Senior GRC Analyst

Job Summary

We are seeking a highly organized, detail-oriented, and communicative Information Security (IS) Governance, Risk Management and Compliance, Senior Analyst to oversee the implementation and operating effectiveness of: IT SOX General Controls (ITGCs), third-party vendor risk assessments, audit readiness, user phishing and training campaigns and privacy compliance/DSAR oversight for the Collectibles line of business.

What you'll be doing -

• Consult, train and guide control owners to design and operate effective IT processes and controls to meet industry best practices and IT SOX control requirements.
• Support execution of IT SOX controls: evidence collection, testing coordination, and walkthrough support.
• Distribute and review third-party risk questionnaires.
• Document vendor assessments and maintain vendor risk profiles in the our TPRM system, AuditBoard.
• Execute with user awareness campaigns, phishing simulations and security trainings.
• Administer and maintain GRC platform, AuditBoard and training and phishing awareness platform, KnowBe4.
• Generate and deliver recurring dashboards, metrics, and status reports for GRC leadership.
• Adapt to the needs of the organization and implement policies and procedures that are attainable by a lean organization.
• Define and implement IT KPIs and metrics, reports and dashboards for consumption by all levels of the organization.
• Train and guide software, application and infrastructure engineers on control requirements and procedures.
• Independently monitor and test IT controls against various frameworks such as, IT SOX, PCI, NIST CSF and NIST Privacy.
• Produce effective communications and train the IT organization on policies and procedures.
• Produce clear and concise status reports for all levels.
• Independently meet and interface with Compliance partners and bridge communication with the Infrastructure, Engineering and Information Security organization.

What we're looking for -

• 5 – 10 years of experience in an IT Risk, Internal Controls, Audit or Compliance role
• Experience in a publicly traded company or with SEC/SOX compliance.
• Familiarity with cloud service risks (e.g., AWS, Azure).
• Understanding of data privacy regulations (GDPR, CCPA) is a plus.
• Basic technical understanding of IT systems, authentication, and security concepts.
• Experience defining and implementing IT and IS KPIs and metrics; Experience tracking and defining KPI reports and dashboards for consumption by all levels of the organization
• Strong communication and stakeholder management skills with the ability to build effective relationships and trust.
• Team player with an ownership mindset that is willing to get involved, go above and beyond and assist IT engineers to achieve control requirements.
• Flexible and comfortable with change, with the ability to quickly pivot based on the needs of the organization
• Ability to work well with software, application and infrastructure engineers in order to train and guide them on control requirements and procedures.

In NYC, the salary range for this position is $124,000- $155,000, which represents base pay only and does not include short-term or long-term incentive compensation. In Los Angeles, the salary range for this position is $112,000- $140,000. The listed salary ranges are specific to Los Angeles or NYC and may not be applicable to other locations. When determining base pay, as part of a final compensation package, we consider several factors such as location, experience, qualifications, and training.

Ensure your Fanatics job offer is legitimate and don’t fall victim to fraud. Fanatics never seeks payment from job applicants. Feel free to ask your recruiter for a phone call or other type of communication for interview, and ensure your communication is coming from a Fanatics email address (including @collectfanatics.com). For added security, where possible, apply through our company website at www.fanaticsinc.com/careers.