Senior Security Analyst – Governance, Risk, and Compliance at Fanatics
Senior Security Analyst – Governance, Risk, and Compliance
Fanatics is the global leader in licensed sports merchandise and changing the way fans purchase their favorite team apparel and jerseys. Through an innovative, tech-infused approach to making and selling fan gear in today’s on-demand culture, Fanatics operates more than 300 online and offline stores, including the e-commerce business for all major professional sports leagues (NFL, MLB, NBA, NHL, NASCAR, MLS, PGA), major media brands (NBC Sports, CBS Sports, FOX Sports) and more than 200 collegiate and professional team properties, which include several of the biggest global soccer clubs (Manchester United, Real Madrid, Chelsea, Manchester City). Fanatics offers the largest collection of timeless and timely merchandise whether shopping online, on your phone, in stores, in stadiums or on-site at the world’s biggest sporting events.
About the Team
Fanatics is first and foremost a technology company. We are powered by cutting-edge tech created by our small agile teams using the latest tools and technologies under our highly analytical, forward thinking, and open-minded leadership. As the global leader in licensed sports merchandise, we challenge ourselves by improving our new fully responsive NodeJS cloud commerce platform, Elasticsearch engine, and deep data science capabilities while building the best-in-class retail manufacturing and supply chain technologies. Our tech teams work together to revolutionize data science and engineering initiatives, provide highly scalable real-time and streaming platforms, and create secure e-commerce and in-stadium fan experience products. Our own e-commerce platform transacts in over 190 countries, 17 languages, and 14 currencies. Our motto is “#GSD”—get stuff done—and we do just that. If you want to be at the nexus of sports, commerce, and technology, come be a part of our industry-leading team here at Fanatics Tech.
Fanatics is looking for a Governance, Risk, and Compliance (GRC) Specialist to join our Information Security team. This position will be responsible for holistically managing vendors throughout the vendor life cycle, and providing dedicated support for other GRC tasks during audit and risk assessment cycles. This role will also assess vendor proposals, perform vendor audits, write policies and procedures, and assist in broader IT risk management efforts within Fanatics.
Our team members are given a great deal of autonomy in the pursuit of keeping Fanatics secure and a successful candidate will demonstrate strong communication skills and is expected to be comfortable and effective working independently and as part of a larger, highly distributed team. We’re looking specifically for folks who can communicate broadly across different skill sets and set the pace to achieve organizational goals. Fanatics is a fast-growing company and our security program needs to be able to keep pace with that growth while not disrupting innovation.
- Build and manage a vendor management program that includes:
- Creating and ingesting new vendors in a structured manner with a consistent review process
- Gathering information on and managing existing vendors
- Performing on-going and annual vendor risk assessments
- Support audit execution processes, by:
- Providing compliance consultation on various frameworks and best practices
- Collecting, reviewing, and uploading evidence
- Support the risk assessment process, by:
- Collecting and documenting emerging risks
- Assisting in risk calculations
- Providing input for vendor risk trends and issues
- Direct engagement with external teams to ensure adherence to processes
- Mentor fellow Fanatics personnel on best security practices through cross-functional work with multiple technical and non-technical teams
- Experience (minimum 5 years) in information technology (IT) procurement or vendor management
- Experience (minimum 3 years) with IT-based governance, risk, and compliance
- Experience (minimum 1 year) with IT-based audit
- A solid understanding of the following frameworks, with direct experience in at least 2 preferred:
- Data Privacy (GDPR, CCPA, others)
- SOC 1 (SSAE 18) and SOC 2
- ISO 27001
- NIST 800-53
- Proficiency in written and spoken English
- Ability to present findings and summaries of issues to senior management
- Pro-active and self-motivated, including a willingness to reach out to development teams and stakeholders to discuss issues and identify areas needing assistance
- Excellent communication and interpersonal skills
- Ability to approach problem solving in a constructive and collaborative way that does not require absolutes
- Bachelor’s degree in an IT or engineering related field strongly preferred
- CISA certification or equivalent strongly preferred
- Experience with cloud-based tools strongly preferred
Tryouts are open at Fanatics! Our team is passionate, talented, unified, and charged with creating the fan experience of tomorrow. The ball is in your court now.
NOTICE TO CALIFORNIA RESIDENTS/APPLICANTS: In connection with your application, we collect information that identifies, reasonably relates to or describes you (“Personal Information”). The categories of Personal Information that we collect include your name, government issued identification number(s), email address, mailing address, other contact information, emergency contact information, employment history, educational history, criminal record, and demographic information. We collect and use those categories of Personal Information about you for human resources and other business management purposes, including identifying and evaluating you as a candidate for potential or future employment or future contract positions, recordkeeping in relation to recruiting and hiring, conducting criminal background checks as permitted by law, conducting analytics, and ensuring compliance with applicable legal requirements and Company policies.
Sign up for Daily Remote Job Alerts!