Information Security Engineer

The Information Security Engineer will be a part of the enterprise Identity, Risk, and Data Governance group with a focus on supporting the Third-Party Risk Management (TPRM) program. The candidate will also be responsible for delivering security awareness training and phishing campaigns to the organization, authoring security policies and standards, partnering with the Sinclair Legal Team to perform litigation support, and provide proactive response to data loss prevention (DLP) alerts. 

The applicant will have prior experience with supply chain and vendor risk management in a corporate environment. Additional required skills include hands-on experience with managing security awareness training platforms, ability to develop and improve security policies and standards, and knowledge of data classification and protection best practices. 

The candidate must be a self-starter with the motivation to learn and contribute to new technologies and processes, possess the ability to verbally present ideas clearly and thoughtfully to large audiences at different levels of the organization, and thrive in a highly visible and fast-paced role. 

This is a hybrid position which will require the candidate to work on-site in Hunt Valley Maryland several times per week.

Responsibilities:

Process & Execution

• Perform 3rd party risk assessments in alignment with team SLAs, that identifies vendor and supply chain inherent risks.
• Respond to Data Loss Prevention (DLP) alerts while proactively providing education on data security principles to Sinclair’s end-user base.
• Test, create, and develop Data Loss Prevention policies to detect and prevent proprietary data leakage.
• Perform eDiscovery and litigation hold (Purview) activities to support Sinclair Legal requests. 
• Research and risk assess Artificial Intelligence (AI) applications to determine the risk and impact to data privacy.
• Support Sinclair’s cyber risk program through the coordination of policy exceptions with stakeholders, updating the risk registry, and codeveloping remediation plans.
• Continuously report and monitor the status of risk to Sinclair leadership.
• Contribute to the development of information security policies, standards, and processes to enforce Sinclair compliance requirements.
• Deliver current and relevant training content to personnel to provide continued education on cyber threats.
• Provide quality and timely updates to internal customers to ensure clear expectations are met for their requests. 
• Collaborate with peers to create and enhance weekly metrics to measure the effectiveness of the security program. 
• Maintain ownership of assignments initiatives while maintaining a high level of personal accountability.
• Develop and communicate risk mitigation plans for security risks in on-premises or cloud environments.

Collaboration & Partnerships

• Apply excellent communication skills to efficiently collaborate with company stakeholders and business partners.
• Evaluate and recommend new products, maintain knowledge of emerging technologies, and maximize value from existing tool sets to ensure return on investment. 
• Demonstrate strong problem-solving skills by identifying gaps or issues and develop engineering
• Communicate Sinclair policy and standards requirements to the organization to ensure compliance is being met.
• Promptly respond to information security tickets and other request while effectively communicating with your team and customers.

Performance Improvement

• Flourish within an environment where priorities are frequently adjusted and the ability to multitask comes as second nature.
• Maintain a high-level of work quality while operating comfortably in a fast-paced environment and culture that emphasizes the importance of effective communication.
• Proactively and effectively look for ways to improve and optimize processes. 
• Drive collaboration amongst teams, deliver quality execution on assignments, and take personal accountability for deliverables.

Keys to Success:

• Be a self-starter
• Willing to go the extra mile
• Over communicate 
• Remain flexible and resilient
• Have a good attitude
• Be a team player
• Have a can-do attitude
• Have a desire to learn
• Ability to multitask

Qualifications:

• Bachelor’s degree in an IT discipline and 4 years of Information Security experience within an enterprise environment.
• Exceptional verbal and written communication skills with an ability to present complex information to audiences of varying subject knowledge. 
• Minimum of one year conducting third-party and vendor risk assessments.
• Knowledge of Artificial Intelligence tools (AI) including assessing the risks to data privacy or exposure.
• Experience deploying and configuring enterprise security tools focused on Data Loss Prevention (MS Purview, Varonis, Zscaler, etc.). 
• Prior experience classifying data and understanding the fundamentals of data protection.
• Hands on experience with enterprise Security Awareness Training platforms.
• Experience developing and customizing metrics including with MS Excel, PowerBI, Power Automate, etc.  
• Hands-on experience in Microsoft Purview including conducting eDiscovery and performing litigation holds.  
• Knowledge of multi-cloud environments.
• Industry certification required in one of the following areas: (e.g., CISSP, CISM, CRISC, Security+, CISA, or equivalent).
• Familiarity with security assessments and compliance requirements frameworks (SOC-2, NIST “800 series”, ISO, CSF, SOX, etc.).
• Prior experience in the broadcast/media entertainment industries preferred.

 

  Sinclair is proud to be an equal opportunity employer and a drug free workplace. Employment practices will not be influenced or affected by virtue of an applicant's or employee's race, color, religion, sex (including pregnancy, gender identity, and sexual orientation), national origin, age, disability, genetic information, military or veteran status or any other characteristic protected by law.
  About Us
  Sinclair, Inc. (Nasdaq: SBGI) is a diversified media company and a leading provider of local news and sports. The Company owns, operates and/or provides services to 185 television stations in 86 markets affiliated with all the major broadcast networks; and owns Tennis Channel and multicast networks Comet, CHARGE!, TBD., and The Nest. Sinclair's content is delivered via multiple platforms, including over-the-air, multi-channel video program distributors, and the nation's largest streaming aggregator of local news content, NewsON. The Company regularly uses its website as a key source of Company information which can be accessed at www.sbgi.net.
  About the Team
  The life-blood of our organization is our people. We have a compelling story, a goal-oriented culture, and we take really good care of people. How good? Here is a glimpse: great benefits, open door policy, upward mobility and a strong desire to see you succeed. Ready to be part of a winning team? Let’s talk.   The base salary compensation range for this role is $90,000 to $116,000.  Final compensation for this role will be determined by various factors such as a candidate’s relevant work experience, skills, certifications, and geographic location. Full time positions are eligible for benefits that include participation in a retirement plan, life and disability insurance, health, dental and vision plans, flexible spending accounts, 15 paid vacation days, 2 paid personal days, 9 paid holidays, 40 hours of paid sick leave, parental leave, and employee stock purchase plan