Security Analyst II

About The Position

Requirements

• Minimum of 2 years of experience as a Information security analyst or in a similar role
• Ability to leverage security compliance frameworks to support control improvement and evidence correlation.
• Working knowledge of SOC 2 (Trust Services Criteria) and ISO/IEC 27001/27002; familiarity with mapping controls across frameworks.
• Practical experience running User Access Reviews: scoping, sampling, evidence collection including completeness and accuracy, exception handling, and remediation follow‑through.
• Solid grasp of least privilege, SoD, joiner/mover/leaver, break‑glass, and privileged access management fundamentals.
• Strong documentation skills (control narratives, test plans, SOPs) and stakeholder communication.
• Comfort with spreadsheets and basic scripting/queries (e.g., SQL or Python) for sampling and evidence validation.
• Foundational knowledge in Agile methodologies with ability to successfully collaborate with multiple stakeholders.
• Ability to communicate effectively with technical and non-technical stakeholders.
• Ability to prioritize and balance multiple projects simultaneously.
• Ability to collaborate and work in a team environment.
• Proven experience drafting documentation such as standards, policies and architecture diagrams.

Nice To Haves

• Background in risk assessment methodologies such as NIST and FAIR is a plus

Responsibilities

• Administer and enhance the user access review process to identify and address access control issues effectively.
• Draft, refine, and socialize policies/standards (access control, change management, vendor security, incident response); maintain clear SOPs and RACI.
• Prepare high‑quality evidence, narratives, and diagrams; coordinate with auditors/assessors; manage requests and deadlines.
• Participate in Incident response efforts by conducting log analysis, gathering evidence, and executing remediation tasks.
• Build dashboards for control health, User Access Reviews completion, vendor coverage, and audit findings; present insights to InfoSec leadership and stakeholders.
• Automate evidence collection and access reviews where possible; propose control enhancements that improve security and reduce operational toil.
• Deliver security awareness presentations for both technical and non-technical users. Actively contribute to ongoing information security education through diverse methods such as phishing simulations, annual training sessions, on-demand courses, and workshops.
• Support Governance, Risk, and Compliance (GRC) initiatives by implementing controls and gathering necessary evidence, and control testing.
• Support InfoSec Risk Issue Intake process to assess and risk rank new issues, identify and document mitigation plans/timelines with risk owners and SMEs, and track to resolution.
• Support quarterly user access review process (UARs) for SOX systems and ensure tickets are tracked to resolution and actioned within audit requirements. Complete lookback analysis where necessary
• Support Data Loss Prevention process by triaging and investigating alerts in the Mimecast/Code42 solution.
• Participate in an on-call rotation to address security incidents and escalations promptly.

Benefits

• This role is eligible for the Fanatics Betting and Gaming annual bonus program and an equity award.
• full-time employees are eligible for Medical, Dental, Vision, 401K, paid time off, and other benefits like GymPass, Pet Insurance, Family Care Benefits, and more.
• We'll also give you $700 to set up your home office!