Senior Technology Regulatory & Controls Analyst

Posted:
9/4/2024, 9:35:22 AM

Location(s):
New York, United States ⋅ New York, New York, United States

Experience Level(s):
Senior

Field(s):
IT & Security ⋅ Legal & Compliance

ABOUT FANDUEL

FanDuel Group (“FanDuel") is an innovative sports-tech entertainment company that is changing the way consumers engage with their favorite sports, teams, and leagues. The premier gaming destination in the United States, FanDuel consists of a portfolio of leading brands across gaming, sports betting, daily fantasy sports, advance-deposit wagering, and TV/media.

FanDuel has a presence across all 50 states with approximately 17 million customers and 28 retail locations. FanDuel is based in New York with offices in New Jersey , Georgia, California, Oregon, Canada and Scotland.

Its networks FanDuel TV and FanDuel+ are broadly distributed on linear cable television and through its relationships with leading direct-to-consumer over-the-top platforms.

FanDuel Group is a subsidiary of Flutter Entertainment plc, the world's largest sports betting and gaming operator with a portfolio of globally recognized brands and traded on the New York Stock Exchange (NYSE: FLUT).


THE ROSTER

At FanDuel, we give fans a new and innovative way to interact with their favorite games, sports and teams. We’re dedicated to building a winning team and we pride ourselves on being able to make every moment mean more, especially when it comes to your career. So, what does “winning” look like at FanDuel? It’s recognition for your hard-earned results, a culture that brings out your best work—and a roster full of talented coworkers. Make no mistake, we are here to win, but we believe in winning right. That means we’ll never compromise when it comes to looking out for our teammates. From creatives professionals to cutting edge technology innovators, FanDuel offers a wide range of career opportunities, best in class benefits, and the tools to explore and grow into your best selves. At FanDuel, our principle of “We Are One Team” runs through all our offices across the globe, and you can expect to be a part of an exciting company with many opportunities to grow and be successful.


THE POSITION
Our roster has an opening with your name on it

FanDuel is looking to add a Senior Technology Regulatory & Controls Analyst to its Technology Regulatory & Controls team to help drive our first line of defense (1LOD) technology & cyber controls function. You will play a key role on the Technology GRC team, with responsibility for ensuring technology & cyber compliance practices are appropriately managed and adequately scaled within the Technology BU. This includes ensuring FanDuel’s technology & cyber controls are adequately designed and implemented in a robust and effective manner, coordinating relevant compliance obligations & assessments (e.g., PCI, SOC2), advising on relevant audit and regulatory activities (e.g., SOX, Internal Audit, GLI, State Regulatory exams) and driving issues management and related remediation activities. The Senior Technology Controls Analyst will partner and collaborate with other 1LOD functions, relevant tech & cyber leadership, second line of defense (2LOD) teams (e.g., Enterprise Risk, Regulatory Compliance, and Group Oversight) for alignment with 2LOD Divisional and 2LOD Group policies and strategies, and third line of defense (3LOD) teams (e.g., Internal Audit, External Audit). The Senior Technology Controls Analyst will report to the Technology Controls Manager and will play a pivotal role in evaluating and enhancing the company’s overall technology and cybersecurity control environment and its readiness to meet its increasing regulatory obligations.


THE GAME PLAN
Everyone on our team has a part to play

  • Develop and maintain a risk-based technology & cyber control program to design, implement, and monitor the effectiveness of key controls across the Technology organization, ensuring alignment with FanDuel’s Enterprise Risk Management frameworks, and relevant industry best practices and regulatory requirements
  • Work closely with the Technology Risk team and the 2LOD Enterprise Risk team to maintain FanDuel’s technology & cyber risk and controls framework ensuring that it is adequately designed, adopted and operating effectively
  • Work closely with senior leadership across all three lines of defense, to support the continued maturation of the control environment
  • Serve as the Technology organization’s first line point of contact for regulatory and compliance activities
  • Act as a primary liaison between audit teams and control stakeholders to ensure clear communication of requirements, timelines, and expectations during audit and assessment activities.
  • Advise and support technology and cyber control owners during regulatory examinations or internal audits / assessments to ensure accurate and efficient outcomes - including clarifying scope, expectations and timelines, coordinating meetings, facilitating evidence gathering, clarifying issues with relevant SMEs & stakeholders, and developing necessary action plans and management responses
  • Track issues throughout their lifecycle – from initial identification and evaluation to response, mitigation and reporting
  • Support new data governance and data quality initiatives to bolster data-related control requirements
  • Conduct or participate in periodic 1LOD control assurance activities including control rationalization exercises, process / risk / control documentation reviews, post incident reviews to evaluate root cause(s) and recommend mitigation / control improvements, etc.
  • Develop and deliver periodic reporting of technology & cyber control health and issue management
  • Stay abreast of evolving technology & cybersecurity threats, news, and trends to enhance internal control strategies.
  • Lead cross-functional discussions and workshops to enhance awareness and foster continuous improvement of the technology & cyber control environment
  • Utilize enhanced data, technology and cyber capabilities to perform quality assurance activities, as applicable
  • Develop and deliver tailored training and communications on relevant regulatory and controls obligations for the technology & cyber community, as needed
  • Assist with special regulatory and control assessment and department initiatives, as assigned
  • Maintain procedures, playbooks, virtual webpages, and metrics dashboards
  • Mentor and guide junior team members, sharing expertise and promoting continuous professional development


THE STATS
What we're looking for in our next teammate

  • Bachelor’s degree preferred in a technical field (e.g., Cybersecurity, Information Technology) or equivalent combination of education, training, and relevant experience.
  • 5 years related experience in technology and cybersecurity Governance, Risk, and Compliance.
  • “Stay Hungry, Stay Humble” mindset that strives to continuously learn and share new skills with others, and embraces a steep learning curve to understand our business and technology drivers to get the job done
  • “Anything Is Possible” attitude that is highly organized and results-driven to solve our most important challenges
  • Comfortable navigating shifting priorities in a fast-paced environment, with the ability to work independently with minimal supervision while also as an exceptional team player that excels at cultivating relationships and promoting collaboration and cohesiveness to fulfill our “We Are One Team” principle
  • Hands-on experience executing and managing IT and security audits or regulatory assessments in a heavily regulated industry, including writing, documenting, and assessing risks/controls and drafting business process summaries for executives
  • IT audit and regulatory compliance experience, including guiding and monitoring plan of actions and milestones.
  • Strong IT & security risk domain knowledge of technology and cybersecurity best practices, principles, tools, and industry control frameworks (e.g., GLI, NIST CSF, ISO, SOX, SOC2, PCI, CIS Critical Controls, COBIT, ITIL, CMMI)
  • Experience with data governance and privacy regulations and industry frameworks (e.g., GDPR, local state regulations, DAMA-DMBOK)
  • Ability to translate risk/control standards into functional business requirements
  • Strong written and verbal communication skills to articulate risk/control insights to both technical and non-technical stakeholders
  • Proficient working with Microsoft Office, GRC and project management tools (e.g., JIRA, ZenGRC)
  • Experience working as a consultant in the risk, compliance, or audit space is a plus
  • Relevant professional certifications such as PCI ISA/QSA, CISA, CISM/CISSP, CCSK/CCSP, Security+ are preferred


PLAYER BENEFITS
We treat our team right

From our many opportunities for professional development to our generous insurance and paid leave policies, we’re committed to making sure our employees get as much out of FanDuel as we ask them to give. Competitive compensation is just the beginning. As part of our team, you can expect:

  • An exciting and fun environment committed to driving real growth
  • Opportunities to build really cool products that fans love
  • Mentorship and professional development resources to help you refine your game
  • Be well, save well and live well - with FanDuel Total Rewards your benefits are one highlight reel after another 

FanDuel is an equal opportunities employer and we believe, as one of our principal states, “We Are One Team!”  We are committed to equal employment opportunity regardless of race, color, ethnicity, ancestry, religion, creed, sex, national origin, sexual orientation, age, citizenship status, marital status, disability, gender identity, gender expression, Veteran status, or another other characteristic protected by state, local or federal law. We believe FanDuel is strongest and best able to compete if all employees feel valued, respected, and included.  We want our team to include diverse individuals because diversity of thought, diversity of perspectives, and diversity of experiences leads to better performance.  Having a diverse and inclusive workforce is a core value that we believe makes FanDuel stronger and more competitive as One Team!

The applicable salary range for this position is $126,000 - $155,000, which is dependent on a variety of factors including relevant experience, location, business needs and market demand. This role may offer the following benefits: medical, vision, and dental insurance; life insurance; disability insurance; a 401(k) matching program; among other employee benefits. This role may also be eligible for short-term or long-term incentive compensation, including, but not limited to, cash bonuses and stock program participation. This role includes paid personal time off and 14 paid company holidays. FanDuel offers paid sick time in accordance with all applicable state and federal laws.

 

#LI- Hybrid