ABOUT FANDUEL GROUP
FanDuel Group is a world-class team of brands and products all built with one goal in mind — to give fans new and innovative ways to interact with their favorite games, sports, teams, and leagues. That’s no easy task, which is why we’re so dedicated to building a winning team. And make no mistake, we are here to win, but we believe in winning right. That means we’ll never compromise when it comes to looking out for our teammates. From our many opportunities for professional development to our generous insurance and paid leave policies, we’re committed to making sure our employees get as much out of FanDuel as we ask them to give.
FanDuel Group is based in New York, with offices in California, New Jersey, Florida, Oregon and Scotland. Our brands include:
- FanDuel — A game-changing real-money fantasy sports app
- FanDuel Sportsbook — America’s #1 sports betting app
- TVG — The best-in-class horse racing TV/media network and betting platform
- FanDuel Racing — A horse racing app built for the average sports fan
- FanDuel Casino & Betfair Casino — Fan-favorite online casino apps
- FOXBet — A world-class betting platform and affiliate of FanDuel Group
- PokerStars — The premier online poker product and affiliate of FanDuel Group
Our roster has an opening with your name on it
We are looking for a Cybersecurity Governance Analyst in the Information Security Governance, Risk, and Compliance (GRC) team. The Cybersecurity Governance Analyst will assist in identifying, developing, implementing, and maintaining policies and standards across the enterprise to reduce information security and information technology (IT) risks.
THE GAME PLAN
Everyone on our team has a part to play
- Define, publish, and maintain Information Security policies, standards and guidelines.
- Partner with the enterprise Engineering team and other key IT leaders to create, publish, and continuously improve the information security architecture for the enterprise.
- Align Information Security processes with Cyber Security Framework such as ISO 27001, PCI, NIST, GLI-33 and SCF.
- Drive Security Awareness efforts throughout the organization
- Assist with implementing information security program and security control assessment strategy.
- Provide guidance on security controls involving password and access management, segregation of duties, logging and monitoring, data encryption, data backup and recovery, disaster recovery, business continuity management, etc.
- Review compliance with the information security policy and standards.
- Provide periodic reporting on information security issues and gaps for compliance with the enterprise information security policies, standards, and procedures among employees, contractors, alliances, and other third parties.
- Coordinate the execution of security governance and assessment control initiatives.
- Provide high quality work by ensuring accuracy and seeking to continuously improve information security processes by embracing new and better ways of doing things.
- Investigate, recommend, and follow up appropriate corrective actions for identified security deficiencies and policy exceptions.
- Identify security risks to the business units and ensure appropriate data security procedures are in alignment with policies.
- Act as a liaison to the business and IT groups and assist them in the implementation of data security, compliance requirements, and information security technologies.
- Assist projects as needed by business and provide guidance/training to less experienced staff within the GRC team.
What we’re looking for in our next teammate
- 3+ years of documenting Information Security Governance documentation, technical experience in the security aspects of multiple platforms, operating systems, software, communications and network protocols or an equivalent combination of education and work experience.
- Minimum of 3 years of Risk Management, Information Security, IT Auditing or equivalent experience
- Demonstrate a strong understanding of the Information Security, IT environment and its impact on business risk.
- Strong understanding of SCF, NIST and ISO control framework.
- Strong interpersonal skills with the ability to work effectively in a matrixed organization.
- Strong project management skills, technical writing and presentation skills
- Ability to rapidly learn and apply advanced and emerging technical security principles, theories, and concepts.
- Ability to work under pressure with a positive mindset
- Strong knowledge of cloud security concepts and Devsecops practices
- Exceptional analytical ability, communication and project management skills, and the ability to work effectively with all levels within the organization, IT management and staff, vendors, and consultants.
- Strengthen relationships with cross functional teams to promote collaboration and cohesiveness.
- Easily adapt to a rapidly evolving, faced paced, cyber security environment as it relates to changes in strategy or risk.
- Public Cloud experience preferred.
- Experience with using GRC platforms
- Demonstrate ability to develop a strategy, and design and execute on the associated plan.
- Strong organizational skills and attention to detail.
- Bachelor’s degree or at least minimum of 3 years of Technical Risk Management, Information Security, IT Auditing or equivalent experience preferred
- Certifications preferred (CISA, CRISC, CGEIT, CISM, CISSP, CCSK, CCSP, PCI, etc.)
We treat our team right
Competitive compensation is just the beginning. As part of our team, you can expect:
- An exciting and fun environment committed to driving real growth
- Opportunities to build really cool products that fans love
- Mentorship and professional development resources to help you refine your game
- Flexible vacation allowance to let you refuel
- Hall of Fame benefit programs and platforms
FanDuel Group is an equal opportunities employer. Diversity and inclusion in FanDuel means that we respect and value everyone as individuals. We don't tolerate bias, judgement or harassment. Our focus is on developing employees so that they reach their full potential.