We are looking for a detail-oriented individual to drive quality-related security work related to Sinclair’s enterprise security Governance, Risk, & Compliance (GRC) program. You will fill the role of Information Security Manager – Governance, Risk, & Compliance with a focus on managing team operational tasks related to 3rd party risk assessments, policy development, corporate risk register maintenance, data protection, phishing and social engineering campaigns, and organizational security awareness training. You will track, report, and manage the day-to-day operational tasks for the security GRC group, assist team members with prioritizing their assignments, and perform hands-on tasks as needed. This is an individual contributor role with the opportunity to obtain direct reports in 2025.
The candidate must be a self-starter, have excellent organizational skills, possess strong and polished communication skills, and can articulately champion security topics to internal and external customers. Must be able to thrive in a highly visible and fast-paced role. Must be willing to perform hands-on engineering tasks while managing day-to-day operations for the security GRC Team.
This is a hybrid position which will require the candidate to work on-site in Hunt Valley Maryland up to three times per week.
Responsibilities:
Leadership & execution
- Lead projects pertaining to data security, data governance, and other security services as required.
- Maintain engagement with the security team’s assignments while communicating and developing timelines according to leadership direction.
- Provide mentorship and knowledge transfer to other security team members.
- Lead, execute, and drive processes as they apply to projects and assignments.
- Excellent communication skills with the ability to professionally and effectively collaborate with senior leadership and other levels of Sinclair management.
- Ability to think strategically, plan methodically, and execute tactically.
- Lead security GRC projects to develop and mature security services as they apply to team and organizational goals.
- Act as an advocate for Information Security projects while identifying creative solutions to ensure progress is made.
- Drive remediation activities by developing communication channels with key stakeholders.
- Develop tactical roadmaps that align with departmental goals and objectives.
- Produce weekly and monthly metrics that measures programmatic growth.
Operations, Collaboration & Partnerships
- Evaluate and recommend new products, maintain knowledge of emerging technologies, cloud security standards, and industry trends.
- Maintain the schedule for reviewing and updating security policies and standards.
- Co-develop and update new and existing security policies and standards.
- Create and communicate team operational processes to maintain productivity and increase performance.
- Identify and qualify risk in on-premises or hybrid/multi-cloud deployments.
- Ability to verbally lead team and project meetings.
- Work with outside vendors and consultants to identify tools to meet or exceed requirements.
- Conduct 3rd party risk assessments to support the integration of new enterprise technology solutions.
- Enforce compliance with company policies and standards.
- Perform litigation and data discovery actions while partnering with internal counsel.
Performance Improvement
- Help the security team to maintain a level of excellence.
- Develop and evaluate high quality performance metrics to establish process success.
- Produce high quality results that set the example amongst team members.
- Track and report on operations while constantly looking for ways to make things work better, faster, and smoother.
- Deliver team assignments on time based on leadership direction and priority.
- Take ownership of personal and professional development and training needed to excel in your role.
- Remain flexible to program adjustments with a positive outlook to changing priorities.
Qualifications:
- 7+ years of Information Security experience preferably in the private sector (broadcast experience a plus)
- At least 1 year of experience in a manager or program manager role or 3 years’ experience as a team lead.
- 3+ years of experience with data privacy, 3rd party risk evaluation, policy creation, and security awareness training.
- Hands-on experience with MO365 Purview including eDiscovery and litigation actions.
- Experience developing detailed trending metrics to track team progress.
- Experience managing Enterprise security GRC and 3rd party vendor risk tools.
- Knowledge of security engineering principles.
- Experience with multi-cloud platforms (Azure, O365, AWS, GPC, etc.).
- High level knowledge associated with risk management, data governance and privacy, and compliance activities in a distributed environment.
- Hands-on experience with security standards and compliance frameworks (ISO 27001, SOC, NIST 800-53 series, etc.).
- Working knowledge of network and/or security technologies.
- Knowledge of current data privacy laws (CPRA, GDPR).
- Bachelor’s degree in IT or security related discipline preferred.
- Active security certification including CISSP, CISM, CGEIT, or other risk-based credentials.