Fanatics, Inc.
We amplify pride and create connections for all fans around the world.
Security Analyst III
Security AnalystSecurity AnalystFull TimeRemoteTeam 1,001-5,000Since 2011H1B No SponsorCompany SiteLinkedIn
Location
New York
Posted
66 days ago
Salary
$129.2K - $212.5K / year
Bachelor Degree4 yrs expEnglishPythonSQL
Job Description
• Administer and enhance the user access review process to identify and address access control issues effectively.
• Draft, refine, and socialize policies/standards (access control, change management, vendor security, incident response, data privacy); maintain clear SOPs and RACI.
• Prepare high‑quality evidence, narratives, and diagrams; coordinate with auditors/assessors; manage requests and deadlines.
• Participate in Incident response efforts by conducting log analysis, gathering evidence, and executing remediation tasks.
• Build dashboards for control health, User Access Reviews completion, vendor coverage, GDPR compliance metrics, and audit findings; present insights to InfoSec leadership and stakeholders.
• Automate evidence collection and access reviews where possible; propose control enhancements that improve security and reduce operational toil.
• Deliver security awareness presentations for both technical and non-technical users. Actively contribute to ongoing information security education through diverse methods such as phishing simulations, annual training sessions, on-demand courses, and workshops.
• Support Governance, Risk, and Compliance (GRC) initiatives by implementing controls and gathering necessary evidence, and control testing.
• Support InfoSec Risk Issue Intake process to assess and risk rank new issues, identify and document mitigation plans/timelines with risk owners and SMEs, and track to resolution.
• Support quarterly user access review process (UARs) for SOX systems and ensure tickets are tracked to resolution and actioned within audit requirements. Complete lookback analysis where necessary
• Support Data Loss Prevention process by triaging and investigating alerts in the Mimecast/Code42 solution.
• Lead and coordinate GDPR compliance activities including Data Protection Impact Assessments (DPIAs), Records of Processing Activities (RoPA), data subject rights requests, and privacy audits.
• Manage the Third Party Risk Management (TPRM) program including vendor security assessments, ongoing risk monitoring, review of vendor attestations (SOC 2, ISO 27001), and maintenance of the vendor risk register.
• Conduct comprehensive security assessments of third-party vendors using standardized questionnaires and frameworks; work with vendors on remediation of identified gaps.
• Participate in an on-call rotation to address security incidents and escalations promptly.
Job Requirements
- Minimum of 4-5 years of experience as an Information security analyst or in a similar role
- Ability to leverage security compliance frameworks to support control improvement and evidence correlation.
- Working knowledge of SOC 2 (Trust Services Criteria) and ISO/IEC 27001/27002; familiarity with mapping controls across frameworks.
- Strong understanding of GDPR requirements including data protection principles, data subject rights, DPIAs, cross-border data transfers, and breach notification requirements.
- Proven experience managing Third Party Risk Management programs including vendor assessments, security questionnaire reviews, and ongoing vendor risk monitoring.
- Practical experience running User Access Reviews: scoping, sampling, evidence collection including completeness and accuracy, exception handling, and remediation follow‑through.
- Solid grasp of least privilege, SoD, joiner/mover/leaver, break‑glass, and privileged access management fundamentals.
- Strong documentation skills (control narratives, test plans, SOPs) and stakeholder communication.
- Comfort with spreadsheets and basic scripting/queries (e.g., SQL or Python) for sampling and evidence validation.
- Foundational knowledge in Agile methodologies with ability to successfully collaborate with multiple stakeholders.
- Ability to communicate effectively with technical and non-technical stakeholders.
- Ability to prioritize and balance multiple projects simultaneously.
- Ability to collaborate and work in a team environment.
- Proven experience drafting documentation such as standards, policies and architecture diagrams.
- Background in risk assessment methodologies such as NIST and FAIR is a plus
Benefits
- For information about our benefits, please visit __https://benefitsatfanatics.com/__
Related Guides
Related Categories
Related Job Pages
More Security Analyst Jobs
Senior Client Security Analyst
Included HealthAccess. Answers. Advocacy. We're raising the standard of healthcare for everyone.
Security Analyst69 days ago
Full TimeRemoteTeam 1,001-5,000
Client Success Analyst managing client security review processes in a remote capacity
Cyber SecurityGo
Security Analyst
SuperlanetAdvisory, Staffing, and Multi-State Employer of Record Solutions for Clinicians, by Clinicians.
Security Analyst74 days ago
Full TimeRemoteTeam 51-200Since 2017H1B No Sponsor
Epic Security Analyst managing user access within Epic at healthcare client
Principal Security Analyst, Staff Security Analyst
IvantiIvanti finds, heals and protects every device, everywhere – automatically.
Security Analyst75 days ago
Full TimeRemoteTeam 1,001-5,000Since 1985H1B Sponsor
Principal Security Analyst managing risk analysis and assessments at Ivanti
United States
Security Analyst79 days ago
Full TimeRemoteTeam 1,001-5,000Since 2007H1B No Sponsor
Senior Application Security Analyst protecting critical business operations at Triumph
MicroservicesPerlPythonSDLC
