Logo for PrizePicks

Senior GRC Analyst

Role overview

Qualifications

  • 5+ years of experience in Governance, Risk, and Compliance (GRC), Information Security, IT Audit, or related fields.
  • Experience independently managing audits, compliance initiatives, or governance programs with limited supervision.
  • Experience working with security and compliance frameworks such as SOC 2, ISO 27001, SOX 404, PCI-DSS, NIST, GDPR, CIS or similar standards.
  • Strong written and verbal communication skills with the ability to collaborate across technical and non-technical teams.

Responsibilities

  • Own the ongoing review and maintenance of organizational security policies, standards, and procedures.
  • Serve as a primary cross-functional coordinator with other dedicated compliance teams to design and maintain a unified governance roadmap.
  • Lead security risk assessments for third-party vendors as part of the procurement lifecycle.
  • Coordinate and support the organization's annual security audits and certifications.

Key facts

  • Remote from: Georgia (USA)
  • Full time
  • Senior (5-10 years)
  • 0
  • English

Other skills

  • Security Policies
  • Collaboration
  • Communication
  • Organizational Skills

About the company

PrizePicks logo

PrizePicks

Sporting Goods

PrizePicks is the largest independently owned Daily Fantasy Sports (DFS) platform in North America. Centered around real-money more/less predictions, PrizePicks allows sports fans to play against the numbers rather than each other, and it is the simplest variety of daily fantasy sports with the widest breadth of sports coverage of any DFS operator. Boasting partnerships to date with the Atlanta Braves and Miami Marlins, among others, PrizePicks is currently the closest legal alternative to legal mobile sports betting in the majority of the United States including Top 10 markets like California, Texas, Florida, and Georgia. With an existing digital footprint covering more than 60 percent of the U.S. population, PrizePicks is the most accessible type of game for the masses. The company is headquartered in Atlanta, and PrizePicks is the third product from Performance Predictions, a suite of fan engagement solutions including SidePrize, the 2016 Fantasy Sports and Gaming Association's "Rookie of the Year" award recipient. PrizePicks is available in the App Store and Google Play or at prizepicks.com.

Company details

Company typeScaleup
IndustrySporting Goods
Company size51 - 200

Your match analysis

See how your profile stacks up against this role.

We compared the job requirements to your profile to show where you're strong and where you fall short.

Job description

At PrizePicks, we are the fastest-growing sports company in North America, as recognized by Inc. 5000. As the leading platform for Daily Fantasy Sports, we cover a diverse range of sports leagues, including the NFL, NBA, and Esports titles like League of Legends and Counter-Strike. Our team of over 550 employees thrives in an inclusive culture that values individuals from diverse backgrounds, regardless of their level of sports fandom. Ready to reimagine the DFS industry together? 

Overview:

  • PrizePicks is seeking an experienced and detail-oriented Senior GRC Analyst to join our expanding governance programs. This role will help drive the continued development and maturation of the organization's IT and Security governance, risk, and compliance initiatives. You will partner closely with Security, IT, Legal, Engineering, and business stakeholders to help strengthen our compliance posture, improve governance processes, and support ongoing risk management efforts across the enterprise.
  • The ideal candidate is collaborative, proactive, and comfortable working with both technical and non-technical teams in a fast-paced environment.

What you’ll do:

  • Policy Lifecycle Management: 
    • Own the ongoing review and maintenance of organizational security policies, standards, and procedures. Assist in identifying policy gaps based on evolving regulatory requirements, business needs, and industry best practices. 
  • Compliance Program Support:
    • Serve as a primary cross-functional coordinator with other dedicated compliance teams (e.g., Legal, Regulatory Affairs, Internal Audit) to design and maintain a unified, strategic governance roadmap that ensures all corporate compliance activities are aligned, documented, and consistently executed across the enterprise.
  • Third-Party Risk Management (TPRM):
    • Lead security risk assessments for new and renewing third-party vendors third-party vendors as part of the procurement lifecycle. Track remediation items and collaborate with stakeholders to address identified risks. 
  • Audit & Certification Coordination: 
    • Coordinate and support the organization's annual security audits and certifications (e.g., SOC 2, PCI, CIS). 
    • Coordinate evidence collection, track action items, communicate with stakeholders, and assist with audit readiness activities. 
      • Lead cross-functional coordination with internal SMEs to support evidence collection activities with internal SMEs to support the internal evidence gathering process across multiple departments, reviewing appropriateness, tracking action items, and ensuring timely submission of required documentation.
      • This includes acting as a secondary liaison with external auditors, coordinating the internal evidence gathering process across multiple departments, tracking action items, and ensuring timely submission of required documentation.
      • Serve as a subject matter resource in interpreting and mapping security controls to operational processes and supporting evidence, helping ensure control language, documentation, and evidence collection align with audit and compliance requirements. 
  • Security Training Program: 
    • Assist with the administration and continuous improvement of the company’s security awareness and training program, including tracking completion metrics and updating training content as needed. 
  • Regulatory & Compliance Support: 
    • Work in close partnership with Legal and Regulatory teams to interpret new and changing compliance requirements. Provide security insight to ensure corporate practices and technology align with legal and regulatory mandates.
  • Governance and Process Improvement: 
    • Proactively identify and drive improvements to the efficiency, consistency, and scalability of GRC processes of GRC processes and documentation. 
    • Contribute to initiatives that enhance operational maturity and reduce organizational risk. Ensuring internal tools and processes meet control objectives and reduce organizational risk.
    • Assist with the administration, maintenance, and continuous improvement of the organization’s GRC platform and related workflows to help streamline governance, risk, and compliance operations. 
  • Risk & Issue Management Support: 
    • Maintain and help evolve risk and issues registries, tracking exceptions, risk owners, update timelines, and supporting broader risk management initiatives across Security and IT functions.

What you have:

  • 5+ years of experience in Governance, Risk, and Compliance (GRC), Information Security, IT Audit, or related fields. 
  • Experience independently managing audits, compliance initiatives, or governance programs with limited supervision.
  • Experience working with security and compliance frameworks such as SOC 2, ISO 27001, SOX 404, PCI-DSS, NIST, GDPR, CIS or similar standards.
  • Familiarity with audit processes including evidence gathering / review, remediation tracking, and auditor coordination.
  • Experience maintaining or developing security policies, standards, and procedures.
  • Hands-on experience conducting Third-Party Risk Management (TPRM) assessments, including vendor security reviews, questionnaire evaluations, risk analysis, remediation tracking, and ongoing monitoring of third-party risk throughout the vendor lifecycle.
  • Experience identifying, documenting, tracking, and communicating security and compliance risks to technical and non-technical stakeholders, including supporting risk remediation and exception management processes.
  • Experience working with GRC platforms and tooling to manage compliance activities, risk registers, policy lifecycle management, audit evidence collection, and workflow automation.
  • Experience interpreting and mapping security and compliance controls to operational processes and evidence requirements, including refining control language, validating control applicability, and ensuring appropriate evidence collection aligns with audit and compliance expectations.
  • Familiarity with the impact of Governance, Risk, and Compliance (GRC) on the Secure Software Development Life Cycle (SSDLC) and IT operations.
  • Experience supporting privacy and data protection compliance initiatives, including CCPA, consumer privacy regulations, and broader PII/data handling protection requirements across business and technology environments.
  • Strong written and verbal communication skills with the ability to collaborate across technical and non-technical teams.
  • Strong organizational skills and ability to manage multiple priorities effectively.Strong project management experience.

What makes you stand out:

  • Industry certifications such as CISSP, CISM, CISA, CRISC, Security+, or similar. 
  • Experience working in high-growth technology or regulated environments.
  • Familiarity with GRC tooling such as Vanta, Drata, Archer, OneTrust, or ServiceNow GRC.
  • Experience supporting PCI-DSS, privacy, or state regulatory compliance initiatives.
  • Exposure to security awareness platforms and vendor risk management tooling.
  • Experience helping mature or scale governance and compliance programs.

Where you’ll live:

  • While we prefer candidates based in Atlanta, we are open to qualified applicants from anywhere in the U.S. and are willing to consider remote candidates. #LI-Remote 

Working at PrizePicks:

The typical salary range for this position is $110,000 to $120,000. At PrizePicks, we consider your role, level, and where you'll be working when determining our salary ranges. The compensation info you see on our job postings gives you an idea of the starting pay range for the position. Your actual pay within that range will depend on your specific work location, as well as your skills, experience, and education. Your recruiter will be happy to chat more about the specific pay range for your location and how we arrived at it during the hiring process. 

This application period will remain open for 30 days. We’re committed to finding the best candidate, so this date may be adjusted, and any changes will be reflected in this posting.

Date Posted:  7/8/26

 

Benefits you’ll receive:

In addition to your great compensation package, full-time employees will be eligible for the following perks: 

  • Company-subsidized medical, dental, & vision plans 
  • 401(k) plan with company match
  • Annual bonus
  • Flexible PTO to encourage a healthy work/life balance (2 weeks STRONGLY encouraged!)
  • Generous paid leave programs, including 16-week paid parental leave and disability benefits
  • Workplace flexibility and modern work schedules focused on getting the job done, not hours clocked
  • Company-wide in-person events and team outings
  • Lifestyle enhancement program
  • Company equipment provided (Windows & Mac options)
  • Annual performance reviews with opportunities for growth and career development

You must be authorized to work for any employer in the U.S.  We are unable to sponsor or take over sponsorship of an employment Visa at this time. 

PrizePicks is an Equal Opportunity Employer.  All applicants will be considered for employment without attention to race, color, religion, sex, sexual orientation, gender identity, national origin, veteran or disability status.

Apply once. Then go straight to the hiring manager.

After you apply, unlock the direct contact details of the people who actually make the call. A quick follow-up makes you 5x more likely to land an interview.

MR

Marcus Rivera

Chief Revenue Officer

m.rivera@company.com
linkedin.com/in/marcusrivera
Unlocked after you apply
·

Related jobs

Other jobs at PrizePicks

Premium

Reach out to the hiring manager directly.

Gain access to the contact details of the hiring managers who actually decide, and reach out to network with them directly. That, plus more when you upgrade:

  • Full match report with fit score and gaps
  • Career diagnostics on how recruiters read you
  • Curated company matches and warm intros
  • 48h early access to new roles

Cancel anytime.