TPRM Analyst, Info Sec

About Us

Fanatics is building a leading global digital sports platform. We ignite the passions of global sports fans and maximize the presence and reach for our hundreds of sports partners globally by offering products and services across Fanatics Commerce, Fanatics Collectibles, and Fanatics Betting & Gaming, allowing sports fans to Buy, Collect, and Bet. Through the Fanatics platform, sports fans can buy licensed fan gear, jerseys, lifestyle and streetwear products, headwear, and hardgoods; collect physical and digital trading cards, sports memorabilia, and other digital assets; and bet as the company builds its Sportsbook and iGaming platform. Fanatics has an established database of over 100 million global sports fans; a global partner network with approximately 900 sports properties, including major national and international professional sports leagues, players associations, teams, colleges, college conferences and retail partners, 2,500 athletes and celebrities, and 200 exclusive athletes; and over 2,000 retail locations, including its Lids retail stores. Our more than 22,000 employees are committed to relentlessly enhancing the fan experience and delighting sports fans globally.

About the Role

We are seeking a detail-oriented, analytical, and highly motivated Senior/Staff Analyst to support and scale our Information Security Third-Party Risk Management (TPRM) program. This role will play a key part in assessing, monitoring, and mitigating risks associated with third-party vendors. You will use our new modern, AI-powered TPRM platform to assess risk, analyze vendor responses and artifacts, and drive practical informed recommendations. You will partner closely with cross-functional teams, including Legal, Procurement, Information Security, and business stakeholders to enable risk-informed decisions and strengthen our overall third-party risk posture.

Your Impact

• Strengthen Resilience: Directly contribute to the security and resilience of the organization by developing and supporting a robust third-party risk management framework

• Drive Compliance: Ensure third-party relationships adhere to company policies, regulatory requirements, and industry best practices

• Enable the Business: Partner with business units to support risk-aware decision-making, enabling effective supplier engagement while safeguarding the organization

Key Responsibilities

Risk Assessment & Due Diligence

• Perform thorough due diligence reviews with the assistance of our AI-powered platform, including risk questionnaires, documentation analysis, and standard supplier due diligence assessments

• Ensure all third-party due diligence artifacts and supporting documentation are properly captured and maintained in the TPRM platform

• Evaluate third-party controls and documentation (e.g., SOC reports, policies, certifications etc.)

• Coordinate closely with other Information Security (e.g., security architecture / engineering, and subsidiary GRC) teams throughout the business to further assess third-party solutions as needed

• Advise business and stakeholders on third-party risk

Monitoring, Remediation, and Offboarding

• Continuously monitor third-party cyber posture, including ransomware susceptibility, breach likelihood, and other open-source intelligence signals using our modern cyber rating platform

• Triage alerts and escalate early warnings as appropriate

• Develop and manage corrective action plans and control documentation for identified risks and/or issues

• Track and evaluate vendor remediation efforts to ensure timely and effective resolution, working with business owners to address underperformance or emerging concerns

• Conduct periodic and event-driven reassessments of third parties based on risk and criticality

• Ensure secure third-party offboarding, including data handling, access revocation, and closure of contractual and security obligations.

Collaboration & Process Improvement

• Collaborate with business units, Legal, Information Security, and other risk subject matter experts to address and mitigate identified risks

• Support internal, customer, and third-party audits related to supplier risk and compliance

• Contribute to the development and enhancement of TPRM policies, standards, and procedures

• Create and implement scalable solutions for supplier tracking, monitoring, and compliance

• Stay current on industry trends, emerging risks, and regulatory changes impacting third-party relationships

What We’re Looking For

• Deep experience in Information Security Third-Party Risk Management, Risk Management, GRC Compliance, or a related field

• Strong analytical skills with the ability to identify, assess, and resolve complex issues

• Familiarity with risk management frameworks (e.g., NIST, ISO etc.) and vendor risk best practices

• Excellent communication and interpersonal skills, with the ability to collaborate effectively across teams

• High level of professionalism, integrity, and commitment to accuracy and thoroughness

• A risk-focused, outcomes-focused mindset - you know how to balance thoroughness with speed, and you're comfortable prioritizing efforts to address most critical risks and moving quickly in a fast-paced business without compromising control integrity

• Comfortable working with technology platforms and AI-assisted tooling (you don't need to be technical, but you should be curious and adaptable)

What Success Looks Like

• Consistent, high-quality execution of vendor risk assessments and due diligence

• Clear, actionable reporting that enhances leadership visibility into third-party risk

• Strong cross-functional partnerships enabling risk-informed business decisions

• Continuous improvement of TPRM processes, tools, and controls

Why Join Us

• Opportunity to help build and mature a critical risk management function

• High visibility role with cross-functional impact

• Collaborative and fast-paced environment

The salary range represents base pay only and does not include short-term or long-term incentive compensation. When determining base pay as part of a final compensation package, we consider several factors such as location, experience, qualifications, and training. For information about our benefits, please visit https://benefitsatfanatics.com/

Salary Range
$155,000—$165,000 USD