Job DescriptionCompany Overview Fanatics is building a leading global digital sports platform. We ignite the passions of global sports fans and maximize the presence and reach for our hundreds of sports partners globally by offering products and services across Fanatics Commerce, Fanatics Collectibles, and Fanatics Betting & Gaming, allowing sports fans to Buy, Collect, and Bet. Through the Fanatics platform, sports fans can buy licensed fan gear, jerseys, lifestyle and streetwear products, headwear, and hardgoods; collect physical and digital trading cards, sports memorabilia, and other digital assets; and bet as the company builds its Sportsbook and iGaming platform. Fanatics has an established database of over 100 million global sports fans; a global partner network with approximately 900 sports properties, including major national and international professional sports leagues, players associations, teams, colleges, college conferences and retail partners, 2,500 athletes and celebrities, and 200 exclusive athletes; and over 2,000 retail locations, including its Lids retail stores. Our more than 22,000 employees are committed to relentlessly enhancing the fan experience and delighting sports fans globally. FHI (Fanatics Holdings Inc.) employees are expected to be on-site 4-days per week. We also offer the unique benefit of allowing employees to temporarily work from anywhere up to 20 days per year. The Role: Fanatics Holdings Inc. is seeking a highly skilled and experienced candidate in the Oracle Applications Security and GRC space, inclusive of Oracle Cloud Infrastructure (OCI), to join the Information Security team as an Oracle Security Manager. The position will focus on Oracle security and controls, strategic risk management for the Oracle platform, and governance, risk, and control technology enablement for Oracle. The ideal candidate will have a deep understanding of cloud security principles, extensive experience with OCI, and the ability to work effectively in a fast-paced, collaborative setting. What You'll Do:
- Governance on Oracle Cloud role design across functional (ERP, EPM, OTBI) and technical (e.g. - Security Console, Setup & Maintenance, OIC) domain areas.
- Identifying key risks and controls, Sarbanes Oxley readiness, controls optimization, as well as configuration of controls around security, business process and within the Oracle Cloud RMC modules.
- Managing and understanding SDLC for Oracle Cloud product implementations, and configurations - e.g., security and control, and/or optimizations of business process controls and application security.
- Design, implement, and manage security solutions within the Oracle Cloud Infrastructure environment.
- Develop and enforce security policies and procedures to ensure the protection of organizational data in Oracle.
- Configure and manage OCI security services including IAM, Network Security, Data Encryption, and Security Monitoring.
- Monitor and analyze security events across OCI services to detect and respond to threats.
- Investigate and respond to security incidents and breaches in Oracle, performing root cause analysis and implementing corrective actions.
- Ensure compliance with industry standards, regulatory requirements, and internal policies.
- Conduct regular security assessments and audits of the OCI and ERP environment.
- Identify and mitigate security risks associated with OCI deployments.
- Work closely with IT teams to integrate security into the design and deployment of OCI solutions.
- Collaborate with external partners and stakeholders to align security initiatives with organizational goals.
- Stay current with emerging security technologies, threats, and best practices.
- Recommend and implement improvements to security processes and tools.
- Participate in ongoing training and professional development opportunities.
- Educate, consult, and train stakeholders on best practices around Oracle Cloud Security.
- Effectively manage work with multiple stakeholders and manage competing priorities with internal clients.
- ERP Security oversight for M&A and divestures.
- Participate in rotating on-call schedule.
What We're Looking For:
- A bachelor's degree in a relevant area of study with a preference for specialization in Business Administration, Computer Science, Engineering, Accounting, or Information Systems.
- Security certifications such as Oracle Cloud Infrastructure (OCI) Certified Architect Professional, Certified Information Systems Auditor (CISA), Certified Information Security Manager (CISM), and Certified Information Systems Security Professional (CISSP) are highly desired.
- At least 5 years of experience in Oracle application security, GRC, and cloud security, with a focus on Oracle Cloud Infrastructure.
- Experience with Oracle security (role design, user lifecycle management, segregation of duties).
- Experience with Oracle Cloud Risk Management Cloud (RMC) design, implementation or assessment experience including Advanced Access Controls (AAC), Advanced Financial Controls (AFC) and Financial Reporting Compliance (FRC).
- Deep understanding of cloud security principles, and experience with OCI.
- Experience with Terraform and GitHub is preferred.
- Strong knowledge of OCI security services, including Identity and Access Management (IAM), Network Security, and Data Encryption.
- Experience with security monitoring tools and incident response processes.
- Familiarity with compliance frameworks such as GDPR, HIPAA, and ISO 2700.
- Ability to understand IT risks and implications to the business, identify weaknesses and recommend solutions.
- Initiative-taking, adaptable, and possess a continuous learning mindset to keep up with the evolving security challenges and technologies.
- Strong written, communication, and presentation skills.
- Strong skills in project and risk management.
- Experienced communicating with executives and stakeholders.
- Passion for leading and implementing change.
- Global experience preferred.
The salary range for this position is $160,000 to $180,000, which represents base pay only and does not include short-term or long-term incentive compensation. When determining base pay, as part of a final compensation package, we consider several factors such as location, experience, qualifications, and training.