Senior Technology Risk Analyst

About the position

FanDuel is looking to add a Senior Technology Risk Analyst to its Technology Risk team to help drive our first line of defense (1LOD) technology & cyber risk management function. You will play a key role on the Technology GRC team, with responsibility for ensuring technology & cyber risk practices are appropriately managed and adequately scaled within the Technology BU. This includes proactively identifying, assessing, advising, and monitoring risks and their related risk treatment activities. The Senior Technology Risk Analyst will partner and collaborate with other 1LOD functions and the second line of defense (2LOD) teams (e.g., Enterprise Risk and Group Oversight) for alignment with 2LOD Divisional and 2LOD Group policies and strategies. The Senior Technology Risk Analyst will report to the Technology Risk Manager and will play a pivotal role in evaluating and enhancing the company’s overall technology and cybersecurity risk posture.

Responsibilities

• Develop and maintain a robust risk management framework, ensuring alignment with FanDuel’s Enterprise Risk Management frameworks, and relevant industry best practices and regulatory requirements.
• Work closely with the Technology Controls team and the 2LOD Enterprise Risk team to maintain FanDuel’s technology & cyber risk and controls framework ensuring that it is adequately designed, adopted and operating effectively.
• Conduct comprehensive technology and cybersecurity risk assessments to identify potential threats and vulnerabilities with the company’s business critical assets (people, process, technology, and data).
• Analyze and report relevant risk metrics to senior management, providing insights and recommendations for risk mitigation.
• Manage technology & cyber risk throughout the entire risk lifecycle.
• Document and monitor risk treatments to accept or remediate risks.
• Track and report progress on risk remediation efforts, providing timely updates to management and stakeholders.
• Stay abreast of evolving technology & cyber threats, news, and trends to enhance risk management strategies.
• Lead cross-functional discussions and workshops to enhance risk awareness and foster a proactive risk management culture.
• Develop and deliver tailored training, awareness and communications as needed on relevant risk management practices for the technology & cyber community.
• Mentor and guide junior team members, sharing expertise and promoting continuous professional development.

Requirements

• Bachelor’s degree preferred in a technical field (e.g., Cybersecurity, Information Technology) or equivalent combination of education, training, and relevant experience.
• 5 years related experience in IT or information security governance, risk management and compliance (GRC) preferred.
• Hands-on experience executing and managing cybersecurity assessments in a heavily regulated industry.
• Strong IT & security risk domain knowledge of technology and cybersecurity best practices, principles, tools, and industry control frameworks.
• Experience with data governance and privacy regulations and industry frameworks.
• Practical knowledge of qualitative and quantitative risk management methodologies.
• Ability to translate risk/control standards into functional business requirements.
• Strong written and verbal communication skills to articulate risk/control insights to both technical and non-technical stakeholders.
• Proficient working with Microsoft Office, GRC and project management tools.

Nice-to-haves

• Experience working as a consultant in the risk, compliance, or audit space.
• Relevant professional certifications such as CISA, CISSP, CISM, or CRISC.

Benefits

• Array of health plans including programs for fertility and family planning, mental health support, and fitness benefits.
• Generous paid time off (PTO & sick leave).
• Annual bonus and long-term incentive opportunities (based on performance).
• 401k with up to a 5% match.
• Commuter benefits.
• Pet insurance.