Risk Assessment Analyst



FanDuel Group is a world-class team of brands and products all built with one goal in mind — to give fans new and innovative ways to interact with their favorite games, sports, teams, and leagues. That’s no easy task, which is why we’re so dedicated to building a winning team. And make no mistake, we are here to win, but we believe in winning right. That means we’ll never compromise when it comes to looking out for our teammates. From our many opportunities for professional development to our generous insurance and paid leave policies, we’re committed to making sure our employees get as much out of FanDuel as we ask them to give.

Our brands include:

  • FanDuel — A game-changing real-money fantasy sports app
  • FanDuel Sportsbook — America’s #1 sports betting app
  • FanDuel TV — "The Bettor Sports Network" bringing live sports and interactive content to the games fans care about most
  • FanDuel Racing — A horse racing app built for the average sports fan
  • FanDuel Casino & Betfair Casino — Fan-favorite online casino apps
  • FOXBet — A world-class betting platform and affiliate of FanDuel Group
  • PokerStars — The premier online poker product and affiliate of FanDuel Group

Our roster has an opening with your name on it

We are looking for a Risk Assessment Analyst in the Information Security Governance, Risk, and Compliance (GRC) team. Our GRC team has the unique opportunity and visibility to actively partner with departments across FanDuel Group taking a holistic view of the entire company and reducing risk. The GRC Risk Assessment Analyst will lead risk Assessments related to solutions using native cloud service provider.

Everyone on our team has a part to play

  • Perform Security Risk Assessments (SARs) for Infrastructure as a Service (IaaS), Platform as a Service (PaaS), and Software as a Service (SaaS) cloud computing models to align against Information Security Policies for the security of confidentiality, availability, and integrity of information, business delivery and technology.
  • Conduct continuous assessments to identify data at risk
  • Communicate and identify issues, which could potentially pose risk to the brand
  • Provide technical guidance for FanDuel divisions migrating to the public cloud to protect data in transit and at rest within and outside of the corporate boundaries (i.e., IaaS, PaaS, and SaaS).
  • Perform Risk Assessments using FanDuel Group GRC platform, organizing and tracking all supporting evidence for closure, risk management and recommendations regarding cybersecurity controls throughout an asset's lifecycle and create standard process documentation to incorporate within the risk assessment.
  • Bring your expertise in risk assessment to assess and report on our information systems processes and procedures according to Information Security Policy requirements and best practices.
  • Identify and analyze the inherent risks in applications and supporting infrastructure and the controls that management has implemented to mitigate risks.
  • Provide a culture of risk awareness, risk and control visibility
  • Perform onsite assessments and technical review of key vendors to ensure adherence to contractual obligations.
  • Document, assess, investigate and map known and unknown areas of risk, then present steps to lower or remove the risk, as appropriate.
  • Evaluate risks — known and unknown — within the company and its operations in accordance with known industry frameworks (i.e., ISO, SCF, NIST, GLI-33).
  • Document and report on resolution of SAR findings, including provision of evidence for closure and add to risk register.

What we're looking for in our next teammate

  • Experience conducting risk assessments for a company with significant regulatory requirements.
  • Risk Analysis experience, including developing and deploying remediation action plan is preferred.
  • Strengthen relationships with cross functional teams to promote collaboration and cohesiveness.
  • Easily adapt to a rapidly evolving, faced paced, cyber security environment as it relates to changes in strategy or risk.
  • Demonstrate a strong understanding of the Information Security, IT environment and its impact on business risk. 
  • Strong understanding of technical terminology (e.g., platforms, architecture, ISO 27001, GLI-33 and SCF).
  • Public Cloud experience preferred.
  • Experience with using GRC platforms like ZenGRC considered a major plus.
  • Strong verbal and written communication skills.
  • Strong organizational skills and attention to detail.
  • Professional presence and demeanor.
  • Minimum of 3 years of conducting Risk Assessments, Information Security, IT Auditing or equivalent experience

We treat our team right

Competitive compensation is just the beginning. As part of our team, you can expect:

  • An exciting and fun environment committed to driving real growth
  • Opportunities to build really cool products that fans love
  • Mentorship and professional development resources to help you refine your game
  • Flexible vacation allowance to let you refuel
  • Hall of Fame benefit programs and platforms

FanDuel Group is an equal opportunities employer. Diversity and inclusion in FanDuel means that we respect and value everyone as individuals. We don't tolerate bias, judgement or harassment.  Our focus is on developing employees so that they reach their full potential.