Vendor Risk Specialist - #15156

Job Description

Fanatics is the ultimate one-stop sports fan destination that ignites and harnesses the passion of fans and maximizes the presence and reach for preeminent sports partners globally. Leveraging long-standing, often exclusive relationships with more than 900 sports properties, a database of more than 90 million consumers worldwide and a trusted brand name, Fanatics is furthering its innovation across the sports landscape by building the leading global digital sports platform, complete with offerings including e-commerce and licensed merchandise, physical and digital trading cards and collectibles, and online sports betting and iGaming. The Fanatics family of companies currently includes Fanatics Commerce, a vertically-integrated licensed merchandise business that has changed the way fans purchase their favorite team apparel, jerseys, headwear and hardgoods through a tech-infused approach to making and quickly distributing fan gear in today’s 24/7 mobile-first economy; Fanatics Collectibles, a transformative company that is building a new model for the hobby and giving collectors an end-to-end physical and digital collectibles experience; and Fanatics Betting & Gaming, a mobile betting, gaming and retail sportsbook platform. As a market leader with more than 10,000 employees, and hundreds of partners, suppliers, and vendors worldwide, we take responsibility for driving toward more ethical and sustainable practices. We are committed to building an inclusive Fanatics community, reflecting and representing society at every level of the business, including our employees, vendors, partners and fans. Fanatics is also dedicated to making a positive impact in the communities where we all live, work, and play through strategic philanthropic initiatives. At Fanatics, we’re a diverse, passionate group of employees aiming to ignite pride and passion in the fans we outfit, celebrate and support. We recognize that diversity helps drive and foster innovation, and through our IDEA program (inclusion, diversity, equality and advocacy) at Fanatics we provide employees with tools and resources to feel connected and engaged in who they are and what they do to support the ultimate fan experience. Fanatics is looking for a Governance, Risk, and Compliance (GRC) Specialist to join our Information Security team. This position will be responsible for holistically managing vendors throughout the vendor life cycle, and providing dedicated support for other GRC tasks during audit and risk assessment cycles. This role will also conduct vendor due diligence, perform vendor audits, write policies and procedures, and support in dashboarding and reporting. Our team members are given a great deal of autonomy in the pursuit of keeping Fanatics secure and a successful candidate will demonstrate strong communication skills and is expected to be comfortable and effective working independently and as part of a larger, highly distributed team. We're looking specifically for folks who can communicate broadly across different skill sets and set the pace to achieve organizational goals. Fanatics is a fast-growing company and our security program needs to be able to keep pace with that growth while not disrupting innovation.

Responsibilities:

• Facilitate new vendor risk assessments as part of the due diligence process
• Identify, analyze and report vendor risk throughout the vendor lifecycle
• Perform vendor risk calculations and scoring, to assign risk classification
• Manage the vendor risk database, including vendor onboarding, profile management and updates, and offboarding activities to ensure a dynamic and up-to-date inventory
• Collect, review, and manage vendor attestations (PCI DSS AOCs, SOC reports, ISO 27001 certificates)
• Provide support on audit-related requests for vendor compliance evidence
• Investigate vendor incidents and breaches to assess impact and risks
• Develop internal dashboards for monitoring and reporting vendor risk data and trends
• Coordinate and collaborate with business stakeholders, security engineers, and compliance and risk subject matter experts, to identify and evaluate vendor risks
• Partner with legal and procurement teams to drive vendor risk mitigation efforts through sourcing and contracting activities
• Direct engagement with external teams to ensure adherence to processes
• Coordinate with Risk Program Manager to ensure proper reporting of vendor risks and exceptions
• Mentor fellow Fanatics personnel on best security practices through cross-functional work with multiple technical and non-technical teams
• Seek out and develop process improvements, automation, and quality assurance throughout the vendor risk management processes

Requirements:

• A Bachelor’s degree in Computer Science, Management Information Systems, or similar area of study; or, minimum of 3 years of experience in Vendor Risk Management, Information Technology (IT), or Governance, Risk and Compliance
• 2+ years of relevant work experience in performing third party risk management functions such as vendor risk assessments, vendor contract negotiation, vendor audits, vendor incident management, etc.
• CISA certification, CRISC certification, or equivalent preferred
• Strong understanding of the third party risk management lifecycle and procurement processes, as well as how information security relates to these functions
• General knowledge of the regulatory landscape and its applicability to the vendor ecosystem
• Great analytical skills and ability to identify and contextualize risks and issues as relevant to vendor engagements and business objectives
• Ability to clearly present findings and summaries of risks to stakeholders and senior management
• Proficiency in written and spoken English; excellent communication, interpersonal, and stakeholder management skills
• Proactive, self-motivated and comfortable working in ambiguous and complex environments
• Ability to approach problem-solving in a constructive and collaborative way that does not require absolutes

Things We Care About · Your career growth, your ideas, your work-life balance, and your well-being. · Diversity and Inclusion · Our Company Culture and Values · Providing outstanding Company Perks and Benefits Company Overview Fanatics is building a leading global digital sports platform to ignite and harness the passions of fans and maximize the presence and reach for hundreds of partners globally. Optimizing these long-standing partnerships, a database of more than 80 million global consumers and a trusted, recognizable brand name, Fanatics is expanding beyond its position as a global leader for licensed sports merchandise to now becoming a next-gen digital sports platform, featuring an array of offerings for fans across the sports ecosystem. The Fanatics family of companies currently includes Fanatics Commerce, a vertically-integrated licensed merchandise business that has changed the way fans purchase their favorite team apparel, jerseys, headwear and hardgoods through a tech-infused approach to making and quickly distributing fan gear in today’s 24/7 mobile-first economy; Candy Digital, a digital collectibles company that is partnering with prominent sports properties, including MLB and MLBPA, to build an official NFT ecosystem; Fanatics Collectibles, through Topps as a cornerstone of the business, building a new model for the collectibles and trading cards hobby with top leagues and players association partners; and Fanatics Betting & Gaming, a mobile betting, gaming and retail sportsbook platform. Fanatics’ partners include all major professional sports leagues (NFL, MLB, NBA, NHL, NASCAR, MLS, PGA) and hundreds of collegiate and professional teams, which include several of the biggest global soccer clubs. As a market leader with more than 9,000 employees, and hundreds of partners, suppliers, and vendors worldwide, we take responsibility for driving toward more ethical and sustainable practices. We are committed to building an inclusive Fanatics community, reflecting and representing society at every level of the business, including our employees, vendors, partners and fans. Fanatics is also dedicated to making a positive impact in the communities where we all live, work, and play through strategic philanthropic initiatives. At Fanatics, we’re a diverse, passionate group of employees aiming to ignite pride and passion in the fans we outfit, celebrate and support. We recognize that diversity helps drive and foster innovation, and through our IDEA program (inclusion, diversity, equality and advocacy) at Fanatics we provide employees with tools and resources to feel connected and engaged in who they are and what they do to support the ultimate fan experience. www.fanaticsinc.com Ensure your Fanatics job offer is legitimate and don’t fall victim to fraud. Fanatics never seeks payment from job applicants. Fanatics recruiters will only reach out to applicants from an @fanatics.com or @fanatics.co.uk email address. For added security, where possible, apply through our company website at www.fanaticsinc.com/careers Fanatics is committed to responsible planning and purchasing (RPP) practices, working with its business partners across its global and multi-layered supply chain, to ensure that planning, sourcing, and purchasing decisions, along with other supporting processes, do not impede or conflict with the fulfillment of Fanatics’ fair labor practices. NOTICE TO CALIFORNIA RESIDENTS/APPLICANTS : In connection with your application, we collect information that identifies, reasonably relates to or describes you (“Personal Information”). The categories of Personal Information that we collect include your name, government issued identification number(s), email address, mailing address, other contact information, emergency contact information, employment history, educational history, criminal record, and demographic information. We collect and use those categories of Personal Information about you for human resources and other business management purposes, including identifying and evaluating you as a candidate for potential or future employment or future contract positions, recordkeeping in relation to recruiting and hiring, conducting criminal background checks as permitted by law, conducting analytics, and ensuring compliance with applicable legal requirements and Company policies. For additional information on how we collect and use personal information in connection with your job application, review our Candidate Privacy Policy-CA Apply for this job