ABOUT FANDUEL GROUP
FanDuel Group is a world-class team of brands & products all built with one goal in mind to give fans new & innovative ways to interact with their favorite games, sports, teams, & leagues. Thats no easy task, which is why were so dedicated to building a winning team. And make no mistake, we are here to win, but we believe in winning right. That means well never compromise when it comes to looking out for our teammates. From our many opportunities for professional development to our generous insurance & paid leave policies, were committed to making sure our employees get as much out of FanDuel as we ask them to give.
Our brands include:
- FanDuel A game-changing real-money fantasy sports app
- FanDuel Sportsbook Americas #1 sports betting app
- FanDuel TV "The Bettor Sports Network" bringing live sports & interactive content to the games fans care about most
- FanDuel Racing A horse racing app built for the average sports fan
- FanDuel Casino & Betfair Casino Fan-favorite online casino apps
- FOXBet A world-class betting platform & affiliate of FanDuel Group
- PokerStars The premier online poker product & affiliate of FanDuel Group
Our roster has an opening with your name on it
We are looking for a Governance Senior Manager in the Information Security Governance, Risk, & Compliance (GRC) team. As a Governance Senior Manager, you will leverage your experience to manage FanDuel Cybersecurity Department, Information Security Policies, Standards & Guidelines, ISO 27001 Information Security Management System (ISMS) & Business Continuity/Disaster Recovery across the enterprise to reduce information security & information technology (IT) risks.
THE GAME PLAN:
Everyone on our team has a part to play
- Lead Cybersecurity Department (CSD) by developing & managing risk register in alignment against Information Security Policies for the security of confidentiality, availability, integrity of information, business delivery, technology, & safety.
- Lead Security Governance, Business Continuity/Disaster Recovery, & ISO team to create, enhance, support, & enforce security policies & practices for risk mitigation.
- Lead ISO 27001 & financial certifications for FanDuel Group.
- Bring your expertise in risk assessment to assess & report on our information systems ensuring processes & procedures are followed according to Information Security Policy requirements & best practices.
- Identify & analyze the inherent risks in applications & supporting infrastructure & the controls that management has implemented to mitigate risks.
- Lead the implementation of ISO 27001 framework alignment with the Information Security management System (ISMS) per FDG vertical & drive FDG
- Lead the initiative to train all new hires on the Governance team & create a continuous yearly training process for member firms within the organization to understand the CSD Risk posture & act as a mentor/subject matter expert.
- Lead, manage, & execute complex IT assessment projects including internal audits, system implementations, & specialized IT areas (cloud, devsecops, agile development).
- Drive a culture of risk awareness, risk & control visibility with measurable risk reduction & effective reporting, & governance of risk reduction activities.
- Perform assessments & technical review to ensure adherence for compliance. Evaluate risks known & unknown within the company & its operations in accordance with known industry frameworks (i.e., ISO, SCF, NIST, GLI-33).
- Document, assess, investigate, & map known & unknown areas of risk, then present steps to remediate and/or mitigate risk, as appropriate.
- Manage the planning & implementation of policies, standards, & procedures to protect FanDuels Information Security assets, including the scheduling, & leading of management review meetings.
- Create an asset register to identify & analyze the inherent risks within Cybersecurity Dept. & Technology.
- Collaborate with the various SMEs departments at FanDuel in maintaining the ISMS.
- Lead & participate in business continuous improvement & continuity efforts such as presentations, training, & meetings.
- Lead business continuity & Disaster recovery team to reduce risk associated with the loss of availability.
- Create system security plans, plan of action & milestones, personnel training, & help drive security governance to support the ISMS.
- Facilitate & maintain Risk assessment & Risk treatment plan execution & database status to support the ISMS.
- Document within GRC tool all nonconformities & drive remediation efforts for risks identified in the risk register.
- Lead security awareness training for the organization.
- Lead Data Lifecycle program for Cybersecurity Department.
What we're looking for in our next teammate
- At least 7-10 years of Risk Management, Information Security, IT auditing or equivalent experience.
- Certifications such as CISSP, CISA, CGEIT, CRISC, CAP, & ISO 27001 Third Party Lead Auditor is a plus.
- Demonstrate a strong understanding of Information Security, the IT environment, & their impact on business risk.
- Risk Management experience, including developing & deploying remediation plans required.
- Experience running & managing risk assessments & risk registers for a firm with significant regulatory requirements, preferably Financial Services.
- Experience designing, documenting, & evaluating Security & IT compliance requirements based on the needs of an organization.
- Ability to lead GRC monthly risk metrics & report any incidents for regulatory requirements for FanDuel Group.
- Easily adapt to a rapidly evolving, faced-paced, cyber security environment as it relates to changes in strategy or risk.
- Experience with using GRC platforms like ZenGRC considered a major plus.
- Demonstrate ability to develop a strategy, & design & execute on the associated plan.
- Strong knowledge of ISO 27001 requirements & their applicability.
- Strong analytical, interpersonal, & communication skills (both verbal & written).
- Experience leading & mentoring others to help them grow in their positions & the industry.
- Strong project management skills & ability to work independently on engagements.
- Bachelor's degree or higher in Cybersecurity, Cyber Defense, Information Management Systems, or equivalent Cybersecurity qualifications.
- Experience in data privacy standards like GDPR, CCPA is a plus.
- Privacy certifications, such as CDPSE or CIPP/CIPM, is a plus.
- Experience with PCI DSS, including previous certification as a QSA, ISA, PCIP, is a plus.
- Job description may change depending on business needs.
We treat our team right
Competitive compensation is just the beginning. As part of our team, you can expect:
- An exciting & fun environment committed to driving real growth
- Opportunities to build really cool products that fans love
- Mentorship & professional development resources to help you refine your game
- Flexible vacation allowance to let you refuel
- Hall of Fame benefit programs & platforms
FanDuel Group is an equal opportunities employer. Diversity & inclusion in FanDuel means that we respect & value everyone as individuals. We don't tolerate bias, judgement or harassment. Our focus is on developing employees so that they reach their full potential.