ABOUT FANDUEL GROUP
FanDuel Group is a world-class team of brands & products all built with one goal in mind to give fans new & innovative ways to interact with their favorite games, sports, teams, & leagues. Thats no easy task, which is why were so dedicated to building a winning team. And make no mistake, we are here to win, but we believe in winning right. That means well never compromise when it comes to looking out for our teammates. From our many opportunities for professional development to our generous insurance & paid leave policies, were committed to making sure our employees get as much out of FanDuel as we ask them to give.
FanDuel Group is based in New York, with offices in California, New Jersey, Florida, Oregon & Scotland. Our brands include:
- FanDuel A game-changing real-money fantasy sports app
- FanDuel Sportsbook Americas #1 sports betting app
- TVG The best-in-class horse racing TV/media network & betting platform
- FanDuel Racing A horse racing app built for the average sports fan
- FanDuel Casino & Betfair Casino Fan-favorite online casino apps
- FOXBet A world-class betting platform & affiliate of FanDuel Group
- PokerStars The premier online poker product & affiliate of FanDuel Group
Our roster has an opening with your name on it
We are looking for a Supplier Risk Assessment Manager in the Information Security Governance, Risk, & Compliance (GRC) team. Our GRC team has the unique opportunity & visibility to actively partner with departments across FanDuel Group taking a holistic view of the entire company & reducing risk. The GRC the Supplier Risk Assessment Manager will lead supplier risk Assessments related to third parties.
THE GAME PLAN
Everyone on our team has a part to play
- Lead the Information Protection Group Cybersecurity team by managing & performing Security Risk Assessments (SARs) for Infrastructure as a Service (IaaS), Platform as a Service (PaaS), & Software as a Service (SaaS) cloud computing models to align against Information Security Policies for the security of confidentiality, availability, & integrity of information, business delivery & technology.
- Manage SAR reports for continuous assessment to identify data at risk, provide remediation recommendations for applications to transition into production & follow approval process for business owners to obtain the Authority to Operate contingent on business risk.
- Lead assessing innovative solutions using native Cloud Service Provider (CSP) components to transition legacy applications from closing data centers to the public Cloud.
- Communicate & identify issues, which could potentially pose risk to the brand & provide recommendations for controls to mitigate those risks & increase the company's overall security posture.
- Provide technical leadership for FanDuel divisions migrating to the public cloud to protect data in transit & at rest within & outside of the corporate boundaries (i.e., IaaS, PaaS, & SaaS).
- Manage the delivery & plan effectively quality assurance, appraisal & approval of security deliverables to include revising & drafting test plans, security specification reviews & standards & technical documentation.
- Manage Supplier Risk Assessments using FanDuel Group GRC platform, organizing & tracking all supporting evidence for closure, risk management & recommendations regarding cybersecurity controls throughout an asset's lifecycle & create standard process documentation to incorporate within the supplier risk assessment.
- Manage security posture during the early stages within Global Procurement & initiate/create a new documentation to combine within the procurement process for vendor management.
- Lead the initiative to train all new hires on the SRA team & create a continuous yearly training process for member firms within the organization to understand the Supplier Risk Assessment process & act as a mentor/subject matter expert.
- Bring your expertise in supplier risk assessment to assess & report on our information systems ensuring processes & procedures are followed according to Information Security Policy requirements & best practices.
- Work with the GRC team to create, enhance, support, & enforce company policy & practices for risk mitigation.
- Identify & analyze the inherent risks in applications & supporting infrastructure & the controls that management has implemented to mitigate risks.
- Lead, manage & execute complex IT assessment projects including internal audits, system implementations & specialized IT areas (cloud, devsecops, agile development).
- Drive a culture of risk awareness, risk & control visibility with measurable risk reduction & effective reporting, & governance of risk reduction activities.
- Perform onsite assessments & technical review of key vendors to ensure adherence to contractual obligations.
- Document, assess, investigate & map known & unknown areas of risk, then present steps to lower or remove the risk, as appropriate.
- Evaluate risks known & unknown within the company & its operations in accordance with known industry frameworks (i.e., ISO, SCF, NIST, GLI-33).
- Manage & report on resolution of SAR findings, including provision of evidence for closure & create risk register.
What were looking for in our next teammate
- Experience running & managing third party risk assessments for a company with significant regulatory requirements, preferably Financial Services is required.
- Supplier Risk Management experience, including developing & deploying remediation action plan is required.
- Design & document IT compliance-specific process & procedure, as needed.
- Strengthen relationships with cross functional teams to promote collaboration & cohesiveness.
- Easily adapt to a rapidly evolving, faced paced, cyber security environment as it relates to changes in strategy or risk.
- Demonstrate a strong understanding of the Information Security, IT environment & its impact on business risk.
- Strong understanding of technical terminology (e.g., platforms, architecture, ISO 27001, GLI-33 & SCF).
- Public Cloud experience preferred.
- Experience with using GRC platforms like ZenGRC considered a major plus.
- Demonstrate ability to develop a strategy, & design & execute on the associated plan.
- Strong verbal & written communication skills.
- Strong organizational skills & attention to detail.
- Professional presence & demeanor.
- Demonstrated ability to work with all levels in an organization.
- Minimum of 5 years of Supplier Risk Management, Information Security, IT Auditing or equivalent experience preferred
We treat our team right
Competitive compensation is just the beginning. As part of our team, you can expect:
- An exciting & fun environment committed to driving real growth
- Opportunities to build really cool products that fans love
- Mentorship & professional development resources to help you refine your game
- Flexible vacation allowance to let you refuel
- Hall of Fame benefit programs & platforms
FanDuel Group is an equal opportunities employer. Diversity & inclusion in FanDuel means that we respect & value everyone as individuals.We don't tolerate bias, judgement or harassment. Our focus is on developing employees so that they reach their full potential.