Security Analyst III

Job Description

Overview

As Fanatics Betting & Gaming (FBG) accelerates Fanatics' mission to build the ultimate digital sports platform, the Information Security Analyst III role is critical to ensuring our governance, risk, and compliance programs keep pace with our rapid growth and evolving regulatory landscape. As an Information Security Analyst II at FBG, you'll serve as a key contributor to our security compliance efforts, conducting user access reviews, managing audit readiness activities, and implementing controls that protect our customers and business operations across our real-time, high-performance betting and gaming systems.

This role combines deep GRC expertise, policy development skills, and collaborative partnership with stakeholders across the organization to strengthen our security posture and compliance programs. You'll lead user access review processes, develop and socialize security policies and standards, manage audit and assessment activities, support incident response efforts, and build dashboards that provide visibility into control effectiveness. Working in a highly regulated industry, you'll help ensure our systems meet rigorous security and compliance standards including SOC 2, ISO 27001, and SOX while enabling the business to innovate with confidence. We need analysts who can balance thorough compliance rigor with the practical realities of a fast-moving organization-who understand both security frameworks and how to make controls work effectively in the real world. If you're passionate about building strong compliance programs that actually make organizations more secure and have the experience to back it up, we want to talk with you.

Responsibilities :

• Administer and enhance the user access review process to identify and address access control issues effectively.
• Draft, refine, and socialize policies / standards (access control, change management, vendor security, incident response, data privacy); maintain clear SOPs and RACI.
• Prepare high-quality evidence, narratives, and diagrams; coordinate with auditors / assessors; manage requests and deadlines.
• Participate in Incident response efforts by conducting log analysis, gathering evidence, and executing remediation tasks.
• Build dashboards for control health, User Access Reviews completion, vendor coverage, GDPR compliance metrics, and audit findings; present insights to InfoSec leadership and stakeholders.
• Automate evidence collection and access reviews where possible; propose control enhancements that improve security and reduce operational toil.
• Deliver security awareness presentations for both technical and non-technical users. Actively contribute to ongoing information security education through diverse methods such as phishing simulations, annual training sessions, on-demand courses, and workshops.
• Support Governance, Risk, and Compliance (GRC) initiatives by implementing controls and gathering necessary evidence, and control testing.
• Support InfoSec Risk Issue Intake process to assess and risk rank new issues, identify and document mitigation plans / timelines with risk owners and SMEs, and track to resolution.
• Support quarterly user access review process (UARs) for SOX systems and ensure tickets are tracked to resolution and actioned within audit requirements. Complete lookback analysis where necessary
• Support Data Loss Prevention process by triaging and investigating alerts in the Mimecast / Code42 solution.
• Lead and coordinate GDPR compliance activities including Data Protection Impact Assessments (DPIAs), Records of Processing Activities (RoPA), data subject rights requests, and privacy audits.
• Manage the Third Party Risk Management (TPRM) program including vendor security assessments, ongoing risk monitoring, review of vendor attestations (SOC 2, ISO 27001), and maintenance of the vendor risk register.
• Conduct comprehensive security assessments of third-party vendors using standardized questionnaires and frameworks; work with vendors on remediation of identified gaps.
• Participate in an on-call rotation to address security incidents and escalations promptly.

Qualifications :

The expected salary range for this role is based on job-related knowledge, skills, and experience. This role is eligible for the Fanatics Betting and Gaming annual bonus program and an equity award.