Cyber Security Governance and Compliance Lead Engineer

Build a Bigger, Better, Bolder Future

Imagine working for a company that measures its success based off the growth of its colleagues, a company that invests in its future by investing in you. Little Caesars is a company where our colleagues make an impact.

Your Mission:

The Cybersecurity GRC Compliance Lead will be responsible for establishing, overseeing and maintaining a robust global governance risk and compliance strategy.  The objective for this role is to perform governance and compliance related activities to assure compliance with applicable legal and regulatory requirements, and industry leading practices, as well as ensure consistency with internal policies and standards across the organization. The GRC Lead will also be responsible for identifying, assessing, and mitigating cybersecurity risks as well as fostering a culture of security awareness and compliance across the organization. In addition, the Specialist will implement and operate a compliance monitoring and testing program to consistently generate key compliance metrics and reports.  This position will interface with all levels of the organization and have access to security-sensitive information.

How You'll Make an Impact:

• Create, update, and maintain comprehensive cybersecurity policies, standards, procedures, and guidelines that align with business objectives and regulatory requirements (e.g., NIST SOC2 and PCI DSS), while planning, designing, deploying, and managing the adoption and compliance of our organization's policies and standards framework across corporate and store locations globally. 
• Perform internal compliance assessments based on approved methodology at regular intervals and as needed identify gaps and areas for improvement. Manage audits (internal and external) and facilitate remediation efforts. 
• Serve as the primary point of contact and subject matter expert for all PCI DSS-related matters. Develop, implement, and maintain the organization's PCI DSS compliance program, ensuring adherence to all applicable requirements. Additionally, support the stores' infrastructure design by focusing on implementing new technologies for PCI DSS compliance. 
• Lead the identification, assessment, analysis, and treatment of cybersecurity risks. Develop and maintain a risk register to track mitigation efforts. Additionally, create and implement processes for assessing and managing cybersecurity risks associated with third-party vendors and partners. 
• Advise internal units on cybersecurity and its effect to educate employees and franchisees on their roles and responsibilities in maintaining a secure environment 
• Stay abreast of latest cybersecurity threats, trends, regulations, and best practices, and proactively recommend and implement improvements to the GRC framework. 
• Coordinate with internal stakeholder operations teams (such as legal and data protection teams) to provide support and help interpret policies, standards, and procedures to ensure consistency and compliance 
• Develop, deploy, and monitor compliance metrics within the governance, risk and compliance system and report on effectiveness of the governance and compliance activities 

Who You Are:

• Bachelors’ degree in Systems Engineering, Computer Engineering, Computer Science, or other closely related discipline. Education will be considered in lieu of experience.  
• Minimum of four (4) years’ experience in cybersecurity functions, including policy, standards, compliance, legal, or risk management function 
• Minimum of two (2) years’ experience with PCI risk assessments and the ability to prioritize threat mitigation with security countermeasures 
• Knowledge of computer networking concepts and protocols, and cybersecurity principles 
• Deep understanding of cybersecurity and the relationship between threat, vulnerability, and information value in the context of governance and compliance 
• An understanding of emerging technology and digital trends and their impacts on cybersecurity 
• Experience and familiarity with cloud data security and working with public cloud solutions (AWS/Azure) 
• Experience working with a Governance, Risk and Compliance tool 
• Demonstrated ability to prioritize and execute tasks in a high-pressure environment 
• Requires self-motivated approach to work with keen attention to detail 
• Evidence of ability to work in a team-oriented, collaborative environment with minimal oversight, and ability to work well under tight deadlines and effectively interact with a wide range of personnel.                                                   
• Experience with technical documentation related to PCI DSS, ISO 27001, NIST CSF, SOC 2 and continuous monitoring preferred. 
• Experience contributing to audit requests and proven ability to gather evidence in support of audits preferred. 
• Strong understanding of risk-based decision-making (i.e., risk analysis, mitigation, resolution, acceptance, etc.) 
• Solid ability to communicate complex information, concepts, or ideas in a confident and well-organized manner through verbal, written, and/or visual means 
• Demonstrate strong verbal and written communication skills as well as strong analytical and problem-solving abilities 
• Excellent English language, grammar, and spelling skills for writing, editing, and proofreading 
• Ability to work independently or as a member of a team on various tasks 
• At least one of the following certifications is required or must be obtained within your first 12 months of employment: CRISC, CISA, CISM, CISSP or PCIP. 

Disclaimer:

The above is intended to describe the general content of and requirements for the performance of this job.  It is not to be construed as an exhaustive statement of duties, responsibilities, or requirements.

All items listed above are illustrative and not comprehensive.  They are not contractual in nature and are subject to change at the discretion of Little Caesars Enterprises Inc.      

Little Caesar Enterprises, Inc. is an Equal Employment Opportunity employer. All qualified applicants will receive consideration for employment without regards to that individual’s race, color, religion or creed, national origin or ancestry, sex (including pregnancy), sexual orientation, gender identity, age, physical or mental disability, veteran status, genetic information, ethnicity, citizenship, or any other characteristic protected by law.                                   
The Company will strive to provide reasonable accommodations to permit qualified applicants who have a need for an accommodation to participate in the hiring process (e.g., accommodations for a job interview) if so requested.  
This company participates in E-Verify. Click on any of the links below to view or print the full poster. E-Verify and Right to Work.

PRIVACY POLICY