Fanatics
Senior GRC Analyst
Fanatics - New York, New York, United States, 10001
Work at Fanatics
Overview
- View job
Overview
Information Security (Is) Governance, Risk Management And Compliance, Senior Analyst
Job Summary We are seeking a highly organized, detail-oriented, and communicative
Information Security (IS) Governance, Risk Management and Compliance, Senior Analyst
to oversee the implementation and operating effectiveness of: IT SOX General Controls (ITGCs), third-party vendor risk assessments, audit readiness, user phishing and training campaigns and privacy compliance/DSAR oversight for the
Collectibles
line of business. What You'll Be Doing- Consult, train and guide control owners to design and operate effective IT processes and controls to meet industry best practices and IT SOX control requirements. Support execution of IT SOX controls: evidence collection, testing coordination, and walkthrough support. Distribute and review third-party risk questionnaires. Document vendor assessments and maintain vendor risk profiles in the our TPRM system, AuditBoard. Execute with user awareness campaigns, phishing simulations and security trainings. Administer and maintain GRC platform, AuditBoard and training and phishing awareness platform, KnowBe4. Generate and deliver recurring dashboards, metrics, and status reports for GRC leadership. Adapt to the needs of the organization and implement policies and procedures that are attainable by a lean organization. Define and implement IT KPIs and metrics, reports and dashboards for consumption by all levels of the organization. Train and guide software, application and infrastructure engineers on control requirements and procedures. Independently monitor and test IT controls against various frameworks such as, IT SOX, PCI, NIST CSF and NIST Privacy. Produce effective communications and train the IT organization on policies and procedures. Produce clear and concise status reports for all levels. Independently meet and interface with Compliance partners and bridge communication with the Infrastructure, Engineering and Information Security organization. What We're Looking For- 5
10 years of experience in an IT Risk, Internal Controls, Audit or Compliance role Experience in a publicly traded company or with SEC/SOX compliance. Familiarity with cloud service risks (e.g., AWS, Azure). Understanding of data privacy regulations (GDPR, CCPA) is a plus. Basic technical understanding of IT systems, authentication, and security concepts. Experience defining and implementing IT and IS KPIs and metrics; Experience tracking and defining KPI reports and dashboards for consumption by all levels of the organization Strong communication and stakeholder management skills with the ability to build effective relationships and trust. Team player with an ownership mindset that is willing to get involved, go above and beyond and assist IT engineers to achieve control requirements. Flexible and comfortable with change, with the ability to quickly pivot based on the needs of the organization Ability to work well with software, application and infrastructure engineers in order to train and guide them on control requirements and procedures. In NYC, the salary range for this position is $124,000- $155,000, which represents base pay only and does not include short-term or long-term incentive compensation. In Los Angeles, the salary range for this position is $112,000- $140,000. The listed salary ranges are specific to Los Angeles or NYC and may not be applicable to other locations. When determining base pay, as part of a final compensation package, we consider several factors such as location, experience, qualifications, and training.
Job Summary We are seeking a highly organized, detail-oriented, and communicative
Information Security (IS) Governance, Risk Management and Compliance, Senior Analyst
to oversee the implementation and operating effectiveness of: IT SOX General Controls (ITGCs), third-party vendor risk assessments, audit readiness, user phishing and training campaigns and privacy compliance/DSAR oversight for the
Collectibles
line of business. What You'll Be Doing- Consult, train and guide control owners to design and operate effective IT processes and controls to meet industry best practices and IT SOX control requirements. Support execution of IT SOX controls: evidence collection, testing coordination, and walkthrough support. Distribute and review third-party risk questionnaires. Document vendor assessments and maintain vendor risk profiles in the our TPRM system, AuditBoard. Execute with user awareness campaigns, phishing simulations and security trainings. Administer and maintain GRC platform, AuditBoard and training and phishing awareness platform, KnowBe4. Generate and deliver recurring dashboards, metrics, and status reports for GRC leadership. Adapt to the needs of the organization and implement policies and procedures that are attainable by a lean organization. Define and implement IT KPIs and metrics, reports and dashboards for consumption by all levels of the organization. Train and guide software, application and infrastructure engineers on control requirements and procedures. Independently monitor and test IT controls against various frameworks such as, IT SOX, PCI, NIST CSF and NIST Privacy. Produce effective communications and train the IT organization on policies and procedures. Produce clear and concise status reports for all levels. Independently meet and interface with Compliance partners and bridge communication with the Infrastructure, Engineering and Information Security organization. What We're Looking For- 5
10 years of experience in an IT Risk, Internal Controls, Audit or Compliance role Experience in a publicly traded company or with SEC/SOX compliance. Familiarity with cloud service risks (e.g., AWS, Azure). Understanding of data privacy regulations (GDPR, CCPA) is a plus. Basic technical understanding of IT systems, authentication, and security concepts. Experience defining and implementing IT and IS KPIs and metrics; Experience tracking and defining KPI reports and dashboards for consumption by all levels of the organization Strong communication and stakeholder management skills with the ability to build effective relationships and trust. Team player with an ownership mindset that is willing to get involved, go above and beyond and assist IT engineers to achieve control requirements. Flexible and comfortable with change, with the ability to quickly pivot based on the needs of the organization Ability to work well with software, application and infrastructure engineers in order to train and guide them on control requirements and procedures. In NYC, the salary range for this position is $124,000- $155,000, which represents base pay only and does not include short-term or long-term incentive compensation. In Los Angeles, the salary range for this position is $112,000- $140,000. The listed salary ranges are specific to Los Angeles or NYC and may not be applicable to other locations. When determining base pay, as part of a final compensation package, we consider several factors such as location, experience, qualifications, and training.