Fanatics · 1 day ago
Security Analyst III
United States
Full-time
Remote
Mid, Senior Level
$129K/yr - $212K/yr
4+ years expFanatics is a company focused on redefining how fans engage with prediction markets. They are seeking a Security Analyst III to enhance their security posture and compliance programs by leading user access reviews, developing security policies, managing audits, and supporting incident response efforts in a highly regulated environment.
eSportsManufacturingRetailSporting GoodsSports
Responsibilities
Administer and enhance the user access review process to identify and address access control issues effectively
Draft, refine, and socialize policies/standards (access control, change management, vendor security, incident response, data privacy); maintain clear SOPs and RACI
Prepare high‑quality evidence, narratives, and diagrams; coordinate with auditors/assessors; manage requests and deadlines
Participate in Incident response efforts by conducting log analysis, gathering evidence, and executing remediation tasks
Build dashboards for control health, User Access Reviews completion, vendor coverage, GDPR compliance metrics, and audit findings; present insights to InfoSec leadership and stakeholders
Automate evidence collection and access reviews where possible; propose control enhancements that improve security and reduce operational toil
Deliver security awareness presentations for both technical and non-technical users. Actively contribute to ongoing information security education through diverse methods such as phishing simulations, annual training sessions, on-demand courses, and workshops
Support Governance, Risk, and Compliance (GRC) initiatives by implementing controls and gathering necessary evidence, and control testing
Support InfoSec Risk Issue Intake process to assess and risk rank new issues, identify and document mitigation plans/timelines with risk owners and SMEs, and track to resolution
Support quarterly user access review process (UARs) for SOX systems and ensure tickets are tracked to resolution and actioned within audit requirements. Complete lookback analysis where necessary
Support Data Loss Prevention process by triaging and investigating alerts in the Mimecast/Code42 solution
Lead and coordinate GDPR compliance activities including Data Protection Impact Assessments (DPIAs), Records of Processing Activities (RoPA), data subject rights requests, and privacy audits
Manage the Third Party Risk Management (TPRM) program including vendor security assessments, ongoing risk monitoring, review of vendor attestations (SOC 2, ISO 27001), and maintenance of the vendor risk register
Conduct comprehensive security assessments of third-party vendors using standardized questionnaires and frameworks; work with vendors on remediation of identified gaps
Participate in an on-call rotation to address security incidents and escalations promptly
Qualification
Required
Minimum of 4-5 years of experience as an Information security analyst or in a similar role
Ability to leverage security compliance frameworks to support control improvement and evidence correlation
Working knowledge of SOC 2 (Trust Services Criteria) and ISO/IEC 27001/27002; familiarity with mapping controls across frameworks
Strong understanding of GDPR requirements including data protection principles, data subject rights, DPIAs, cross-border data transfers, and breach notification requirements
Proven experience managing Third Party Risk Management programs including vendor assessments, security questionnaire reviews, and ongoing vendor risk monitoring
Practical experience running User Access Reviews: scoping, sampling, evidence collection including completeness and accuracy, exception handling, and remediation follow‑through
Solid grasp of least privilege, SoD, joiner/mover/leaver, break‑glass, and privileged access management fundamentals
Strong documentation skills (control narratives, test plans, SOPs) and stakeholder communication
Comfort with spreadsheets and basic scripting/queries (e.g., SQL or Python) for sampling and evidence validation
Foundational knowledge in Agile methodologies with ability to successfully collaborate with multiple stakeholders
Ability to communicate effectively with technical and non-technical stakeholders
Ability to prioritize and balance multiple projects simultaneously
Ability to collaborate and work in a team environment
Proven experience drafting documentation such as standards, policies and architecture diagrams
Preferred
Background in risk assessment methodologies such as NIST and FAIR is a plus
Company
Fanatics
Fanatics is a sports merchandise retailer that manufactures fan gear and jerseys across retail channels. It is a sub-organization of Kynetic.
10001+ employees
H1B Sponsorship
Fanatics has a track record of offering H1B sponsorships. Please note that this does not
guarantee sponsorship for this specific role. Below presents additional info for your
reference. (Data Powered by US Department of Labor)
Distribution of Different Job Fields Receiving Sponsorship
Represents job field similar to this job
Trends of Total Sponsorships
2021 (2)
Funding
Current Stage
Late StageTotal Funding
$4.9BKey Investors
Clearlake Capital GroupNational Football LeagueAlameda Research
2022-12-06Private Equity· $700M
2022-03-02Private Equity· $1.5B
2022-01-01Series Unknown· $10M
Leadership Team
J
Joseph Bozich
Advisor to Chief Executive Officer
Michael Mahan
CEO
Recent News
Rochester Business Journal
2025-12-24
2025-12-24
Company data provided by crunchbase