Sr. Manager, Information Security GRC

The Role

The Sr. Manager, Information Security GRC (Fanatics Corporate) reports to the VP, Information Security (GRC) and will focus efforts on managing all cyber and third-party risks for Fanatics Corporate. In this you will play a crucial role in assessing, managing, and driving mitigation of risks associated with both our third-parties (vendors, suppliers, and partners) and our wider cybersecurity program. You will drive a comprehensive risk management approach, while supporting subsidiary cybersecurity teams in maturing and standardizing their risk programs.

• Oversee cyber and third-party risk management for the corporate entity, ensuring alignment with business objectives.
• Assist subsidiary Info Sec teams in developing and maturing their risk management programs.
• Establish consistent reporting mechanisms for executives and board functions, providing clear risk insights.
• Drive adoption of enterprise-wide risk assessment methodologies, frameworks, and tools.
• Collaborate with key stakeholders to enhance risk governance and ensure compliance with regulatory requirements.
• Monitor emerging threats, evolving regulations, and industry best practices to continuously improve risk posture.
• Identify risks associated with potential Corporate third‑party vendors, by conducting thorough risk assessments and due diligence to ensure Corporate standards are met and maintained
• Coordinate and perform risk re‑assessment of existing third‑party vendors to ensure the continued management and reduction of risk.
• Perform vendor continuous monitoring tasks, utilizing cyber rating platforms to ensure timely alerting of any vendor decreasing controls, or other relevant intelligence.
• Monitor and track the off‑boarding process for vendors, ensuring that all security‑related aspects are addressed and terminated in a secure manner.
• Collaborate with stakeholders and cross‑functional teams (i.e., business owners, procurement, legal, privacy, IT teams, and other Info Sec teams etc.) to support the holistic review of the vendor and services/products being provided.
• Assist with the administration and maintenance of the global GRC platform.

• Considerable experience working in Information Security GRC, with focus on leading a risk management program, or ability to step up into such a position.
• Considerable experience of working with third‑party risk assessment tools and cyber rating platforms.
• Strong understanding of Information Security risk frameworks (e.g., ISO, NIST, FAIR etc.).
• Strong understanding of Information Security control frameworks (e.g., NIST, CIS, SCF etc.).
• Strong understanding of Information Security Third‑Party frameworks and processes.
• Ability to work collaboratively in teams and develop meaningful relationships to achieve common goals.
• Excellent presentation and communication skills.
• Excellent influencing and problem resolution skills.

Job Location s:
New York - NY, Jacksonville – FL, Atlanta – GA.

Mandatory office attendance: four days per week, with flexibility to choose which days in coordination with your manager.

In NYC, the salary range for this position is$165,000 to $200,000, which represents base pay only and does not include short‑term or long‑term incentive compensation. When determining base pay, as part of a final compensation package, we consider several factors such as location, experience, qualifications, and training.