Information Security Manager- Governance, Risk, & Compliance
Sinclair Inc. · Hunt Valley, MD · 4 days ago
$99k–$133k/yrFull-time
Responsibilities
- Lead day-to-day operations including the Third-Party Risk Management program, while maintaining SLAs aligned with business requirements.
- Communicate and prioritize the security team’s assignments while communicating and developing milestones according to leadership direction.
- Provide mentorship and knowledge transfer to other security team members on technical solutions and risk assessments.
- Lead, execute, and drive processes as they apply to projects and assignments.
- Ability to think strategically, plan methodically, and execute tactically.
- Act as an advocate for Information Security projects while identifying creative solutions to ensure progress is made.
- Drive remediation activities by developing communication channels with key stakeholders.
- Develop tactical roadmaps that align with departmental goals and objectives.
- Produce frequent metrics and KPI’s that measure program status.
- Operations, Collaboration & Partnerships
- Possess strong organizational skills with a history of successfully managing multiple team projects and operational tasks.
- Display excellent communication skills with the ability to professionally and effectively.
- Evaluate and recommend new products, maintain knowledge of emerging technologies, cloud security standards, and industry trends.
- Maintain the annual schedule for reviewing and updating security policies and standards.
- Create and communicate team operational processes to maintain productivity and increase performance.
- Experience collaborating with senior leadership and other levels of management.
- Identify and qualify risk in on-premises or hybrid/multi-cloud deployments.
- High-level of verbal skills with past success leading team and project meetings.
- Work with outside vendors and consultants to identify tools to meet or exceed requirements.
- Conduct Third-Party Risk Assessments and architectural reviews to support the integration of new enterprise technology solutions.
- Enforce compliance with company policies and standards.
- Perform litigation and data discovery actions while partnering with internal counsel.
- Performance Improvement
- Develop new automated solutions to increase efficiency of manual processes.
- Test and integrate new Artificial Intelligence solutions to solve common problems and eliminate wasteful processes.
- Help the security team to maintain a level of excellence.
- Develop and evaluate high quality performance metrics to establish process success.
- Produce high quality results that set the example amongst team members.
- Track and report on operations while constantly looking for ways to make things work better, faster, and smoother.
- Deliver team assignments on time based on leadership direction and priority.
- Take ownership of personal and professional development and training needed to excel in your role.
- Remain resilient and flexible to program adjustments with a positive outlook to changing priorities.
Qualifications
- Bachelor’s degree in IT or security related discipline preferred, or 7 years of experience in lieu of a degree.
- Active security certifications including CISSP, CISM, CGEIT, or other risk-based credentials.
- 5+ years of Information Security experience preferably in the private sector (broadcast experience a plus).
- At least 1 year of experience in a manager or program manager role.
- 3+ years of experience executing tasks for Third-Party Risk Management, Data Privacy, policy development, and security awareness training.
- Hands-on experience with MO365 Purview including eDiscovery and litigation actions.
- Experience developing detailed quality trending metrics from scratch.
- Experience managing Enterprise security GRC and Third-Party risk tools.
- Previous engineering experience (Security Operations or Engineering).
- Experience with multi-cloud platforms (Azure, O365, AWS, GCP, etc.).
- High level knowledge associated with risk management, data governance and privacy, and compliance activities in a distributed environment.
- Knowledge of current data privacy laws (CCPA, CPRA, GDPR).