision plans, flexible spending accounts, sick leave, vacation time, personal time, parental leave and employee stock purchase plan. Please note that the compensation information provided is a good faith estimate for Colorado-based hires only and is provided pursuant to the Colorado Equal Pay for Equal Work Act and Equal Pay Transparency Rules. Final compensation for this role will be determined by various factors such as a candidates' relevant work experience, skills, certifications, and geographic location.

The Company is committed to fair and equitable compensation practices. The base compensation range for this role is $115,000 to $136,750 and this position is eligible for benefits that include participation in a retirement plan, life and disability insurance, health, dental and vision plans, flexible spending accounts, sick leave, vacation time, personal time, parental leave and employee stock purchase plan. Please note that the compensation information provided is a good faith estimate for Colorado-based hires only and is provided pursuant to the Colorado Equal Pay for Equal Work Act and Equal Pay Transparency Rules. Final compensation for this role will be determined by various factors such as a candidates' relevant work experience, skills, certifications, and geographic location.

Jobcode: Reference SBJ-rbj81e-3-133-159-224-42 in your application.