ABOUT FANDUEL

FanDuel Group ("FanDuel") is an innovative sports-tech entertainment company that is changing the way consumers engage with their favorite sports, teams, and leagues. The premier gaming destination in the United States, FanDuel consists of a portfolio of leading brands across gaming, sports betting, daily fantasy sports, advance-deposit wagering, and TV/media.

FanDuel has a presence across all 50 states with approximately 17 million customers and 28 retail locations. FanDuel is based in New York with offices in New Jersey , Georgia, California, Oregon, Canada and Scotland.

Its networks FanDuel TV and FanDuel+ are broadly distributed on linear cable television and through its relationships with leading direct-to-consumer over-the-top platforms.

• Develop and maintain a robust risk management framework, ensuring alignment with FanDuel's Enterprise Risk Management frameworks, and relevant industry best practices and regulatory requirements
• Work closely with the Technology Controls team and the 2LOD Enterprise Risk team to maintain FanDuel's technology & cyber risk and controls framework ensuring that it is adequately designed, adopted and operating effectively.
• Work in lockstep with the 2LOD Enterprise Risk team to escalate risks to the enterprise risk register and report relevant metrics to senior leadership
• Conduct comprehensive technology and cybersecurity risk assessments to identify potential threats and vulnerabilities with the company's business critical assets (people, process, technology, and data), enabling teams to describe risk in both qualitative and quantitative terms and make informed decisions about risk treatment
• Analyze and report relevant risk metrics to senior management, providing insights and recommendations for risk mitigation, utilizing qualitative and quantitative techniques to periodically measure the company's technology & cyber risk posture
• Provide expertise and contribute to establishment of risk appetite and related tolerances and metrics for Technology
• Manage technology & cyber risk throughout the entire risk lifecycle:
  • Intake and maintain a first line risk register, ensuring accurate documentation and progress updates are captured to ensure risk profiles are kept up to date
  • Enable teams and leadership to make risk-based decisions and trade-offs impacting technology & cyber investment strategies and project prioritization
  • Document and monitor risk treatments to accept or remediate risks
  • Ad hoc meeting planning and support to report on findings, metrics, and recommend mitigations to technology, cyber and business leadership
  • Track and report progress on risk remediation efforts, providing timely updates to management and stakeholders
• Stay abreast of evolving technology & cyber threats, news, and trends to enhance risk management strategies
• Lead cross-functional discussions and workshops to enhance risk awareness and foster a proactive risk management culture, and support a path to continuous process improvement
• Develop and deliver tailored training, awareness and communications as needed on relevant risk management practices for the technology & cyber community
• Assist with special risk assessment and department initiatives, as assigned
• Maintain procedures, playbooks, virtual webpages, and metrics dashboards
• Mentor and guide junior team members, sharing expertise and promoting continuous professional development

• Bachelor's degree preferred in a technical field (e.g., Cybersecurity, Information Technology) or equivalent combination of education, training, and relevant experience
• 5 years related experience in IT or information security governance, risk management and compliance (GRC) preferred, with experience building new / improved risk management capabilities that meet the needs of the business
• "Stay Hungry, Stay Humble" mindset that strives to continuously learn and share new skills with others, and embraces a steep learning curve to understand our business and technology drivers to get the job done
• "Anything Is Possible" attitude that is highly organized and results-driven to solve our most important challenges
• Comfortable navigating shifting priorities in a fast-paced environment, with the ability to work independently with minimal supervision while also as an exceptional team player that excels at cultivating relationships and promoting collaboration and cohesiveness to fulfill our "We Are One Team" principle
• Hands-on experience executing and managing cybersecurity assessments in a heavily regulated industry, including writing, documenting, and assessing risks/controls and drafting business process summaries for executives
• Strong IT & security risk domain knowledge of technology and cybersecurity best practices, principles, tools, and industry control frameworks (e.g., GLI, NIST CSF, ISO, SOX, SOC2, PCI, CIS Critical Controls, COBIT, ITIL, CMMI)
• Experience with data governance and privacy regulations and industry frameworks (e.g., GDPR, local state regulations, DAMA-DMBOK)
• Practical knowledge of qualitative and quantitative risk management methodogies (e.g., NIST RMF / 800-37 / 800-30, OCTAVE, FAIR)
• Ability to translate risk/control standards into functional business requirements
• Strong written and verbal communication skills to articulate risk/control insights to both technical and non-technical stakeholders
• Proficient working with Microsoft Office, GRC and project management tools (e.g., JIRA, ZenGRC)
• Experience working as a consultant in the risk, compliance, or audit space is a plus
• Relevant professional certifications such as CISA, CISSP, CISM, or CRISC are preferred

• An exciting and fun environment committed to driving real growth
• Opportunities to build really cool products that fans love
• Mentorship and professional development resources to help you refine your game
• Be well, save well and live well - with FanDuel Total Rewards your benefits are one highlight reel after another