Security Engineer, Governance, Risk, and Compliance- Remote

Job Description

We are looking for a detail-oriented individual to drive quality and quality-related security work related to Sinclair's enterprise. You will be assigned to the security team with a focus on Governance, Risk, and Compliance, 3rd party risk management (TPRM), Security Awareness Training, and other security or risk related activities. The applicant should have prior experience conducting risk assessments including self-assessment processes based on an industry standard methodology. You will assess and qualify security risks as they pertain to cloud or hybrid security environments. You will also work with 3rd parties / external consultants and legal for future company transformation activities.

Responsibilities:

Process & execution
• Act as an advocate of information security policies, standards, and controls to enable the business while managing risks appropriately.
• Excellent communication skills, able to effectively and professionally collaborate with company stakeholders and business partners
• Ability to think strategically, plan methodically, and execute tactically
• Take ownership of personal and professional development and training needed to excel in your role.
• Conduct risk assessment activities across datacenter, end user, network, application, DMZ, cloud, and hybrid environments.
• Align industry security frameworks such as NIST, ISO, CSF, and Octave to ensure proper data security controls are implemented.
• Maintain Corporate Risk Register and evaluate the impact and probability of risk.
• Track and maintain awareness of security risks to ensure timely remediation efforts are completed.
• Develop and maintain security policies as required.
• Work with legal and procurement teams to evaluate 3rd party risks prior to closure of contracts.
• Gather requirements, plan, and assess the current configuration of enterprise assets and applications as it pertains to a GRC program.
• Producing metrics to measure the efficacy and effectiveness of the responsible areas of security program and reporting regularly.

Collaboration & Partnerships
• Evaluate and recommend new products, maintain knowledge of emerging technologies, cloud security standards and regulations for application to the enterprise
• Support initiatives for security solutions by specifying methodologies; implementation and calibration; preparing preventive, detective, and reactive security measures and support documentation
• Identifying, communicating, and mitigating security risks in on-premises or hybrid/multi-cloud deployments
• Demonstrate good judgment in solving problems as well as identify problems in advance and propose solutions.
• Ensure compliance with company policies and standards.
• Respond to information security tickets and other requirements in a timely manner.

Performance Improvement
• Help the security team to maintain a level of excellence.
• Develop and evaluate performance metrics to establish process success.
• Design, document and implement procedures and techniques that are consistent with best practices for analyzing and evaluating risk.
• Research emerging technologies and identify opportunities for adoption
• Track operations and constantly look for ways to make things work better, faster, and smoother.
• Collaborate on and adhere to security engineering standards, methodologies and sustainable processes.
• Strong communication and collaboration skills.
• Team player mentality – ''win together.''
• Ability to multi-task and remain flexible for adjustments in priorities.

Qualifications:
• Bachelor's degree in IT discipline or equivalent work experience.
• 5+ years working in Information Security, preferably for broadcast/media companies or entertainment industries.
• 3+ years of experience working with security frameworks and implementing cyber security controls across a heterogenous environment.
• Knowledge of risk management frameworks and applying risk methodologies.
• Understanding of conducting risk and/or self-assessment activities to identify key risk areas in the business.
• Experience associated with 3rd party risk assessments and understanding security in-depth principles to measure risk.
• Experience with DLP systems including MO365 controls and governance.
• Industry certification preferred in one of the following areas: (e.g., CISSP, CISM, CRISC, or CISA).
• Familiarity with security industry standards (ISO 17799, NIST 800 series, etc.) and best practices.
• Knowledge of security auditing procedures.
• Knowledge of current data privacy laws (CCPA, GDPR)

Sinclair Broadcast Group, Inc. is proud to be an Equal Opportunity Employer and Drug Free Workplace!

The Company is committed to fair and equitable compensation practices. The base compensation range for this role is $100,000 to $120,000 and this position is eligible for benefits that include participation in a retirement plan, life and disability insurance, health, dental and vision plans, flexible spending accounts, sick leave, vacation time, personal time, parental leave and employee stock purchase plan. Please note that the compensation information provided is a good faith estimate for Colorado-based hires only and is provided pursuant to the Colorado Equal Pay for Equal Work Act and Equal Pay Transparency Rules. Final compensation for this role will be determined by various factors such as a candidates' relevant work experience, skills, certifications, and geographic location.

Jobcode: Reference SBJ-re4p68-18-219-236-199-42 in your application.