Senior GRC Analyst

Job Summary

We are seeking a highly organized, detail-oriented, and communicative Information Security (IS) Governance, Risk Management and Compliance, Senior Analyst to oversee the implementation and operating effectiveness of: IT SOX General Controls (ITGCs), third-party vendor risk assessments, audit readiness, user phishing and training campaigns and privacy compliance/DSAR oversight for the Collectibles line of business. 

What you'll be doing -

• Consulta, train and guide control owners to design and operate effective IT processes and controls to meet industry best practices and IT SOX control requirements.
• Support execution of IT SOX controls: evidence collection, testing coordination, and walkthrough support.
• Distribute and review third-party risk questionnaires. 
• Document vendor assessments and maintain vendor risk profiles in the our TPRM system, AuditBoard. 
• Execute with user awareness campaigns, phishing simulations and security trainings.  
• Administer and maintain GRC platform, AuditBoard and training and phishing awareness platform, KnowBe4. 
• Generate and deliver recurring dashboards, metrics, and status reports for GRC leadership.
• Adapt to the needs of the organization and implement policies and procedures that are attainable by a lean organization.
• Define and implement IT KPIs and metrics, reports and dashboards for consumption by all levels of the organization.
• Train and guide software, application and infrastructure engineers on control requirements and procedures.
• Independently monitor and test IT controls against various frameworks such as, IT SOX, PCI, NIST CSF and NIST Privacy. 
• Produce effective communications and train the IT organization on policies and procedures.
• Produce clear and concise status reports for all levels.
• Independently meet and interface with Compliance partners and bridge communication with the Infrastructure, Engineering and Information Security organization.

What we're looking for -

• 5 – 10 years of experience in an IT Risk, Internal Controls, Audit or Compliance role 
• Experience in a publicly traded company or with SEC/SOX compliance.
• Familiarity with cloud service risks (e.g., AWS, Azure).
• Understanding of data privacy regulations (GDPR, CCPA) is a plus.
• Basic technical understanding of IT systems, authentication, and security concepts.
• Experience defining and implementing IT and IS KPIs and metrics; Experience tracking and defining KPI reports and dashboards for consumption by all levels of the organization
• Strong communication and stakeholder management skills with the ability to build effective relationships and trust.
• Team player with an ownership mindset that is willing to get involved, go above and beyond and assist IT engineers to achieve control requirements.
• Flexible and comfortable with change, with the ability to quickly pivot based on the needs of the organization
• Ability to work well with software, application and infrastructure engineers in order to train and guide them on control requirements and procedures.

In NYC, the salary range for this position is $124,000- $155,000, which represents base pay only and does not include short-term or long-term incentive compensation. In Los Angeles, the salary range for this position is $112,000- $140,000. The listed salary ranges are specific to Los Angeles or NYC and may not be applicable to other locations. When determining base pay, as part of a final compensation package, we consider several factors such as location, experience, qualifications, and training.
 

Fanatics is building a leading global digital sports platform. We ignite the passions of global sports fans and maximize the presence and reach for our hundreds of sports partners globally by offering products and services across Fanatics Commerce, Fanatics Collectibles, and Fanatics Betting & Gaming, allowing sports fans to Buy, Collect, and Bet. Through the Fanatics platform, sports fans can buy licensed fan gear, jerseys, lifestyle and streetwear products, headwear, and hardgoods; collect physical and digital trading cards, sports memorabilia, and other digital assets; and bet as the company builds its Sportsbook and iGaming platform. Fanatics has an established database of over 100 million global sports fans; a global partner network with approximately 900 sports properties, including major national and international professional sports leagues, players associations, teams, colleges, college conferences and retail partners, 2,500 athletes and celebrities, and 200 exclusive athletes; and over 2,000 retail locations, including its Lids retail stores. Our more than 22,000 employees are committed to relentlessly enhancing the fan experience and delighting sports fans globally. 

Fanatics Collectibles is a new model and vision for the hobby, fundamentally changing the experience for current and future collectors, leagues, and players across many U.S. and international professional and college sports. The organization has long-term, exclusive rights to design, manufacture and distribute trading cards for several sports and entertainment properties, including MLB, MLBPA, the Premier League, MLS, UFC, Formula 1 as well as Disney, Marvel, Pixar, and Star Wars, among others. In January 2022, Fanatics Collectibles announced the acquisition of Topps, establishing the preeminent licensed trading card brand as the cornerstone of Fanatics’ trading cards and collectibles business, and jumpstarted its MLB and MLBPA rights to design, manufacture and distribute trading cards