ABOUT FANDUEL GROUP

FanDuel Group is a world-class team of brands and products all built with one goal in mind — to give fans new and innovative ways to interact with their favorite games, sports, teams, and leagues. That’s no easy task, which is why we’re so dedicated to building a winning team. And make no mistake, we are here to win, but we believe in winning right. That means we’ll never compromise when it comes to looking out for our teammates. From our many opportunities for professional development to our generous insurance and paid leave policies, we’re committed to making sure our employees get as much out of FanDuel as we ask them to give.

FanDuel Group is based in New York, with offices in California, New Jersey, Florida, Oregon and Scotland. Our brands include:

  • FanDuel — A game-changing real-money fantasy sports app
  • FanDuel Sportsbook — America’s #1 sports betting app
  • TVG — The best-in-class horse racing TV/media network and betting platform
  • FanDuel Racing — A horse racing app built for the average sports fan
  • FanDuel Casino & Betfair Casino — Fan-favorite online casino apps
  • FOXBet — A world-class betting platform and affiliate of FanDuel Group
  • PokerStars — The premier online poker product and affiliate of FanDuel Group

 

THE POSITION

Our roster has an opening with your name on it

The Cyber Security TPSA (Third Party Supplier Assurance) Analyst will ensure that we maintain a safe and healthy relationship with suppliers via third-party risk management processes.

THE GAME PLAN
Everyone on our team has a part to play

  • The Cyber Security TPSA Analyst must understand the cyber security risks posed by third parties working across with group and in context to the Flutter risk appetite.
  • The analyst will identify and assist with the management of third-party risk using established risk management processes both at group and divisional level.
  • Working within the third-party supplier engagement life cycle, the analyst will complete security assessments of new suppliers.
  • Perform continuous assessments of existing suppliers based on a risk-based selection process. This process involves reviewing evidence of the third-parties control environment.
  • When the relationship ends with a third-party supplier, the analyst must work with the business relationship owner to ensure that contract termination activities have been completed, including ensuring all Flutter data and assets have been deleted or returned.
  • Ensure the list of suppliers for the Flutter group is updated with accurate information including business relationship owners and the risk category.
  • Support the procurement process with the provision of relevant security contract clauses.
  • In collaboration with the Cyber Security Senior Manager – Technical Operational Compliance assess and track remediation plans for control deficiencies uncovered.
  • Work with the business relationship owner to ensure security is a top priority and build safe and healthy relationships with third party suppliers.
  • Perform regular governance activities to ensure third parties are being managed appropriately, e.g. no excessive access entitlements assigned.
  • Ensure any systems used to support the assurance program remain operational; including the monitoring of performance, ensure that the systems remain patched and any upgrades are managed.
  • Support the group business processes with accurate, relevant risk-based information about a third-party supplier’s security posture.
  • Collate data for other risk reporting functions as required, e.g. Flutter KRI regular reporting, internal or external audit.
  • Maintain accurate records of all TPSA activity which can stand up to scrutiny by internal & external auditors as well as divisional stakeholders.
  • Build and maintain relationships with key stakeholders across the group.

 

THE STATS

What we’re looking for in our next teammate

  • A security information security governance, risk & compliance professional with an understanding of third-party cyber security risk.
  • Experience of dealing with supplier contracts, security controls, industry standard security processes and technologies, and personal data regulations (e.g. GDPR).
  • Experience performing risk assessments of the supply chain and articulating the risk to ensure processes and technologies are adapted to manage the risk to an acceptable level.
  • Understanding of the risk management lifecycle.
  • Inquisitive, disciplined and logical thinker who possesses strong investigative and analytical qualities that will translate into providing independent and objective analysis of cyber security Risk based on complex data sets.
  • Excellent verbal and written communications skills with a flexible attitude and the ability to meet deadlines under pressure.
  • Able to adapt communication style and to appreciate different and opposing perspectives across multiple divisions.
  • Results-oriented with the ability to influence outcomes with pragmatic recommendations and guidance.
  • A working knowledge of current IT Security standards such as ISO 27001, PCI, NIST, ISF, UKGC and Data Protection.
  • CRISC, CISA, CISSP, ISO 27001, COBIT, or ITIL certification is desirable.

 

THE CONTRACT
We treat our team right

Competitive compensation is just the beginning. As part of our team, you can expect:

  • An exciting and fun environment committed to driving real growth
  • Opportunities to build really cool products that fans love
  • Mentorship and professional development resources to help you refine your game
  • Flexible vacation allowance to let you refuel
  • Hall of Fame benefit programs and platforms

FanDuel Group is an equal opportunities employer. Diversity and inclusion in FanDuel means that we respect and value everyone as individuals. We don't tolerate bias, judgement or harassment.  Our focus is on developing employees so that they reach their full potential.

Apply for this Job

* Required

  
  


U.S. Equal Opportunity Employment Information (Completion is voluntary)

Individuals seeking employment at FanDuel are considered without regards to race, color, religion, national origin, age, sex, marital status, ancestry, physical or mental disability, veteran status, gender identity, or sexual orientation. You are being given the opportunity to provide the following information in order to help us comply with federal and state Equal Employment Opportunity/Affirmative Action record keeping, reporting, and other legal requirements.

Completion of the form is entirely voluntary. Whatever your decision, it will not be considered in the hiring process or thereafter. Any information that you do provide will be recorded and maintained in a confidential file.

Race & Ethnicity Definitions

If you believe you belong to any of the categories of protected veterans listed below, please indicate by making the appropriate selection. As a government contractor subject to Vietnam Era Veterans Readjustment Assistance Act (VEVRAA), we request this information in order to measure the effectiveness of the outreach and positive recruitment efforts we undertake pursuant to VEVRAA. Classification of protected categories is as follows:

A "disabled veteran" is one of the following: a veteran of the U.S. military, ground, naval or air service who is entitled to compensation (or who but for the receipt of military retired pay would be entitled to compensation) under laws administered by the Secretary of Veterans Affairs; or a person who was discharged or released from active duty because of a service-connected disability.

A "recently separated veteran" means any veteran during the three-year period beginning on the date of such veteran's discharge or release from active duty in the U.S. military, ground, naval, or air service.

An "active duty wartime or campaign badge veteran" means a veteran who served on active duty in the U.S. military, ground, naval or air service during a war, or in a campaign or expedition for which a campaign badge has been authorized under the laws administered by the Department of Defense.

An "Armed forces service medal veteran" means a veteran who, while serving on active duty in the U.S. military, ground, naval or air service, participated in a United States military operation for which an Armed Forces service medal was awarded pursuant to Executive Order 12985.


Form CC-305

OMB Control Number 1250-0005

Expires 05/31/2023

Voluntary Self-Identification of Disability

Why are you being asked to complete this form?

We are a federal contractor or subcontractor required by law to provide equal employment opportunity to qualified people with disabilities. We are also required to measure our progress toward having at least 7% of our workforce be individuals with disabilities. To do this, we must ask applicants and employees if they have a disability or have ever had a disability. Because a person may become disabled at any time, we ask all of our employees to update their information at least every five years.

Identifying yourself as an individual with a disability is voluntary, and we hope that you will choose to do so. Your answer will be maintained confidentially and not be seen by selecting officials or anyone else involved in making personnel decisions. Completing the form will not negatively impact you in any way, regardless of whether you have self-identified in the past. For more information about this form or the equal employment obligations of federal contractors under Section 503 of the Rehabilitation Act, visit the U.S. Department of Labor’s Office of Federal Contract Compliance Programs (OFCCP) website at www.dol.gov/ofccp.

How do you know if you have a disability?

You are considered to have a disability if you have a physical or mental impairment or medical condition that substantially limits a major life activity, or if you have a history or record of such an impairment or medical condition.

Disabilities include, but are not limited to:

  • Autism
  • Autoimmune disorder, for example, lupus, fibromyalgia, rheumatoid arthritis, or HIV/AIDS
  • Blind or low vision
  • Cancer
  • Cardiovascular or heart disease
  • Celiac disease
  • Cerebral palsy
  • Deaf or hard of hearing
  • Depression or anxiety
  • Diabetes
  • Epilepsy
  • Gastrointestinal disorders, for example, Crohn's Disease, or irritable bowel syndrome
  • Intellectual disability
  • Missing limbs or partially missing limbs
  • Nervous system condition for example, migraine headaches, Parkinson’s disease, or Multiple sclerosis (MS)
  • Psychiatric condition, for example, bipolar disorder, schizophrenia, PTSD, or major depression

1Section 503 of the Rehabilitation Act of 1973, as amended. For more information about this form or the equal employment obligations of Federal contractors, visit the U.S. Department of Labor's Office of Federal Contract Compliance Programs (OFCCP) website at www.dol.gov/ofccp.

PUBLIC BURDEN STATEMENT: According to the Paperwork Reduction Act of 1995 no persons are required to respond to a collection of information unless such collection displays a valid OMB control number. This survey should take about 5 minutes to complete.