ABOUT FANDUEL GROUP
FanDuel Group is a world-class team of brands & products all built with one goal in mind to give fans new & innovative ways to interact with their favorite games, sports, teams, & leagues. Thats no easy task, which is why were so dedicated to building a winning team. And make no mistake, we are here to win, but we believe in winning right. That means well never compromise when it comes to looking out for our teammates. From our many opportunities for professional development to our generous insurance & paid leave policies, were committed to making sure our employees get as much out of FanDuel as we ask them to give.
FanDuel Group is based in New York, with offices in California, New Jersey, Florida, Oregon & Scotland. Our brands include:
- FanDuel A game-changing real-money fantasy sports app
- FanDuel Sportsbook Americas #1 sports betting app
- TVG The best-in-class horse racing TV/media network & betting platform
- FanDuel Racing A horse racing app built for the average sports fan
- FanDuel Casino & Betfair Casino Fan-favorite online casino apps
- FOXBet A world-class betting platform an affiliate of FanDuel Group
- PokerStars The premier online poker product an affiliate of FanDuel Group
Our roster has an opening with your name on it
The Manager of Corporate Information Security, Governance, Risk & Compliance will lead the operationalization of security compliance programs to support various compliance regulations by stay abreast of relevant security regulations, laws & technologies, & adjusting programs & processes as required. In addition to driving continuous improvement in this space, the Manager will drive efforts in the areas of security policy, risk management process, & compliance with standards & regulations such as ISO, NIST, GDPR, CCPA, & PCI.
THE GAME PLAN
Everyone on our team has a part to play
- Develop, maintain, & enforce Information Security policies, procedures, standards & governance artifacts.
- Operationalize various GRC capability areas such as enterprise security risk management, compliance management, policy management, security awareness training, third party risk management, & metrics & reporting.
- Perform risk assessments that address security threats, changes to systems and/or applications, process improvement initiatives, supplier assessments (including downstream outsourcers) & other requests from the business.
- Support the development of concrete, actionable roadmaps for improving information security/cybersecurity & IT risk management programs & achieving strategic initiatives (e.g., cloud transformation)
- Work closely with business, technology, & compliance counterparts to understand business objectives, initiatives, & ensure alignment of Information Security risk
- Oversee the information security programs & protection of assets assigned to these programs, as well as the other programs (e.g. data governance, corporate incident response, etc.)
- Advise the leadership team on the appropriate administration of information security standards, assisting them in developing plans within their business units to manage these risks effectively by understanding the fundamental aspects of their business objectives.
- Responsible for procedures & controls to assure compliance with applicable regulatory, contractual & legal requirements as well as good business practices
- Assist with transitions to cloud computing platforms & help build compliant cloud governance programs
- Ensure the identification, analysis, treatment, & timely communication of Cyber Security related threats & vulnerabilities through management of the Cyber Security risk analysis process
- Operationalization of a metrics & reporting function to continually report on meaningful security, risk & compliance metrics for operational & executive management. Develop & manage the automation of KRIs & KPI reporting that align with operational/business risk areas & corporate risk.
- Driving remediation activities from identification, remediation plan & closure. Hold owners accountable to delivery of remediation solutions within the agreed upon/reasonable SLA.
- Development of actionable & agile security compliance programs to support various compliance regulations.
- Ensure the development, documentation, & presentation of IS security education, awareness, & training activities for users & others, as appropriate.
What were looking for in our next teammate
- Experience performing & managing security risk assessments against cyber security or information security standards or governance frameworks (e.g. NIST, ASD, ISO27001)
- Experience working in information security, with a technical understanding of a range of enterprise IT architectures (e.g., web applications, databases, operating systems, server infrastructure, mobile devices, & networking technologies)
- Experience with implementation & assurance /oversight of industry standard security frameworks
- Experience with accrediting information systems utilizing Risk Management Framework (RMF) guidelines
- Ability to translate technical findings & articulate recommendations for non-technical stakeholders
- Knowledge of fundamental cloud, security technologies & tooling, & secure software development lifecycle concepts
- Understanding of international privacy & data protection regulations, such as CCPA & GDPR
- Superior writing & editing skills with the ability to construct well-founded, clear, & concise analyses & recommendations
- Be willing to travel at least 25% with a valid passport
We treat our team right
Competitive compensation is just the beginning. As part of our team, you can expect:
- An exciting & fun environment committed to driving real growth
- Opportunities to build really cool products that fans love
- Mentorship & professional development resources to help you refine your game
- Flexible vacation allowance to let you refuel
- Hall of Fame benefit programs & platforms
FanDuel Group is an equal opportunities employer. Diversity & inclusion in FanDuel means that we respect & value everyone as individuals. We don't tolerate bias, judgement or harassment. Our focus is on developing employees so that they reach their full potential.