ABOUT FANDUEL GROUP
FanDuel Group is a world-class team of brands & products all built with one goal in mind to give fans new & innovative ways to interact with their favorite games, sports, teams, & leagues. Thats no easy task, which is why were so dedicated to building a winning team. And make no mistake, we are here to win, but we believe in winning right. That means well never compromise when it comes to looking out for our teammates. From our many opportunities for professional development to our generous insurance & paid leave policies, were committed to making sure our employees get as much out of FanDuel as we ask them to give.
FanDuel Group is based in New York, with offices in California, New Jersey, Florida, Oregon & Scotland. Our brands include:
- FanDuel A game-changing real-money fantasy sports app
- FanDuel Sportsbook Americas #1 sports betting app
- TVG The best-in-class horse racing TV/media network & betting platform
- FanDuel Racing A horse racing app built for the average sports fan
- FanDuel Casino & Betfair Casino Fan-favorite online casino apps
- FOXBet A world-class betting platform an affiliate of FanDuel Group
- PokerStars The premier online poker product an affiliate of FanDuel Group
Our roster has an opening with your name on it
Responsible for the leadership of a comprehensive Governance, Risk & Compliance program, the Director of Information Security Governance, Risk, & Compliance will manage & work proactively across the FanDuel Group to ensure IT/Security compliance risk requirements through continuous monitoring & remediation of technological & procedural controls. In addition to building a function to interface with internal auditors & external auditors, the Director will develop a group from the ground up & take on increasing responsibilities leading a team.
THE GAME PLAN
Everyone on our team has a part to play
- Cultivate & Manage cybersecurity findings & policy exceptions by communicating across departments to evaluate technical & procedural controls for the severity & potential business impacts.
- Develop & manage an eGRC compliance portal where the FanDuel Group can ensure compliance
- Create a risk register to identify business risks with frameworks such as ISO, NIST, GDPR, CCPA, & PCI
- Lead to become ISO 27001 compliant for accreditation of Policy requirements.
- Review any potential existing exceptions & findings & ensure they are closed as well as find solutions to systemically mitigate them in the future.
- Write & review all policy documentation & update them on a regular basis for compliance & Regulatory requirements.
- Manage process improvements & provide training for the risk management program collaborating with Privacy, Legal & SMEs across the organization & industry for regulatory compliance
- Lead all examinations of IT & Operations (PCI, SOX, SOC, Regulatory, etc) running exams with third party assessors for PCI, SOC, etc. & work with internal counterparts from Internal Audit to ensure they obtain what is needed to complete the audits & confirm issue are mitigated and/or remediated.
- Information Systems Risk Assessments on all significant new technologies, which include deep dives on Security & Compliance.
- Support client/partner requests for information on Security & Compliance & perform third party assessments including suppliers.
- Prepare, manage, & test Plans for Business Continuity, Disaster Recovery, Site & Team Level Plans.
- Develop & maintain the documentation around Information Security Program including Information Security Policies, Standards & Baselines.
- Develop/manage a process on how to embed security with first stages within the procurement process.
What were looking for in our next teammate
- Experience performing & managing security risk assessments against cyber security or information security standards or governance frameworks (e.g. NIST, ASD, ISO27001)
- Experience working in information security, with a technical understanding of a range of enterprise IT architectures (e.g., web applications, databases, operating systems, server infrastructure, mobile devices, & networking technologies)
- Experience with implementation & assurance /oversight of industry standard security frameworks
- Experience with accrediting information systems utilizing Risk Management Framework (RMF) guidelines
- Ability to translate technical findings & articulate recommendations for non-technical stakeholders
- Knowledge of fundamental cloud, security technologies & tooling, & secure software development lifecycle concepts
- Understanding of international privacy & data protection regulations, such as CCPA & GDPR
- Superior writing & editing skills with the ability to construct well-founded, clear, & concise analyses & recommendations
- Be willing to travel at least 25% with a valid passport
We treat our team right
Competitive compensation is just the beginning. As part of our team, you can expect:
- An exciting & fun environment committed to driving real growth
- Opportunities to build really cool products that fans love
- Mentorship & professional development resources to help you refine your game
- Flexible vacation allowance to let you refuel
- Hall of Fame benefit programs & platforms
FanDuel Group is an equal opportunities employer. Diversity & inclusion in FanDuel means that we respect & value everyone as individuals. We don't tolerate bias, judgement or harassment. Our focus is on developing employees so that they reach their full potential.