Sr. Manager, Information Security GRC

The Role

The Sr. Manager, Information Security GRC (Fanatics Corporate) reports to the VP, Information Security (GRC) and will focus efforts on managing all cyber and third-party risks for Fanatics Corporate. In this you will play a crucial role in assessing, managing, and driving mitigation of risks associated with both our third-parties (vendors, suppliers, and partners) and our wider cybersecurity program. You will drive a comprehensive risk management approach, while supporting subsidiary cybersecurity teams in maturing and standardizing their risk programs.

What You'll Do:

• Oversee cyber and third-party risk management for the corporate entity, ensuring alignment with business objectives.
• Assist subsidiary InfoSec teams in developing and maturing their risk management programs.
• Establish consistent reporting mechanisms for executives and board functions, providing clear risk insights.
• Drive adoption of enterprise-wide risk assessment methodologies, frameworks, and tools.
• Collaborate with key stakeholders to enhance risk governance and ensure compliance with regulatory requirements.
• Monitor emerging threats, evolving regulations, and industry best practices to continuously improve risk posture.
• Identify risks associated with potential Corporate third-party vendors, by conducting thorough risk assessments and due diligence to ensure Corporate standards are met and maintained
• Coordinate and perform risk re-assessment of existing third-party vendors to ensure the continued management and reduction of risk.
• Perform vendor continuous monitoring tasks, utilizing cyber rating platforms to ensure timely alerting of any vendor decreasing controls, or other relevant intelligence.
• Monitor and track the off-boarding process for vendors, ensuring that all security-related aspects are addressed and terminated in a secure manner.
• Collaborate with stakeholders and cross-functional teams (i.e., business owners, procurement, legal, privacy, IT teams, and other InfoSec teams etc.) to support the holistic review of the vendor and services/products being provided.
• Assist with the administration and maintenance of the global GRC platform.

What We're Looking For:

• Considerable experience working in Information Security GRC, with focus on leading a risk management program, or ability to step up into such a position.
• Considerable experience of working with third-party risk assessment tools and cyber rating platforms.
• Strong understanding of Information Security risk frameworks (e.g., ISO, NIST, FAIR etc.).
• Strong understanding of Information Security control frameworks (e.g., NIST, CIS, SCF etc.).
• Strong understanding of Information Security Third-Party frameworks and processes.
• Ability to work collaboratively in teams and develop meaningful relationships to achieve common goals.
• Excellent presentation and communication skills.
• Excellent influencing and problem resolution skills.

Job Locations: New York - NY, Jacksonville – FL, Atlanta – GA.

Mandatory office attendance: four days per week, with flexibility to choose which days in coordination with your manager.

In NYC, the salary range for this position is $165,000 to $200,000, which represents base pay only and does not include short-term or long-term incentive compensation. When determining base pay, as part of a final compensation package, we consider several factors such as location, experience, qualifications, and training.