Director of Cybersecurity
New York - New York
Fanatics Inc
Fanatics offers the broadest assortment of fan merchandise and memorabilia worldwide.The Director of Cybersecurity (Fanatics Collectibles) reports to the Chief Information Security Officer of Fanatics Collectibles and is responsible for assessing Cyber risks to our technology and in building and maturing the Fanatics Collectibles’ Enterprise Security, Threat Hunting and Threat Intelligence programs. The Director is also responsible for aligning security governance across Collectibles in support of enterprise security programs and business objectives. The Director will also be directly responsible for reducing cybersecurity risk across enterprise security platforms and consumer and customer-facing eCommerce and NFT platforms. The Director is also responsible for proactively protecting information assets from unauthorized or inappropriate access, throughout our M&A processes and assisting with such transitions to ensure a secure design and integration is achieved for new subsidiaries. The Director will also work closely with our other Fanatics’ security teams to participate in application security testing and penetration testing and to perform successful threat hunts with a goal of improving threat intelligence while reducing cybersecurity risks across our evolving technology landscape.
Duties and responsibilities may include:
- Develops an understanding of Fanatics’ current and forward-looking threat profile using requirements to improve the Information Security Program.
- Responsible for managing Information Security Governance, Risk & Compliance functions to implement our Fanatics’ global security policies, standards, and controls across all and future subsidiaries of Fanatics Collectibles.
- Protects valuable information and maintains the confidentiality and integrity of data through: knowledge of security management, network & protocols, data and application security solutions; knowledge of industry trends and current and emerging risks
- Partners with Operational Technology teams to identify improvement areas to reduce likelihood of impact from Cybersecurity risks such as ransomware in our industrial environments.
- Partners with the development teams on SDLC improvements, threat modeling, and secure coding practices
- Strong command of Cybersecurity organization practices, operations risk management processes, principles, architectural requirements, engineering threats and vulnerabilities, including incident response methodologies
- Cybersecurity expert, keeping technical skills current and participating in multiple security forums and communities
- Responsible for external engagement with peer groups and information security circles regarding cyber threats, to address events such as intrusions, malware, DDoS, unauthorized access, insider attacks and loss of proprietary information; this includes developing a deep understanding of global threat actors
- Ability to identify indicators of compromise, network attacks and systemic security issues as they relate to threats and vulnerabilities, with focus on recommendations for enhancements or remediation
- Monitors and reviews regulatory updates and issues relative to pertinent security regulatory requirements (such as GDPR, CCPA, PCI or SOX) and escalates findings appropriately
- Directs communications/security awareness programs and risk analysis with global businesses
- Supports electronic discovery and digital forensic investigations
- Partners with IT and the Business to ensure Fanatics Collectibles maintains appropriate disaster recovery (DR) and Business Continuity Plans which address Information Security requirements
- Provides expertise, guidance and advice related to all information security issues
Required Skills:
- 10+ years of progressive Information Security experience in a combination of Risk Management, Information Security, and Information Technology roles
- At least 5 years must be in a global leadership role in Information Security
- Experience protecting aspects of an e-commerce web presence
- Expertise in Information Security best practices and implementing Information Security Architectures
- Experience leveraging the MITRE ATT&CK framework and threat modeling frameworks
- Experience with STRIDE or similar threat modeling frameworks
- Detailed knowledge of global cyber threats, threat actors and the tactics, techniques and procedures used by cyber adversaries; demonstrated understanding of threat modeling techniques, in a cyber intelligence or cyber operations environment
- Experience in SDLC, secure coding practices, and ability to effectively apply risk principles to challenging business situations.
- Impeccable presentation and communication skills
- Clear experience & success negotiating competing demands across a variety of stakeholder groups
- Ability to work collaboratively in teams and develop meaningful relationships to achieve common goals
- Global experience preferred
Required Education and Certification:
- Bachelor’s degree in Information Security, Computer Science, Information Management Systems, or related field required. Master’s degree preferred.
- Certificates as a CISSP, Offensive Security Certified Professional (OSCP), GIAC Penetration Tester (GPEN), GIAC Defending Advanced Threats (GDAT) or equivalent certification preferred. May substitute an equivalent combination of education, experience, and other relevant industry certifications.
The Fanatics family of companies currently includes Fanatics Commerce, a vertically-integrated licensed merchandise business that has changed the way fans purchase their favorite team apparel, jerseys, headwear and hardgoods through a tech-infused approach to making and quickly distributing fan gear in today’s 24/7 mobile-first economy; Candy Digital, a digital collectibles company that is partnering with prominent sports properties, including MLB and MLBPA, to build an official NFT ecosystem; Fanatics Collectibles, a transformative company that is building a new model for the hobby and giving collectors an end-to-end collectibles experience; and Fanatics Betting & Gaming, a mobile betting, gaming and retail sportsbook platform. Additional ventures that will build out Fanatics’ footprint across the broader digital sports landscape will be rolled out soon. Fanatics’ partners include all major professional sports leagues (NFL, MLB, NBA, NHL, NASCAR, MLS, PGA) and hundreds of collegiate and professional teams, which include several of the biggest global soccer clubs. As a market leader with more than 8,000 employees, and hundreds of partners, suppliers, and vendors worldwide, we take responsibility for driving toward more ethical and sustainable practices. We are committed to building an inclusive Fanatics community, reflecting and representing society at every level of the business, including our employees, vendors, partners and fans. Fanatics is also dedicated to making a positive impact in the communities where we all live, work, and play through strategic philanthropic initiatives. At Fanatics, we’re a diverse, passionate group of employees aiming to ignite pride and passion in the fans we outfit, celebrate and support. We recognize that diversity helps drive and foster innovation, and through our IDEA program (inclusion, diversity, equality and advocacy) at Fanatics we provide employees with tools and resources to feel connected and engaged in who they are and what they do to support the ultimate fan experience.
Ensure your Fanatics job offer is legitimate and don’t fall victim to fraud. Fanatics never seeks payment from job applicants. Fanatics recruiters will only reach out to applicants from an @fanatics.com or @fanatics.co.uk email address. For added security, where possible, apply through our company website at www.fanaticsinc.com/careers
Tryouts are open at Fanatics! Our team is passionate, talented, unified, and charged with creating the fan experience of tomorrow. The ball is in your court now.
Fanatics is committed to responsible planning and purchasing (RPP) practices, working with its business partners across its global and multi-layered supply chain, to ensure that planning, sourcing, and purchasing decisions, along with other supporting processes, do not impede or conflict with the fulfillment of Fanatics’ fair labor practices.
NOTICE TO CALIFORNIA RESIDENTS/APPLICANTS: In connection with your application, we collect information that identifies, reasonably relates to or describes you (“Personal Information”). The categories of Personal Information that we collect include your name, government issued identification number(s), email address, mailing address, other contact information, emergency contact information, employment history, educational history, criminal record, and demographic information. We collect and use those categories of Personal Information about you for human resources and other business management purposes, including identifying and evaluating you as a candidate for potential or future employment or other types of positions, recordkeeping in relation to recruiting and hiring, conducting criminal background checks as permitted by law, conducting analytics, and ensuring compliance with applicable legal requirements and Company policies.
Tags: Analytics Application security CCPA CISSP Compliance Computer Science DDoS E-commerce Ecommerce GDPR GIAC Governance GPEN Incident response Industrial Malware MITRE ATT&CK Offensive security OSCP Pentesting Risk analysis Risk management SDLC Threat intelligence Vulnerabilities
Perks/benefits: Career development Team events
More jobs like this
Explore more InfoSec / Cybersecurity career opportunities
Find even more open roles in Ethical Hacking, Pen Testing, Security Engineering, Threat Research, Vulnerability Management, Cryptography, Digital Forensics and Cyber Security in general - ordered by popularity of job title or skills, toolset and products used - below.
- Open Information Security Specialist jobs
- Open Senior Cyber Security Engineer jobs
- Open Ethical hacker / Pentester H/F jobs
- Open Principal Security Engineer jobs
- Open Cyber Security Architect jobs
- Open Staff Security Engineer jobs
- Open Information Systems Security Officer (ISSO) jobs
- Open Product Security Engineer jobs
- Open Manager Pentest H/F jobs
- Open Cyber Security Specialist jobs
- Open Senior Information Security Analyst jobs
- Open Cybersecurity Analyst jobs
- Open Consultant infrastructure sécurité H/F jobs
- Open Chief Information Security Officer jobs
- Open IT Security Analyst jobs
- Open Cybersecurity Consultant jobs
- Open Consultant SOC / CERT H/F jobs
- Open Senior Information Security Engineer jobs
- Open Security Specialist jobs
- Open Senior Penetration Tester jobs
- Open Security Researcher jobs
- Open Cybersecurity Specialist jobs
- Open Senior Security Architect jobs
- Open Sr. Security Engineer jobs
- Open IT Security Engineer jobs
- Open CISM-related jobs
- Open Windows-related jobs
- Open Network security-related jobs
- Open ISO 27001-related jobs
- Open Pentesting-related jobs
- Open Application security-related jobs
- Open Agile-related jobs
- Open GCP-related jobs
- Open Vulnerability management-related jobs
- Open SaaS-related jobs
- Open CISA-related jobs
- Open Analytics-related jobs
- Open IAM-related jobs
- Open Threat intelligence-related jobs
- Open APIs-related jobs
- Open Java-related jobs
- Open Security assessment-related jobs
- Open Malware-related jobs
- Open DevOps-related jobs
- Open Security Clearance-related jobs
- Open IDS-related jobs
- Open EDR-related jobs
- Open Forensics-related jobs
- Open CEH-related jobs
- Open Kubernetes-related jobs