Director of Information Security - Governance Risk and Compliance

Position Overview:

Fanatics is actively seeking an accomplished and motivated Director of Information Security Governance, Risk and Compliance (GRC) who shares our commitment to information security as a cornerstone in safeguarding our organization. It is an exciting opportunity to be part of a fast-paced environment that pushes you to learn while doing. This role needs to be both strategic and intensely focused on GRC with an emphasis on process, scalability, and automation to ensure our security posture aligns seamlessly with business objectives. We value experience in collaborating with key stakeholders, understanding regulatory requirements, and implementing effective security strategies. 

 

Key Responsibilities Will Include: 

Governance 

• Develop and maintain an information security governance framework. 
• Establish and enforce security policies, standards, and procedures. 
• Provide guidance on security best practices and industry standards. 
• Collaborate with executive leadership to ensure security strategies align with business objectives. 

Security Risk Management 

• Lead the security team’s risk management efforts. 
• Conduct risk assessments to identify and evaluate security risks. 
• Develop and implement risk mitigation strategies and action plans. 
• Monitor and report on risk metrics and trends to senior management. 

Compliance 

• Ensure the organization's compliance with relevant laws, regulations, certifications, assessments and industry standards including PCI-DSS, ITGCs, SOC1, SOC2, CCPA, CPRA, GDPR, among others. 
• Facilitate regular third-party compliance assessments and audits. 
• Collaborate with legal and regulatory affairs to address compliance requirements. 
• Stay abreast of changes in relevant laws and regulations affecting security.  

Security Strategy 

• Contribute to the development of the organization's overall security strategy. 
• Provide strategic direction for security initiatives and projects. 
• Collaborate with other departments to integrate security into business processes. 
• Assess emerging technologies and trends for their impact on security. 

Vendor and Third-Party Risk Management 

• Assess and manage security risks associated with third-party vendors. 
• Maintain and enhance the vendor risk management program. 
• Ensure third-party compliance with security standards. 
• Collaborate with legal to ensure third-party contracts reflect security and compliance requirements. 

Reporting and Communication 

• Provide regular updates and reports on security, risk, and compliance to senior management. 
• Communicate security strategies and priorities to all stakeholders. 
• Act as a liaison between technical security teams and executive leadership. 

Leadership 

• Lead and manage a team of security professionals. 
• Foster a collaborative and high-performing security team. 
• Provide mentorship and professional development opportunities. 

Continuous Improvement 

• Identify opportunities for process improvement within the security GRC function. 
• Stay informed about industry trends and best practices. 
• Implement continuous improvement initiatives to enhance security posture. 

Values and Behaviors 

• Demonstrate entrepreneurial spirit, strong communication skills, humility, and comfort working in and contributing to a dynamic and cross-functional team environment. 

Who you are 

• 10+ years of experience in information security (or 6 years of experience and a relevant bachelor’s degree), with a focus on GRC. 
• Strong understanding of governance, quantitative risk management, and compliance frameworks. 
• Experience in collaborating with and influencing key stakeholders. 
• Strong technical background including full-stack software development, system architecture, and security fundamentals. 
• Relevant certifications (e.g. CISSP, CISM, CRISC, CISA, CIPP/US) preferred. 
• Exceptional communication skills and the ability to convey complex security concepts to non-technical stakeholders. 

 

Fanatics is building a leading global digital sports platform. We ignite the passions of global sports fans and maximize the presence and reach for our hundreds of sports partners globally by offering products and services across Fanatics Commerce, Fanatics Collectibles, and Fanatics Betting & Gaming, allowing sports fans to Buy, Collect, and Bet. Through the Fanatics platform, sports fans can buy licensed fan gear, jerseys, lifestyle and streetwear products, headwear, and hardgoods; collect physical and digital trading cards, sports memorabilia, and other digital assets; and bet as the company builds its Sportsbook and iGaming platform. Fanatics has an established database of over 100 million global sports fans; a global partner network with approximately 900 sports properties, including major national and international professional sports leagues, players associations, teams, colleges, college conferences and retail partners, 2,500 athletes and celebrities, and 200 exclusive athletes; and over 2,000 retail locations, including its Lids retail stores. Our more than 22,000 employees are committed to relentlessly enhancing the fan experience and delighting sports fans globally.