Senior GRC Analyst

Job Summary

We are seeking a highly organized, detail-oriented, and communicative Information Security (IS) Governance, Risk Management and Compliance, Senior Analyst to oversee the implementation and operating effectiveness of: IT SOX General Controls (ITGCs), third-party vendor risk assessments, audit readiness, user phishing and training campaigns and privacy compliance/DSAR oversight for the Collectibles line of business. 

What you'll be doing -

• Consulta, train and guide control owners to design and operate effective IT processes and controls to meet industry best practices and IT SOX control requirements.
• Support execution of IT SOX controls: evidence collection, testing coordination, and walkthrough support.
• Distribute and review third-party risk questionnaires. 
• Document vendor assessments and maintain vendor risk profiles in the our TPRM system, AuditBoard. 
• Execute with user awareness campaigns, phishing simulations and security trainings.  
• Administer and maintain GRC platform, AuditBoard and training and phishing awareness platform, KnowBe4. 
• Generate and deliver recurring dashboards, metrics, and status reports for GRC leadership.
• Adapt to the needs of the organization and implement policies and procedures that are attainable by a lean organization.
• Define and implement IT KPIs and metrics, reports and dashboards for consumption by all levels of the organization.
• Train and guide software, application and infrastructure engineers on control requirements and procedures.
• Independently monitor and test IT controls against various frameworks such as, IT SOX, PCI, NIST CSF and NIST Privacy. 
• Produce effective communications and train the IT organization on policies and procedures.
• Produce clear and concise status reports for all levels.
• Independently meet and interface with Compliance partners and bridge communication with the Infrastructure, Engineering and Information Security organization.

What we're looking for -

• 5 – 10 years of experience in an IT Risk, Internal Controls, Audit or Compliance role 
• Experience in a publicly traded company or with SEC/SOX compliance.
• Familiarity with cloud service risks (e.g., AWS, Azure).
• Understanding of data privacy regulations (GDPR, CCPA) is a plus.
• Basic technical understanding of IT systems, authentication, and security concepts.
• Experience defining and implementing IT and IS KPIs and metrics; Experience tracking and defining KPI reports and dashboards for consumption by all levels of the organization
• Strong communication and stakeholder management skills with the ability to build effective relationships and trust.
• Team player with an ownership mindset that is willing to get involved, go above and beyond and assist IT engineers to achieve control requirements.
• Flexible and comfortable with change, with the ability to quickly pivot based on the needs of the organization
• Ability to work well with software, application and infrastructure engineers in order to train and guide them on control requirements and procedures.

 

In NYC, the salary range for this position is $124,000- $155,000, which represents base pay only and does not include short-term or long-term incentive compensation. In Los Angeles, the salary range for this position is $112,000- $140,000. The listed salary ranges are specific to Los Angeles or NYC and may not be applicable to other locations. When determining base pay, as part of a final compensation package, we consider several factors such as location, experience, qualifications, and training.
 

Ensure your Fanatics job offer is legitimate and don’t fall victim to fraud. Fanatics never seeks payment from job applicants. Feel free to ask your recruiter for a phone call or other type of communication for interview, and ensure your communication is coming from a Fanatics email address (including @collectfanatics.com). For added security, where possible, apply through our company website at www.fanaticsinc.com/careers.

Fanatics is building a leading global digital sports platform. We ignite the passions of global sports fans and maximize the presence and reach for our hundreds of sports partners globally by offering products and services across Fanatics Commerce, Fanatics Collectibles, and Fanatics Betting & Gaming, allowing sports fans to Buy, Collect, and Bet. Through the Fanatics platform, sports fans can buy licensed fan gear, jerseys, lifestyle and streetwear products, headwear, and hardgoods; collect physical and digital trading cards, sports memorabilia, and other digital assets; and bet as the company builds its Sportsbook and iGaming platform. Fanatics has an established database of over 100 million global sports fans; a global partner network with approximately 900 sports properties, including major national and international professional sports leagues, players associations, teams, colleges, college conferences and retail partners, 2,500 athletes and celebrities, and 200 exclusive athletes; and over 2,000 retail locations, including its Lids retail stores. Our more than 22,000 employees are committed to relentlessly enhancing the fan experience and delighting sports fans globally.