Director of Information Security, Governance, Risk and Compliance

Job not on LinkedIn

August 19

🐊 Florida – Remote

Although this job is listed in Florida, this company may be open to hiring remote in other states.

⏰ Full Time

🔴 Lead

👮‍♂️ Cybersecurity / Security Engineer

Apply Now

Receive Emails with Similar Jobs

Fanatics, Inc.

WebsiteLinkedInAll Job Openings

Gaming • Retail • eCommerce

Fanatics is building a leading global digital sports platform that aims to enhance the fan experience for over 100 million sports enthusiasts worldwide. The company operates across several divisions including Fanatics Commerce, Fanatics Collectibles, and Fanatics Betting & Gaming. They offer fans the opportunity to buy licensed fan gear, jerseys, lifestyle products, and headwear, collect physical and digital trading cards, sports memorabilia, and other digital assets, as well as engage in sports betting. Fanatics partners with over 900 sports properties globally, including major leagues, teams, and athletes, and operates more than 2,000 retail locations. The company is committed to corporate responsibility with a focus on philanthropy, diversity and inclusion, brand protection, and sustainability.

1001 - 5000 employees

Founded 2011

🎮 Gaming

🛒 Retail

🛍️ eCommerce

📋 Description

• Governance: Develop and maintain an information security governance framework • Establish and enforce security policies, standards, and procedures • Provide guidance on security best practices and industry standards • Collaborate with executive leadership to ensure security strategies align with business objectives • Security Risk Management: Lead the security team’s risk management efforts • Conduct risk assessments to identify and evaluate security risks • Develop and implement risk mitigation strategies and action plans • Monitor and report on risk metrics and trends to senior management • Compliance: Ensure the organization's compliance with relevant laws, regulations, certifications, assessments and industry standards including PCI-DSS, ITGCs, SOC1, SOC2, CCPA, CPRA, GDPR, among others • Facilitate regular third-party compliance assessments and audits • Collaborate with legal and regulatory affairs to address compliance requirements • Stay abreast of changes in relevant laws and regulations affecting security • Security Strategy: Contribute to the development of the organization's overall security strategy • Provide strategic direction for security initiatives and projects • Collaborate with other departments to integrate security into business processes • Assess emerging technologies and trends for their impact on security • Vendor and Third-Party Risk Management: Assess and manage security risks associated with third-party vendors • Maintain and enhance the vendor risk management program • Ensure third-party compliance with security standards • Collaborate with legal to ensure third-party contracts reflect security and compliance requirements • Reporting and Communication: Provide regular updates and reports on security, risk, and compliance to senior management • Communicate security strategies and priorities to all stakeholders • Act as a liaison between technical security teams and executive leadership • Leadership: Lead and manage a team of security professionals • Foster a collaborative and high-performing security team • Provide mentorship and professional development opportunities • Continuous Improvement: Identify opportunities for process improvement within the security GRC function • Stay informed about industry trends and best practices • Implement continuous improvement initiatives to enhance security posture • Values and Behaviors: Demonstrate entrepreneurial spirit, strong communication skills, humility, and comfort working in and contributing to a dynamic and cross-functional team environment

🎯 Requirements

• 10+ years of information security experience (or 6 years with a relevant bachelor’s degree) • Strong understanding of governance, quantitative risk management, and compliance frameworks • Experience collaborating with and influencing key stakeholders • Strong technical background including full-stack software development, system architecture, and security fundamentals • Relevant certifications (e.g. CISSP, CISM, CRISC, CISA, CIPP/US) preferred • Exceptional communication skills and the ability to convey complex security concepts to non-technical stakeholders