Sr. Manager, Information Security GRC chez Fanatics Retail Group Fulfillment, LLC

The Role 

The Sr. Manager, Information Security GRC (Fanatics Corporate) reports to the VP, Information Security (GRC) and will focus efforts on managing all cyber and third-party risks for Fanatics Corporate. In this you will play a crucial role in assessing, managing, and driving mitigation of risks associated with both our third-parties (vendors, suppliers, and partners) and our wider cybersecurity program. You will drive a comprehensive risk management approach, while supporting subsidiary cybersecurity teams in maturing and standardizing their risk programs. 

What You'll Do: 

• Oversee cyber and third-party risk management for the corporate entity, ensuring alignment with business objectives. 
• Assist subsidiary InfoSec teams in developing and maturing their risk management programs. 
• Establish consistent reporting mechanisms for executives and board functions, providing clear risk insights. 
• Drive adoption of enterprise-wide risk assessment methodologies, frameworks, and tools. 
• Collaborate with key stakeholders to enhance risk governance and ensure compliance with regulatory requirements. 
• Monitor emerging threats, evolving regulations, and industry best practices to continuously improve risk posture. 
• Identify risks associated with potential Corporate third-party vendors, by conducting thorough risk assessments and due diligence to ensure Corporate standards are met and maintained
• Coordinate and perform risk re-assessment of existing third-party vendors to ensure the continued management and reduction of risk.
• Perform vendor continuous monitoring tasks, utilizing cyber rating platforms to ensure timely alerting of any vendor decreasing controls, or other relevant intelligence. 
• Monitor and track the off-boarding process for vendors, ensuring that all security-related aspects are addressed and terminated in a secure manner. 
• Collaborate with stakeholders and cross-functional teams (i.e., business owners, procurement, legal, privacy, IT teams, and other InfoSec teams etc.) to support the holistic review of the vendor and services/products being provided. 
• Assist with the administration and maintenance of the global GRC platform. 

What We're Looking For: 

• Considerable experience working in Information Security GRC, with focus on leading a risk management program, or ability to step up into such a position. 
• Considerable experience of working with third-party risk assessment tools and cyber rating platforms. 
• Strong understanding of Information Security risk frameworks (e.g., ISO, NIST, FAIR etc.). 
• Strong understanding of Information Security control frameworks (e.g., NIST, CIS, SCF etc.). 
• Strong understanding of Information Security Third-Party frameworks and processes.
• Ability to work collaboratively in teams and develop meaningful relationships to achieve common goals. 
• Excellent presentation and communication skills. 
• Excellent influencing and problem resolution skills. 

Job Locations: New York - NY, Jacksonville – FL, Atlanta – GA. 

Mandatory office attendance: four days per week, with flexibility to choose which days in coordination with your manager.

In NYC, the salary range for this position is $165,000 to $200,000, which represents base pay only and does not include short-term or long-term incentive compensation. When determining base pay, as part of a final compensation package, we consider several factors such as location, experience, qualifications, and training. 

Company