Risk Assessment Manager
Posted on 2/1/2022
New York, NY, USA • Atlanta, GA, USA
- Experience running and managing risk assessments for a company with significant regulatory requirements, preferably Financial Services is required
- Risk Management experience, including developing and deploying remediation action plan is required
- Design and document IT compliance-specific process and procedure, as needed
- Strengthen relationships with cross functional teams to promote collaboration and cohesiveness
- Easily adapt to a rapidly evolving, faced paced, cyber security environment as it relates to changes in strategy or risk
- Demonstrate a strong understanding of the Information Security, IT environment and its impact on business risk
- Strong understanding of technical terminology (e.g., platforms, architecture, ISO 27001, GLI-33 and SCF)
- Public Cloud experience preferred
- Experience with using GRC platforms like ZenGRC considered a major plus
- Demonstrate ability to develop a strategy, and design and execute on the associated plan
- Strong verbal and written communication skills
- Strong organizational skills and attention to detail
- Professional presence and demeanor
- Demonstrated ability to work with all levels in an organization
- Minimum of 5 years of Risk Management, Information Security, IT Auditing or equivalent experience preferred
- Lead Cybersecurity Department Risk Assessment (CSD-RA) team by managing and performing Security Risk Assessments (SARs) for Infrastructure as a Service (IaaS), Platform as a Service (PaaS), and Software as a Service (SaaS) cloud computing models to align against Information Security Policies for the security of confidentiality, availability, and integrity of information, business delivery and technology
- Manage SAR reports for continuous assessment to identify data at risk, provide remediation recommendations for applications to transition into production and follow approval process for business owners to obtain the Authority to Operate contingent on business risk
- Lead assessing innovative solutions using native Cloud Service Provider (CSP) components to transition legacy applications from closing data centers to the public Cloud
- Communicate and identify issues, which could potentially pose risk to the brand and provide recommendations for controls to mitigate those risks and increase the company's overall security posture
- Provide technical leadership for FanDuel divisions migrating to the public cloud to protect data in transit and at rest within and outside of the corporate boundaries (i.e., IaaS, PaaS, and SaaS)
- Manage the delivery and plan effectively quality assurance, appraisal and approval of security deliverables to include revising and drafting test plans, security specification reviews and standards and technical documentation
- Manage Risk Assessments using FanDuel Group GRC platform, organizing and tracking all supporting evidence for closure, risk management and recommendations regarding cybersecurity controls throughout an asset's lifecycle and create standard process documentation to incorporate within the risk assessment
- Manage security posture during the early stages within Global Procurement and initiate/create a new documentation to combine within the procurement process for vendor management
- Lead the initiative to train all new hires on the SRA team and create a continuous yearly training process for member firms within the organization to understand the Risk Assessment process and act as a mentor/subject matter expert
- Bring your expertise in risk assessment to assess and report on our information systems ensuring processes and procedures are followed according to Information Security Policy requirements and best practices
- Work with the GRC team to create, enhance, support, and enforce company policy and practices for risk mitigation
- Identify and analyze the inherent risks in applications and supporting infrastructure and the controls that management has implemented to mitigate risks
- Lead, manage and execute complex IT assessment projects including internal audits, system implementations and specialized IT areas (cloud, devsecops, agile development)
- Drive a culture of risk awareness, risk and control visibility with measurable risk reduction and effective reporting, and governance of risk reduction activities
- Perform onsite assessments and technical review of key vendors to ensure adherence to contractual obligations
- Document, assess, investigate and map known and unknown areas of risk, then present steps to lower or remove the risk, as appropriate
- Evaluate risks - known and unknown - within the company and its operations in accordance with known industry frameworks (i.e., ISO, SCF, NIST, GLI-33)
- Manage and report on resolution of SAR findings, including provision of evidence for closure and create risk register
Fantasy sports and online U.S. sportsbook
Fanduel is on a mission to make sports more exciting. The company provides a daily fantasy sports platform with a range of game types for players with a guaranteed prize pool for the winners.
- From peer-to-peer learning to industry conferences, there are a number of ways to develop your career
- From your head to your toes we’ve got you covered with our 100% health insurance coverage
- We keep a well-stocked supply of snacks and refreshments to keep you going throughout the day
- Flexible hours and vacation scheduling let you work when you’re at your best
- We provide the latest tech and equipment, you get the job done
Company Core Values
- We’re not just a company, we’re a collective. And we’re not just coworkers, we’re a community.
- We’re an all-hands-on-deck crew of dreamers, doers, thinkers, makers, builders, breakers, and rebuilders.
- We value teamwork above all else.
- We believe that diversity and inclusiveness are at the core of any good team.
- Passion for building a product our customers will love, passion for being the best in our field, and passion for our own people.