About Us Fanatics is building a leading global digital sports platform. We ignite the passions of global sports fans and maximize the presence and reach for our hundreds of sports partners globally by offering products and services across Fanatics Commerce, Fanatics Collectibles, and Fanatics Betting & Gaming, allowing sports fans to Buy, Collect, and Bet. Through the Fanatics platform, sports fans can buy licensed fan gear, jerseys, lifestyle and streetwear products, headwear, and hardgoods; collect physical and digital trading cards, sports memorabilia, and other digital assets; and bet as the company builds its Sportsbook and iGaming platform. Fanatics has an established database of over 100 million global sports fans; a global partner network with approximately 900 sports properties, including major national and international professional sports leagues, players associations, teams, colleges, college conferences and retail partners, 2,500 athletes and celebrities, and 200 exclusive athletes; and over 2,000 retail locations, including its Lids retail stores. Our more than 22,000 employees are committed to relentlessly enhancing the fan experience and delighting sports fans globally. About The Role We are seeking a detail-oriented, analytical, and highly motivated Senior/Staff Analyst to support and scale our Information Security Third-Party Risk Management (TPRM) program. This role will play a key part in assessing, monitoring, and mitigating risks associated with third-party vendors. You will use our new modern, AI-powered TPRM platform to assess risk, analyze vendor responses and artifacts, and drive practical informed recommendations. You will partner closely with cross-functional teams, including Legal, Procurement, Information Security, and business stakeholders to enable risk-informed decisions and strengthen our overall third-party risk posture. Your Impact
Strengthen Resilience: Directly contribute to the security and resilience of the organization by developing and supporting a robust third-party risk management framework
Drive Compliance: Ensure third-party relationships adhere to company policies, regulatory requirements, and industry best practices
Enable the Business: Partner with business units to support risk-aware decision-making, enabling effective supplier engagement while safeguarding the organization
Key Responsibilities Risk Assessment & Due Diligence
Perform thorough due diligence reviews with the assistance of our AI-powered platform, including risk questionnaires, documentation analysis, and standard supplier due diligence assessments
Ensure all third-party due diligence artifacts and supporting documentation are properly captured and maintained in the TPRM platform
Coordinate closely with other Information Security (e.g., security architecture / engineering, and subsidiary GRC) teams throughout the business to further assess third-party solutions as needed
Advise business and stakeholders on third-party risk
Monitoring, Remediation, and Offboarding
Continuously monitor third-party cyber posture, including ransomware susceptibility, breach likelihood, and other open-source intelligence signals using our modern cyber rating platform
Triage alerts and escalate early warnings as appropriate
Develop and manage corrective action plans and control documentation for identified risks and/or issues
Track and evaluate vendor remediation efforts to ensure timely and effective resolution, working with business owners to address underperformance or emerging concerns
Conduct periodic and event-driven reassessments of third parties based on risk and criticality
Ensure secure third-party offboarding, including data handling, access revocation, and closure of contractual and security obligations.
Collaboration & Process Improvement
Collaborate with business units, Legal, Information Security, and other risk subject matter experts to address and mitigate identified risks
Support internal, customer, and third-party audits related to supplier risk and compliance
Contribute to the development and enhancement of TPRM policies, standards, and procedures
Create and implement scalable solutions for supplier tracking, monitoring, and compliance
Stay current on industry trends, emerging risks, and regulatory changes impacting third-party relationships
What We’re Looking For
Deep experience in Information Security Third-Party Risk Management, Risk Management, GRC Compliance, or a related field
Strong analytical skills with the ability to identify, assess, and resolve complex issues
Familiarity with risk management frameworks (e.g., NIST, ISO etc.) and vendor risk best practices
Excellent communication and interpersonal skills, with the ability to collaborate effectively across teams
High level of professionalism, integrity, and commitment to accuracy and thoroughness
A risk-focused, outcomes-focused mindset - you know how to balance thoroughness with speed, and you're comfortable prioritizing efforts to address most critical risks and moving quickly in a fast-paced business without compromising control integrity
Comfortable working with technology platforms and AI-assisted tooling (you don't need to be technical, but you should be curious and adaptable)
What Success Looks Like
Consistent, high-quality execution of vendor risk assessments and due diligence
Clear, actionable reporting that enhances leadership visibility into third-party risk
Strong cross-functional partnerships enabling risk-informed business decisions
Continuous improvement of TPRM processes, tools, and controls
Why Join Us
Opportunity to help build and mature a critical risk management function
High visibility role with cross-functional impact
Collaborative and fast-paced environment
The salary range represents base pay only and does not include short-term or long-term incentive compensation. When determining base pay as part of a final compensation package, we consider several factors such as location, experience, qualifications, and training. For information about our benefits, please visit https://benefitsatfanatics.com/ Salary Range $155,000 - $165,000 USD By submitting your application, you agree to our terms of service and acknowledge you have read our Candidate Privacy Policy.
Skills
Business Development and SalesTechnology, Information and Internet