Apply on Employer Site

Sinclair Inc. · 4 hours ago

Information Security Engineer

Hunt Valley, MD

Full-time

Onsite

Entry, Mid Level

$74K/yr - $92K/yr

2+ years exp

Sinclair Inc. is a diversified media company and a leading provider of local news and sports. They are seeking an Information Security Engineer to support their enterprise security program, focusing on third-party risk management, security policies, and vendor risk assessments.

Broadcast Media

No H1B

Responsibilities

Contribute to the creation and maturation of information security policies, standards, and processes

Conduct accurate and timely third-party/vendor/service provider/software risk assessments while partnering with internal technical and non-technical teams such as legal, procurement, IT, and Security Operations

Proactively manage the Policy Exception process including stakeholder engagement, driving completion with internal teams, and providing highly technical details that will be visible to senior leaders

Create, adapt, and enhance weekly metrics to measure the efficacy and effectiveness of the security program

Perform litigation and data retention actions to support Sinclair Legal requests

Successfully operate in a fast-paced environment with shifting priorities

Ability to multitask, prioritize work, and efficiently deliver simultaneous assignments while remaining flexible and resilient

Maintain a high level of professionalism and integrity while frequently communicating with internal teams

Focus on the quality and completeness of delivery on assignments

Ability to think strategically, plan methodically, and execute tactically

Take ownership of personal and professional development needed to excel in the role

Apply excellent communication skills to efficiently collaborate with company stakeholders and business partners

Willingness to lead training webinars and present in front of large audiences

Evaluate and recommend new products, maintain knowledge of emerging technologies, and maximize value from existing tool sets to ensure return on investment

Demonstrate strong problem-solving skills by identifying gaps or issues and clearly formulating solutions

Ensure compliance with Sinclair policies and standards

Proactively respond to information security tickets and other requests according to team SLA

Operating with a strong sense of teamwork and personal accountability

Identify areas of improvement within the security team to maintain a level of excellence

Develop and deliver weekly performance metrics to measure programmatic success

Design, document, and implement procedures and techniques for analyzing and evaluating risk

Proactively and effectively look for ways to improve and optimize processes and techniques

Research emerging technologies and provide feedback and options to leadership to effectively solve problems

Champion collaboration amongst teams, quality execution on assignments, and take personal accountability for deliverables

Thrive within fast-paced operational environment requiring priority adjustments, multi-tasking, and a high-level of communication skills

Ability to self-motivate and go the extra mile to ensure team success

Maintain a positive and customer-oriented approach

Team-player who enjoys working with others

Comfortable speaking to and working directly with other teams such as Legal, Audit, Privacy, and Information Technology

Qualification

Third-party risk assessmentsEnterprise risk management toolsSOC-2ISO-27001Cloud security knowledgeSocial engineering campaignsData privacy lawsCommunication skillsTechnical backgroundCommercial enterprise experienceProblem-solving skillsTeamworkPresentation skills

Required

Bachelor's degree in an Information Security discipline with 2 years of experience or an associate's degree with 4 years of relevant work experience

Minimum of 2 years conducting third-party risk assessments including lifecycle management supporting enterprise tools and mitigation strategies

At least 2 years of hands-on experience designing social engineering and phishing campaigns while understanding balance and creativity to properly train staff

Hands-on experience working with enterprise 3rd party risk management solutions such as BitSight, ServiceNow, OneTrust, Security Scorecard, etc

Hands-on experience conducting risk and/or self-assessment activities to identify key risk areas in the business

Understanding of SOC-2 and ISO-27001 frameworks and ability to evaluate control gaps

Exceptional verbal and written communication skills with an ability to present complex information to audiences of varying subject knowledge

Solid technical background with the ability to understand network and systems architectures

Prior experience working in commercial multi-cloud provider environments

Industry certification required in one of the following areas: (e.g., CISSP, CISM, CRISC, Security+, CISA, or equivalent)

Basic knowledge of current data privacy laws (CCPA/CPRA, GDPR)

Commercial enterprise experience is required