Identity Governance & Controls Monitoring Senior Manager
FanDuel Group (“FanDuel") is an innovative sports-tech entertainment company that is changing the way consumers engage with their favorite sports, teams, and leagues. The premier gaming destination in the United States, FanDuel consists of a portfolio of leading brands across gaming, sports betting, daily fantasy sports, advance-deposit wagering, and TV/media.
FanDuel has a presence across all 50 states with approximately 17 million customers and 28 retail locations. FanDuel is based in New York with offices in New Jersey, Georgia, California, Oregon, Canada and Scotland.
Its networks FanDuel TV and FanDuel+ are broadly distributed on linear cable television and through its relationships with leading direct-to-consumer over-the-top platforms.
FanDuel is a subsidiary of Flutter Entertainment plc, the world's largest sports betting and gaming operator with a portfolio of globally recognized brands and a constituent of the FTSE 100 index of the London Stock Exchange.
At FanDuel, we give fans a new and innovative way to interact with their favorite games, sports and teams. We’re dedicated to building a winning team and we pride ourselves on being able to make every moment mean more, especially when it comes to your career. So, what does “winning” look like at FanDuel? It’s recognition for your hard-earned results, a culture that brings out your best work—and a roster full of talented coworkers. Make no mistake, we are here to win, but we believe in winning right. That means we’ll never compromise when it comes to looking out for our teammates. From creatives professionals to cutting edge technology innovators, FanDuel offers a wide range of career opportunities, best in class benefits, and the tools to explore and grow into your best selves. At FanDuel, our principle of “We Are One Team” runs through all our offices across the globe, and you can expect to be a part of an exciting company with many opportunities to grow and be successful.
Our roster has an opening with your name on it
FanDuel Group is looking to add an Identity & Controls Monitoring Senior Manager to its team with experience across cybersecurity domains, particularly Governance, Risk & Compliance (GRC); Identity & Access Management (IGA); and Audit & Assurance. The Identity & Controls Monitoring Senior Manager will report to the Security Assurance & Controls Senior Director within FanDuel Group’s Cybersecurity team. The ideal candidate for this role has a strong understanding of cybersecurity controls and best practices with a standout ability to translate technical concepts into auditable evidence to aid in the monitoring of cybersecurity risk and compliance. Superior relationship building and people skills are of paramount importance to succeeding in this role, as is a strong work ethic, attention to detail, a commitment to being a team player, and an aptitude to quickly learn the nuances of a fast-growing company within an expanding industry.
THE GAME PLAN
Everyone on our team has a part to play
- · Play an integral role in enhancing and developing the strategic direction of the Identity Governance and Continuous Controls Monitoring programs.
- · Own and maintain the efficacy of all team policies, procedures, and processes in accordance with the business needs
- · Manage overall technical solution(s) supporting Identity & Controls Monitoring.
- · Identify opportunities for automation and improvement to help the team and other key stakeholders work smarter, faster, and more effectively.
- · Conduct continuous research, development, and adaptation of innovative technologies, best practices, and strategies to increase the effectiveness of continuous monitoring within the context of the company's operational landscape.
- · Develop and present KPIs, KRIs, and key program initiatives for Identity & Controls Monitoring.
- · Drive innovation and delivery of critical initiatives, assignments, and audits within the department.
- · Manage the end-to-end performance management lifecycle activities for a hybrid team of 5-6 analysts and engineers
- · Provide guidance and mentorship to team members on department processes and security best practices.
- · Serve as first line of escalation for FanDuel’s controls adherence, overall health, and team inquiries.
- · Collaborate with cross-functional teams to integrate continuous assurance monitoring into existing security processes and workflows.
- · Assist the business in evaluating and mitigating potential risks by highlighting areas of concern, recommending potential solutions, implementing controls assurance system design updates, procedures, and changes to continuously monitor FanDuel’s required state of compliance for operation.
- · Provide training and support to enterprise teams on the program (process & tooling) and how to leverage the capability to monitor their control effectiveness.
- · Maintain contact with vendors, industry peers, and professional associations to keep informed of existing and evolving industry standards, technologies, and cyber threats especially around identity.
- · Become a trusted security advisor through bi-directional partnership across a wide range of stakeholders from Cyber GRC, Risk & Compliance, Internal Controls, Internal Audit, Enterprise IT, and Engineering.
- · Develop a risk-based approach for scoping, on-boarding, maintaining, and off-boarding applications in the IGA solution.
- · Oversee the User and Privileged Access Review lifecycle and ensure accuracy and compliance with critical controls.
- · Manage Access Management SOX ITGCs overall health and adoption, JML process oversight and lookbacks for SOX and other critical applications, separation of duties, and support application teams with audit evidence & responses as needed.
- · Advise FanDuel stakeholders across all departments on ways to enable better audit and assurance testing of cybersecurity controls and policies across key authoritative sources, e.g., NIST CSF, SOX ITGC, SOC2, PCI, GLI, etc.
- · Proactively seek to understand FanDuel’s internal policies and regulatory landscape and drive the alignment of all testing automation and control monitoring to applicable internal guidance, regulations, applicable laws, and standards.
- · Ensure timely alert and identification of control drift and work with control owners, Cyber GRC, and Enterprise Risk team members to document path to green.
What we’re looking for in our next teammate
- · Minimum 10 years of cybersecurity experience in GRC or across a variety of cybersecurity domains in a highly regulated industry.
- · Hands-on experience with IT controls, internal auditing, or IT risk management, including SOC 2, SOX, GDPR, PCI-DSS, NIST CSF, and ISO 27001. Exposure to GLI preferred.
- · Hands-on experience with Identity & Continuous control monitoring tools such as SailPoint, Zilla, Vanta, Drata, ZenGRC, etc. or building custom technical assurance capabilities.
- · Advanced understanding of identity lifecycle management e.g., Contractor path vs FTE, rehire, conversions (contractor to FTE).
- · Advanced technical knowledge of cloud technology (AWS, GCP, Azure), security controls, database systems, network systems, auditing and compliance software and tools, and IT infrastructure.
- · Experience with decision making around when to buy vs. build for tooling and capabilities.
- · The ability to communicate, both verbally and in writing, complex concepts, and information to various audiences.
- · Experience building and managing a high-performing team in a fast-paced, hybrid model
- · Working knowledge of hosted SaaS offerings, cloud technologies, and code development practices.
- · Experience building out effective cybersecurity processes including drafting policies, procedures, and training documents.
- · Prior consultancy experience and project implementation is a plus.
- · Strong interpersonal, influencing, and communications skills with an ability to interact effectively with senior management and stakeholders.
- · Experience working in a tech industry, product-based organization.
- · Passion to work hard in a fast-paced, start-up environment.
- · A self-starter with energy to follow-through and own the outcome.
- · An exceptional team player, with a desire to be a leader within FanDuel Group.
- · Prior experience or knowledge of the iGaming industry preferred.
- · Relevant cybersecurity certification(s), including CISSP, CISA, CISM, or CCSP preferred.
We treat our team right
From our many opportunities for professional development to our generous insurance and paid leave policies, we’re committed to making sure our employees get as much out of FanDuel as we ask them to give. Competitive compensation is just the beginning. As part of our team, you can expect:
- An exciting and fun environment committed to driving real growth
- Opportunities to build really cool products that fans love
- Mentorship and professional development resources to help you refine your game
- Be well, save well and live well - with FanDuel Total Rewards your benefits are one highlight reel after another
FanDuel is an equal opportunities employer and we believe, as one of our principal states, “We Are One Team!” We are committed to equal employment opportunity regardless of race, color, ethnicity, ancestry, religion, creed, sex, national origin, sexual orientation, age, citizenship status, marital status, disability, gender identity, gender expression, Veteran status, or another other characteristic protected by state, local or federal law. We believe FanDuel is strongest and best able to compete if all employees feel valued, respected, and included. We want our team to include diverse individuals because diversity of thought, diversity of perspectives, and diversity of experiences leads to better performance. Having a diverse and inclusive workforce is a core value that we believe makes FanDuel stronger and more competitive as One Team!
This role includes flexible time off (including unlimited paid time off for full-time employees) and 14 paid company holidays. FanDuel offers paid sick time in accordance with all applicable state and federal laws."