Senior Technology Risk Analyst

FanDuel Group is a leading sports-tech entertainment company that is revolutionizing the way consumers engage with their favorite sports, teams, and leagues.

With a presence across all 50 states and approximately 17 million customers, FanDuel is a premier gaming destination in the United States.

The company has a portfolio of leading brands across gaming, sports betting, daily fantasy sports, advance-deposit wagering, and TV/media.

FanDuel is based in New York with offices in New Jersey, Georgia, California, Oregon, Canada, and Scotland.

We are seeking a Senior Technology Risk Analyst to join our Technology Risk team to help drive our first line of defense (1LOD) technology & cyber risk management function.

The successful candidate will play a key role on the Technology GRC team, ensuring technology & cyber risk practices are appropriately managed and adequately scaled within the Technology BU.

This includes proactively identifying, assessing, advising, and monitoring risks and their related risk treatment activities.

The Senior Technology Risk Analyst will partner and collaborate with other 1LOD functions and the second line of defense (2LOD) teams (e.g., Enterprise Risk and Group Oversight) for alignment with 2LOD Divisional and 2LOD Group policies and strategies.

The Senior Technology Risk Analyst will report to the Technology Risk Manager and will play a pivotal role in evaluating and enhancing the company's overall technology and cybersecurity risk posture.

1. Develop and maintain a robust risk management framework, ensuring alignment with FanDuel's Enterprise Risk Management frameworks, and relevant industry best practices and regulatory requirements.
2. Work closely with the Technology Controls team and the 2LOD Enterprise Risk team to maintain FanDuel's technology & cyber risk and controls framework ensuring that it is adequately designed, adopted and operating effectively.
3. Work in lockstep with the 2LOD Enterprise Risk team to escalate risks to the enterprise risk register and report relevant metrics to senior leadership.
4. Conduct comprehensive technology and cybersecurity risk assessments to identify potential threats and vulnerabilities with the company's business critical assets (people, process, technology, and data).
5. Analyze and report relevant risk metrics to senior management, providing insights and recommendations for risk mitigation, utilizing qualitative and quantitative techniques to periodically measure the company's technology & cyber risk posture.
6. Provide expertise and contribute to establishment of risk appetite and related tolerances and metrics for Technology.
7. Manage technology & cyber risk throughout the entire risk lifecycle: Intake and maintain a first line risk register, ensuring accurate documentation and progress updates are captured to ensure risk profiles are kept up to date.
8. Enable teams and leadership to make risk-based decisions and trade-offs impacting technology & cyber investment strategies and project prioritization.
9. Document and monitor risk treatments to accept or remediate risks.
10. Ad hoc meeting planning and support to report on findings, metrics, and recommend mitigations to technology, cyber and business leadership.
11. Track and report progress on risk remediation efforts, providing timely updates to management and stakeholders.
12. Stay abreast of evolving technology & cyber threats, news, and trends to enhance risk management strategies.
13. Lead cross-functional discussions and workshops to enhance risk awareness and foster a proactive risk management culture, and support a path to continuous process improvement.
14. Develop and deliver tailored training, awareness and communications as needed on relevant risk management practices for the technology & cyber community.
15. Assist with special risk assessment and department initiatives, as assigned.
16. Maintain procedures, playbooks, virtual webpages, and metrics dashboards.
17. Mentor and guide junior team members, sharing expertise and promoting continuous professional development.

We are looking for a highly skilled and experienced Senior Technology Risk Analyst to join our team.

The ideal candidate will have a Bachelor's degree in a technical field (e.g., Cybersecurity, Information Technology) or equivalent combination of education, training, and relevant experience.

5 years related experience in IT or information security governance, risk management and compliance (GRC) preferred, with experience building new / improved risk management capabilities that meet the needs of the business.

Stay Hungry, Stay Humble mindset that strives to continuously learn and share new skills with others, and embraces a steep learning curve to understand our business and technology drivers to get the job done.

Anything Is Possible attitude that is highly organized and results-driven to solve our most important challenges.

Comfortable navigating shifting priorities in a fast-paced environment, with the ability to work independently with minimal supervision while also as an exceptional team player that excels at cultivating relationships and promoting collaboration and cohesiveness to fulfill our We Are One Team principle.

Hands-on experience executing and managing cybersecurity assessments in a heavily regulated industry, including writing, documenting, and assessing risks/controls and drafting business process summaries for executives.

Strong IT & security risk domain knowledge of technology and cybersecurity best practices, principles, tools, and industry control frameworks (e.g., GLI, NIST CSF, ISO, SOX, SOC2, PCI, CIS Critical Controls, COBIT, ITIL, CMMI).

Experience with data governance and privacy regulations and industry frameworks (e.g., GDPR, local state regulations, DAMA-DMBOK).

Practical knowledge of qualitative and quantitative risk management methodologies (e.g., NIST RMF / / 800-30, OCTAVE, FAIR).

Ability to translate risk/control standards into functional business requirements.

Strong written and verbal communication skills to articulate risk/control insights to both technical and non-technical stakeholders.

Proficient working with Microsoft Office, GRC and project management tools (e.g., JIRA, ZenGRC).

Experience working as a consultant in the risk, compliance, or audit space is a plus.

Relevant professional certifications such as CISA, CISSP, CISM, or CRISC are preferred.

We treat our team right.

From our many opportunities for professional development to our generous insurance and paid leave policies, we're committed to making sure our employees get as much out of FanDuel as we ask them to give.

Competitive compensation is just the beginning.

As part of our team, you can expect:

• An exciting and fun environment committed to driving real growth.
• Opportunities to build really cool products that fans love.
• Mentorship and professional development resources to help you refine your game.
• Be well, save well and live well - with FanDuel Total Rewards your benefits are one highlight reel after another.

FanDuel is an equal opportunities employer and we believe, as one of our principal states, We Are One Team We are committed to equal employment opportunity regardless of race, color, ethnicity, ancestry, religion, creed, sex, national origin, sexual orientation, age, citizenship status, marital status, disability, gender identity, gender expression, Veteran status, or another other characteristic protected by state, local or federal law.

We believe FanDuel is strongest and best able to compete if all employees feel valued, respected, and included.

We want our team to include diverse individuals because diversity of thought, diversity of perspectives, and diversity of experiences leads to better performance.

Having a diverse and inclusive workforce is a core value that we believe makes FanDuel stronger and more competitive as One Team

The applicable salary range for this position is $126,000- $155,000, which is dependent on a variety of factors including relevant experience, location, business needs and market demand.

This role may offer the following benefits:

• medical, vision, and dental insurance;
• life insurance;
• disability insurance;
• a 401(k) matching program;
• among other employee benefits.

This role may also be eligible for short-term or long-term incentive compensation, including, but not limited to, cash bonuses and stock program participation.

This role includes paid personal time off and 14 paid company holidays.

FanDuel offers paid sick time in accordance with all applicable state and federal laws.