Analyst II, Information Security Vendor Management

Company Overview

Fanatics is building a leading global digital sports platform. The company ignites the passions of global sports fans and maximizes the presence and reach for hundreds of sports partners globally by offering innovative products and services across Fanatics Commerce, Fanatics Collectibles, and Fanatics Betting & Gaming, allowing sports fans to Buy, Collect and Bet. Through the Fanatics platform, sports fans can buy licensed fan gear, jerseys, lifestyle and streetwear products, headwear, and hardgoods; collect physical and digital trading cards, sports memorabilia, and other digital assets; and bet as the company builds its Sportsbook and iGaming platform. Fanatics has an established database of over 100 million global sports fans, a global partner network with over 900 sports properties, including major national and international professional sports leagues, teams, players associations, athletes, celebrities, colleges, and college conferences, and over 2,000 retail locations, including its Lids retail business stores. 

As a market leader with more than 18,000 employees, and hundreds of partners, suppliers, and vendors worldwide, we take responsibility for driving toward more ethical and sustainable practices. We are committed to building an inclusive Fanatics community, reflecting and representing society at every level of the business, including our employees, vendors, partners and fans. Fanatics is also dedicated to making a positive impact in the communities where we all live, work, and play through strategic philanthropic initiatives.

Summary:

Fanatics Holdings Inc. (FHI) is looking for a talented and experienced Information Security Analyst II to manage our Vendor Risk Management (VRM) program for Fanatics Holdings, Inc. (FHI). As the FHI InfoSec Vendor lead, you will play a crucial role in assessing, managing, and driving mitigation of risks associated with our third-party vendors. This is a fantastic opportunity for someone to step up to the next level in their career, work with our diverse business units and subsidiaries, and make a significant impact to the security posture of Fanatics. You will report directly to the VP, Information Security and will be supported by other members of our team as needed. 

Duties and responsibilities may include:

•Identify risks associated with potential FHI third-party vendors, by conducting thorough risk assessments and due diligence to ensure FHI standards are met and maintained. 

•Coordinate and perform risk re-assessment of existing third-party vendors to ensure the continued management and reduction of risk.

•Perform vendor continuous monitoring tasks, utilizing cyber rating platforms to ensure timely alerting of any vendor decreasing controls, or other relevant intelligence. 

•Monitor and track the off-boarding process for vendors, ensuring that all security-related aspects are addressed and terminated in a secure manner. 

•Collaborate with stakeholders and cross-functional teams (i.e., business owners, procurement, legal, privacy, IT teams, and other InfoSec teams etc.) to support the holistic review of the vendor and services/products being provided.

•Assist with the administration and maintenance of the global GRC platform. 

What Skills Are Important To US:

•Experience in Information Security, with a focus on vendor risk management. 

•Experience working with vendor risk assessment tools and platforms. 

•Understanding of Information Security controls and frameworks (e.g., NIST CSF, NIST 800-53, ISO 27001/2, CIS, ISF etc.).

•Ability to work collaboratively in teams and develop meaningful relationships to achieve common goals.

•Strong analytical and problem-solving skills, with a keen attention to detail. 

•Positive and flexible attitude to work in a fast-paced environment with a willingness to embrace new initiatives.

The salary range for this position is $96,000 to $144,000 which represents base pay only and does not include short-term or long-term incentive compensation. When determining base pay, as part of a final compensation package, we consider several factors such as location, experience, qualifications, and training. 

Ensure your Fanatics job offer is legitimate and don’t fall victim to fraud.  Fanatics never seeks payment from job applicants. Feel free to ask your recruiter for a phone call or other type of communication for interview, and ensure your communication is coming from a Fanatics or Fanatics Brand email address.  For added security, where possible, apply through our company website at www.fanaticsinc.com/careers

Tryouts are open at Fanatics! Our team is passionate, talented, unified, and charged with creating the fan experience of tomorrow. The ball is in your court now.

Fanatics is committed to responsible planning and purchasing (RPP) practices, working with its business partners across its global and multi-layered supply chain, to ensure that planning, sourcing, and purchasing decisions, along with other supporting processes, do not impede or conflict with the fulfillment of Fanatics’ fair labor practices.

NOTICE TO CALIFORNIA RESIDENTS/APPLICANTS: In connection with your application, we collect information that identifies, reasonably relates to or describes you (“Personal Information”). The categories of Personal Information that we collect include your name, government issued identification number(s), email address, mailing address, other contact information, emergency contact information, employment history, educational history, criminal record, and demographic information.  We collect and use those categories of Personal Information about you for human resources and other business management purposes, including identifying and evaluating you as a candidate for potential or future employment or other types of positions, recordkeeping in relation to recruiting and hiring, conducting criminal background checks as permitted by law, conducting analytics, and ensuring compliance with applicable legal requirements and Company policies. For additional information on how we collect and use personal information in connection with your job application, review our Candidate Privacy Policy-CA