Security Analyst II

October 22

🗽 New York – Remote

Although this job is listed in New York, this company may be open to hiring remote in other states.

💵 $155k - $232k / year

⏰ Full Time

🟢 Junior

🟡 Mid-level

🔐 Security Analyst

🚫👨‍🎓 No degree required

Apply Now

Receive Emails with Similar Jobs

Fanatics, Inc.

WebsiteLinkedInAll Job Openings

Gaming • Retail • eCommerce

Fanatics is building a leading global digital sports platform that aims to enhance the fan experience for over 100 million sports enthusiasts worldwide. The company operates across several divisions including Fanatics Commerce, Fanatics Collectibles, and Fanatics Betting & Gaming. They offer fans the opportunity to buy licensed fan gear, jerseys, lifestyle products, and headwear, collect physical and digital trading cards, sports memorabilia, and other digital assets, as well as engage in sports betting. Fanatics partners with over 900 sports properties globally, including major leagues, teams, and athletes, and operates more than 2,000 retail locations. The company is committed to corporate responsibility with a focus on philanthropy, diversity and inclusion, brand protection, and sustainability.

1001 - 5000 employees

Founded 2011

🎮 Gaming

🛒 Retail

🛍️ eCommerce

📋 Description

• Administer and enhance the user access review process to identify and address access control issues effectively. • Draft, refine, and socialize policies/standards (access control, change management, vendor security, incident response); maintain clear SOPs and RACI. • Prepare high‑quality evidence, narratives, and diagrams; coordinate with auditors/assessors; manage requests and deadlines. • Participate in Incident response efforts by conducting log analysis, gathering evidence, and executing remediation tasks. • Build dashboards for control health, User Access Reviews completion, vendor coverage, and audit findings; present insights to InfoSec leadership and stakeholders. • Automate evidence collection and access reviews where possible; propose control enhancements that improve security and reduce operational toil. • Deliver security awareness presentations for both technical and non-technical users. Actively contribute to ongoing information security education through diverse methods such as phishing simulations, annual training sessions, on-demand courses, and workshops. • Support Governance, Risk, and Compliance (GRC) initiatives by implementing controls and gathering necessary evidence, and control testing. • Support InfoSec Risk Issue Intake process to assess and risk rank new issues, identify and document mitigation plans/timelines with risk owners and SMEs, and track to resolution. • Support quarterly user access review process (UARs) for SOX systems and ensure tickets are tracked to resolution and actioned within audit requirements. Complete lookback analysis where necessary. • Support Data Loss Prevention process by triaging and investigating alerts in the Mimecast/Code42 solution. • Participate in an on-call rotation to address security incidents and escalations promptly.

🎯 Requirements

• Minimum of 2 years of experience as a Information security analyst or in a similar role • Ability to leverage security compliance frameworks to support control improvement and evidence correlation. • Working knowledge of SOC 2 (Trust Services Criteria) and ISO/IEC 27001/27002; familiarity with mapping controls across frameworks. • Practical experience running User Access Reviews: scoping, sampling, evidence collection including completeness and accuracy, exception handling, and remediation follow‑through. • Solid grasp of least privilege, SoD, joiner/mover/leaver, break‑glass, and privileged access management fundamentals. • Strong documentation skills (control narratives, test plans, SOPs) and stakeholder communication. • Comfort with spreadsheets and basic scripting/queries (e.g., SQL or Python) for sampling and evidence validation. • Foundational knowledge in Agile methodologies with ability to successfully collaborate with multiple stakeholders. • Ability to communicate effectively with technical and non-technical stakeholders. • Ability to prioritize and balance multiple projects simultaneously. • Ability to collaborate and work in a team environment. • Proven experience drafting documentation such as standards, policies and architecture diagrams. • Background in risk assessment methodologies such as NIST and FAIR is a plus

🏖️ Benefits

• Medical • Dental • Vision • 401K • Paid time off • GymPass • Pet Insurance • Family Care Benefits • $700 to set up your home office