The Manager, Information Security - Vulnerability Management, will focus on supporting and maturing enterprise vulnerability management and application security programs. The candidate will operate as an individual contributor who provides day-to-day programmatic management for the vulnerability team and will perform hands-on engineering tasks to meet or exceed project deadlines. The candidate will apply security in-depth principles to reduce vulnerability risk for Sinclair's business units including multi-cloud and infrastructure environments. The candidate will also work closely with internal teams to support a fast-paced enterprise vulnerability and application security program. This role will report to the Director of Information Security. This position has the potential to be hybrid or remote.
You will be responsible for the following activities including:
Processes & Execution
- Manage processes and solutions pertaining to vulnerability management, application security, CIS/DISA benchmarks, and other security initiatives as required.
- Track and prioritize the team's day-to-day workloads including ticket prioritization and ensuring business as usual tasks are completed.
- Provide mentorship, coaching, and knowledge transfer to security team members.
- Provide frequent updates on team projects and assignments to the Director of Information Security.
- Excellent and well-established communication skills with an ability to effectively and professionally collaborate with company stakeholders and business partners.
- Focused on building inner-team relationships and is comfortable presenting tactical material in front of diverse audiences.
- Ability to think strategically, plan methodically, and execute tactically.
- Enterprise outlook for delivering and planning of solutions and processes.
- Actively engage internal and external customers to deliver subject matter expert direction for security remediations.
- Take ownership of professional development and training needed to excel in your role.
- Lead initiatives to develop and mature enterprise security services as they apply to team and organizational goals.
- Act as an advocate for Information Security objectives while identifying creative solutions to ensure progress is being made.
- Drive remediation activities by understanding the impact of findings and develop strong communication channels with key stakeholders to ensure progress is made.
- Lead effort for weekly in-depth metrics that are used to identify programmatic progress and team "wins."
- Evaluate and recommend new products, methodologies, processes, and solutions to support an enterprise vulnerability and application security programs.
- Maintain knowledge of current trends, recent publications, and emerging technologies as they pertain to risk, vulnerability management, and application security.
- Ability to identify, prioritize, communicate, and mitigate security risks for on-premises and hybrid/multi-cloud environments.
- Produce frequent detailed trending metrics to measure the efficacy and effectiveness of the vulnerability program.
- Identify business critical systems and environments including mapping data types in enterprise assets, databases, cloud environments, and applications.
- Define, document, and implement creative solutions to "find a better way."
- Demonstrate good judgment in identifying and solving problems that aligns with team and corporate goals.
- Enforce compliance with company policies and standards.
- Lead the vulnerability management program by driving remediation activities pertaining to application (DAST) scans, security assessments, vulnerability scans, or risk management activities and tools.
- Configure and tune security tools to identify weaknesses in systems, applications, databases, and cloud environments.
- Document and integrate security best practices within the CI/CD pipeline.
- Educate developers on best practices for including security controls within their development process.
- Ensure the SDLC is documented and security weigh-ins are included and implemented.
- Actively document Sinclair applications, applications owners, and align DAST tools to conduct dynamic scanning capabilities.
- Help the security team to maintain a level of excellence.
- Develop and evaluate complex performance metrics to establish process success.
- Design, document, and implement procedures and techniques to detect, report, and manage technical risks.
- Research emerging technologies and identify opportunities for adoption within vulnerability management and application security.
- Track and document progress for vulnerability management related processes, and constantly look for ways to make things work better, faster, and smoother.
- Collaborate on and adhere to security best practices, methodologies, and sustainable processes for both application security and vulnerability management.
- Bachelor's degree in an IT or Information Security discipline, or 12 years of equivalent work experience in lieu of a bachelor's degree.
- Minimum 8 years of experience working in the Information Security field, preferably in the broadcast and media industry.
- Minimum 1 year of prior experience leading or managing people.
- 5+ years of enterprise vulnerability management experience required, including previous experience as an engineer.
- 5+ years of experience taking ownership of projects, enhancements, or other assignments and seeing the process through to completion.
- Minimum 2 years of application security experience including DAST, CI/CD security integration, and partnering with development teams to remediate findings.
- Strong project management experience is a must.
- Ability to successfully multi-task and adjust to changing / shifting priorities.
- Great attitude with willingness to help others and take ownership of assignments.
- Expertise in building relationships to achieve programmatic success.
- Subject Matter Expert understanding of applying security controls (CIS/DISA).
- Hands-on experience with DAST/SAST solutions and vulnerability tools (Tanium a plus).
- Knowledge of security industry standards (ISO 27001, NIST 800-53 series, etc.).
- Proficient knowledge of network and/or security technologies
- Experience formulating and creating complex security metrics to show trends in program progression.
- Must be able to operate successfully in a fast-pace dynamic environment.
- Professional level security certifications (e.g., CCSP, SSCP, CISSP, CEH, CISM)
- Other requirements as needed.
Make your mark in Media with Sinclair Broadcast Group, a diversified media company dedicated to connecting people with content everywhere! We have consistently led the broadcast industry since our inception, and now Sinclair owns the largest regional sports network business and one of the largest television broadcast portfolios in the country. In addition, we have affiliations with all of the major broadcast networks, own Tennis Channel, and several multicast networks including TBD and Comet. Our content is distributed over-the-air, on multi-video providers, and through our industry-leading digital media platforms. We're at the forefront of NextGen technology, enabling innovative new ways to engage with broadcast content like never before. We also recently launched a free TV streaming service called STIRR. Our success is the direct result of our extraordinary employees and management team who believe in our vision and are dedicated to ensuring a great future for our employees. We are advancing the world of Media and want YOU to join our winning team!
About the Team
The life-blood of our organization is our people. We have a compelling story, a goal-oriented culture, and we take really good care of people. How good? Here is a glimpse: great benefits, open door policy, upward mobility and a strong desire to see you succeed. Ready to be part of a winning team? Let's talk.
The base salary compensation range for this role is $130,000 to $145,000. Final compensation for this role will be determined by various factors such as a candidates' relevant work experience, skills, certifications, and geographic location. Full time positions are eligible for benefits that include participation in a retirement plan, life and disability insurance, health, dental and vision plans, flexible spending accounts, sick leave, vacation time, personal time, parental leave and employee stock purchase plan.