Senior Information Security (GRC) Manager
New York - New York
Fanatics Inc
Fanatics offers the broadest assortment of fan merchandise and memorabilia worldwide.
Company OverviewFanatics is building the leading global digital sports platform to ignite and harness the passions of fans, and maximize the presence and reach for hundreds of partners globally. Leveraging these long-standing partnerships, a database of more than 80 million global consumers and a trusted, recognizable brand name, Fanatics is expanding beyond its position as the global leader for licensed sports merchandise to now becoming a next-gen digital sports platform, featuring an array of offerings across the sports ecosystem.
The Fanatics family of companies currently includes Fanatics Commerce, a vertically-integrated licensed merchandise business that has changed the way fans purchase their favorite team apparel, jerseys, headwear and hardgoods through a tech-infused approach to making and quickly distributing fan gear in today’s 24/7 mobile-first economy; Candy Digital, a digital collectibles company that is partnering with prominent sports properties, including MLB and MLBPA, to build an official NFT ecosystem; Fanatics Trading Cards, a transformative company that is building a new model for the hobby and giving collectors an end-to-end trading cards experience; and Fanatics Betting & Gaming, a mobile betting, gaming and retail sportsbook platform. Additional ventures that will build out Fanatics’ footprint across the broader digital sports landscape will be rolled out soon. Fanatics’ partners include all major professional sports leagues (NFL, MLB, NBA, NHL, NASCAR, MLS, PGA) and hundreds of collegiate and professional teams, which include several of the biggest global soccer clubs. As a market leader with more than 8,000 employees, and hundreds of partners, suppliers, and vendors worldwide, we take responsibility for driving toward more ethical and sustainable practices. We are committed to building an inclusive Fanatics community, reflecting and representing society at every level of the business, including our employees, vendors, partners and fans. Fanatics is also dedicated to making a positive impact in the communities where we all live, work, and play through strategic philanthropic initiatives. At Fanatics, we’re a diverse, passionate group of employees aiming to ignite pride and passion in the fans we outfit, celebrate and support. We recognize that diversity helps drive and foster innovation, and through our IDEA program (inclusion, diversity, equality and advocacy) at Fanatics we provide employees with tools and resources to feel connected and engaged in who they are and what they do to support the ultimate fan experience.
The Senior Information Security (GRC) Manager reports to the Sr. Director of Information Security and is responsible for aligning security initiatives with enterprise programs and business objectives and for ensuring that information assets and technologies are adequately protected. The Senior Manager will be responsible for driving Information Security Governance, Risk and Compliance initiatives on a global level across all regions and for directly supporting M&A activity and Third-Party Risk activities. In addition to working closely with IT and the Business, regular interaction with internal and external auditors, Legal, Privacy and Ethics officers is also key to the success of the role.
Tryouts are open at Fanatics! Our team is passionate, talented, unified, and charged with creating the fan experience of tomorrow. The ball is in your court now.
Fanatics is committed to responsible planning and purchasing (RPP) practices, working with its business partners across its global and multi-layered supply chain, to ensure that planning, sourcing, and purchasing decisions, along with other supporting processes, do not impede or conflict with the fulfillment of Fanatics’ fair labor practices.
NOTICE TO CALIFORNIA RESIDENTS/APPLICANTS: In connection with your application, we collect information that identifies, reasonably relates to or describes you (“Personal Information”). The categories of Personal Information that we collect include your name, government issued identification number(s), email address, mailing address, other contact information, emergency contact information, employment history, educational history, criminal record, and demographic information. We collect and use those categories of Personal Information about you for human resources and other business management purposes, including identifying and evaluating you as a candidate for potential or future employment or other types of positions, recordkeeping in relation to recruiting and hiring, conducting criminal background checks as permitted by law, conducting analytics, and ensuring compliance with applicable legal requirements and Company policies.
The Fanatics family of companies currently includes Fanatics Commerce, a vertically-integrated licensed merchandise business that has changed the way fans purchase their favorite team apparel, jerseys, headwear and hardgoods through a tech-infused approach to making and quickly distributing fan gear in today’s 24/7 mobile-first economy; Candy Digital, a digital collectibles company that is partnering with prominent sports properties, including MLB and MLBPA, to build an official NFT ecosystem; Fanatics Trading Cards, a transformative company that is building a new model for the hobby and giving collectors an end-to-end trading cards experience; and Fanatics Betting & Gaming, a mobile betting, gaming and retail sportsbook platform. Additional ventures that will build out Fanatics’ footprint across the broader digital sports landscape will be rolled out soon. Fanatics’ partners include all major professional sports leagues (NFL, MLB, NBA, NHL, NASCAR, MLS, PGA) and hundreds of collegiate and professional teams, which include several of the biggest global soccer clubs. As a market leader with more than 8,000 employees, and hundreds of partners, suppliers, and vendors worldwide, we take responsibility for driving toward more ethical and sustainable practices. We are committed to building an inclusive Fanatics community, reflecting and representing society at every level of the business, including our employees, vendors, partners and fans. Fanatics is also dedicated to making a positive impact in the communities where we all live, work, and play through strategic philanthropic initiatives. At Fanatics, we’re a diverse, passionate group of employees aiming to ignite pride and passion in the fans we outfit, celebrate and support. We recognize that diversity helps drive and foster innovation, and through our IDEA program (inclusion, diversity, equality and advocacy) at Fanatics we provide employees with tools and resources to feel connected and engaged in who they are and what they do to support the ultimate fan experience.
The Senior Information Security (GRC) Manager reports to the Sr. Director of Information Security and is responsible for aligning security initiatives with enterprise programs and business objectives and for ensuring that information assets and technologies are adequately protected. The Senior Manager will be responsible for driving Information Security Governance, Risk and Compliance initiatives on a global level across all regions and for directly supporting M&A activity and Third-Party Risk activities. In addition to working closely with IT and the Business, regular interaction with internal and external auditors, Legal, Privacy and Ethics officers is also key to the success of the role.
Duties and responsibilities may include:
- Develops an understanding of Fanatics current and forward-looking threat profile using requirements to improve the Fanatics Information Security Program across Fanatics Holding Inc. (FHI) and all subsidiaries.
- Responsible for supporting Information Security Risk & Compliance functions to implement our global security policies, standards, and controls at FHI and its subsidiaries.
- Responsible for supporting M&A activities, ensuring that appropriate Information Security Due Diligence reviews are performed, risks identified, and mitigation plans enacted with the appropriate teams.
- Responsible for implementing and supporting a consistent Third-Party Information Security Assessment (TPISA) program across FHI and its subsidiaries.
- Protects valuable information and maintains the confidentiality and integrity of data through:
- Knowledge of security management, network & protocols, data, and application security solutions
- Knowledge of industry trends and current and emerging risks
- Directs risk analysis discussions with global businesses.
- Provides expertise, guidance and advice related to all information security issues.
- Monitors and reviews regulatory updates and issues relative to pertinent security regulatory requirements (such as GDPR, PCI or SOX) and escalates findings appropriately.
- Other relevant duties as directed to support the business.
Required Education and Certification:
- Bachelor’s degree in Information Security, Computer Science, Information Management Systems, or related field required. Master’s degree preferred.
- Certificate in Risk and Information Systems Control (CRISC), Certified Information Systems Security Professional (CISSP) or Certified Information Systems Manager (CISM) preferred. May substitute an equivalent combination of education, experience and other relevant industry certifications.
Required Skills:
- 8+ years [ML1] of progressive IT experience in a combination of Risk Management, Information Security and IT roles.
- Knowledge of applicable industry frameworks, regulations, or contractual rules (e.g. ISO27001, GDPR, PCI, SOX, etc.), and expertise in Information Security best practices and implementing Information Security Frameworks.
- Risk management experience with proven ability to effectively apply risk principles to challenging business situations.
- Impeccable executive presentation and communication skills.
- Excellent influencing and problem resolution skills.
- Global experience preferred.
- Positive and flexible attitude to work in a fast-paced environment and a willingness to embrace new initiatives.
- Strong report writing skills with the ability to gather, evaluate and analyze relevant information while structuring e material in a logical and coherent manner
Tryouts are open at Fanatics! Our team is passionate, talented, unified, and charged with creating the fan experience of tomorrow. The ball is in your court now.
Fanatics is committed to responsible planning and purchasing (RPP) practices, working with its business partners across its global and multi-layered supply chain, to ensure that planning, sourcing, and purchasing decisions, along with other supporting processes, do not impede or conflict with the fulfillment of Fanatics’ fair labor practices.
NOTICE TO CALIFORNIA RESIDENTS/APPLICANTS: In connection with your application, we collect information that identifies, reasonably relates to or describes you (“Personal Information”). The categories of Personal Information that we collect include your name, government issued identification number(s), email address, mailing address, other contact information, emergency contact information, employment history, educational history, criminal record, and demographic information. We collect and use those categories of Personal Information about you for human resources and other business management purposes, including identifying and evaluating you as a candidate for potential or future employment or other types of positions, recordkeeping in relation to recruiting and hiring, conducting criminal background checks as permitted by law, conducting analytics, and ensuring compliance with applicable legal requirements and Company policies.
Tags: Analytics Application security CISM CISSP Compliance Computer Science CRISC GDPR Governance ISO 27001 Privacy Risk analysis Risk management Security assessment
Perks/benefits: Flex hours Team events
Region:
North America
Country:
United States
Job stats:
6
1
0
Category:
Leadership Jobs
More jobs like this
Explore more InfoSec / Cybersecurity career opportunities
Find even more open roles in Ethical Hacking, Pen Testing, Security Engineering, Threat Research, Vulnerability Management, Cryptography, Digital Forensics and Cyber Security in general - ordered by popularity of job title or skills, toolset and products used - below.
- Open Ethical hacker / Pentester H/F jobs
- Open Staff Security Engineer jobs
- Open Information Security Specialist jobs
- Open Cyber Security Architect jobs
- Open Manager Pentest H/F jobs
- Open Senior Cyber Security Engineer jobs
- Open Senior Information Security Analyst jobs
- Open Cyber Security Specialist jobs
- Open Principal Security Engineer jobs
- Open Product Security Engineer jobs
- Open Information Systems Security Officer (ISSO) jobs
- Open Cybersecurity Analyst jobs
- Open IT Security Analyst jobs
- Open Consultant infrastructure sécurité H/F jobs
- Open Consultant SOC / CERT H/F jobs
- Open Cybersecurity Consultant jobs
- Open Senior Information Security Engineer jobs
- Open Chief Information Security Officer jobs
- Open Security Specialist jobs
- Open Cybersecurity Specialist jobs
- Open Senior Penetration Tester jobs
- Open Security Researcher jobs
- Open Sr. Security Engineer jobs
- Open Senior Security Architect jobs
- Open Security Operations Analyst jobs
- Open CISM-related jobs
- Open ISO 27001-related jobs
- Open Network security-related jobs
- Open Application security-related jobs
- Open Agile-related jobs
- Open Windows-related jobs
- Open Pentesting-related jobs
- Open Vulnerability management-related jobs
- Open GCP-related jobs
- Open Analytics-related jobs
- Open SaaS-related jobs
- Open CISA-related jobs
- Open IAM-related jobs
- Open Threat intelligence-related jobs
- Open APIs-related jobs
- Open Java-related jobs
- Open DevOps-related jobs
- Open Security assessment-related jobs
- Open Kubernetes-related jobs
- Open Security Clearance-related jobs
- Open Malware-related jobs
- Open CI/CD-related jobs
- Open IDS-related jobs
- Open DevSecOps-related jobs
- Open EDR-related jobs