Cybersecurity Governance, Risk and Compliance Manager

Build a Bigger, Better, Bolder Future:

Imagine working for a company that measures its success based off the growth of its colleagues, a company that invests in its future by investing in you. Little Caesars is a company where our colleagues make an impact.

Your Mission:

The Cybersecurity Governance, Risk, and Compliance Manager will drive and manage the enterprise-wide Governance, Risk, and Compliance capabilities regarding information management, risk management, policies & standards, and internal/external compliance. The manager will lead a team that will design, develop, document, and communicate Governance, Risk, and Compliance related policies, standards, and procedures and is a key enabler in driving consistency across LCE. More specifically, the Governance, Risk, and Compliance Manager will be responsible for the design and development of robust operational capabilities in support of risk management (including third parties), compliance, and security training and awareness.

In this role, the Manager will also offer guidance, consultations, and decision support for ad hoc requests and inquiries. The Manager will oversee the enterprise-wide Governance, Risk, and Compliance function to ensure key compliance metrics and reports are consistently generated, aggregated, and reported to senior management and other executive stakeholders.

This position must be able to work on the development of a cybersecurity risk framework, implantation of policies, and security awareness program, as well as identifying and monitoring security compliance requirements. This position will interface with all levels of the organization and have access to security-sensitive information.

How You’ll Make an Impact:

• Drive compliance leadership and engagement with the stakeholder operations teams to ensure the timely identification of cyber risk across markets as well as compliance with all appropriate regulatory requirements and internal cybersecurity policies and standards

• Develop and implement a cybersecurity risk assessment framework/methodology, standards, guidelines, and procedures with KPIs and coordinate the assessment across all business verticals

• Develop and oversee the adoption of a global cybersecurity policies and standards framework. In addition, ensure these global policies and standards (and any exceptions to them) are maintained current and relevant, and appropriately managed over their lifecycle

• Collaborate with Legal and Corporate Data Protection functions in the interpretation of regulatory requirements and compliance expectations, and ensure cybersecurity and regulatory requirements are properly addressed in third party contracts

• Lead the development of a high-value asset framework, information management controls to drive the proper application of security controls in a manner that is commensurate with the associated risks

• Lead the development of and oversee a global cybersecurity training, education, and awareness program

• Lead a strong team of professionals assigned to major initiatives ensuring dependable and responsive support to the organization

• Maintaining up-to-date, detailed knowledge of the IT security industry including awareness of new or improved security solutions and policies, processes, and procedures. Share and educate colleagues to mature the organization

• Develop and manage compliance metrics within the governance risk and compliance system, and report on the effectiveness of governance and compliance activities by collecting and aggregated key risk and compliance metrics

• Responsible for hiring, training, performance management, and corrective actions for direct reports. Collaborate with team members on career development and goal setting

Who You Are:

• Bachelors’ degree in Information Management, Information Security, Computer Engineering, Computer Science, or other closely related disciplines. Equivalent experience may be considered in lieu of a formal degree

• Minimum of seven (7) years of experience in cybersecurity related functions, risk management, audit, risk assurance, compliance, or similar area

• Minimum of four (4) years of progressive experience leading and managing a team building custom technical solutions and implementing third-party products is required

• Extensive cybersecurity governance, risk management, and compliance leadership experience in a large complex business organization

• Detailed working knowledge and prior experience in building and maintaining risk management framework, risk management processes, and associated reporting models

• Experience developing and implementing third-party risk management frameworks and processes

• Experience and familiarity with cloud data security and working with public cloud solutions

• Experience working with a Governance Risk and Compliance tool

• Experience identifying, evaluating, and managing risk in a complex and changing global environment

• Experience developing or leading impactful cybersecurity awareness materials and campaigns at a global level

• Prior experience developing security standards and policies and discerning and designing an organization’s protection needs (i.e. security controls) for information systems and networks

• Experience with asset management

• Demonstrated ability to prioritize and execute tasks in a high-pressure environment

• Requires self-motivated approach to work with keen attention to detail

• A proactive goal achiever who innovates to go above and beyond expectations to get the job done and is comfortable working in a fast-paced, dynamic environment

• At least one of the following certifications is required or must be obtained within your first 12 months of employment: CISA, CISM, CRISC, or CISSP

• Deep understanding of cybersecurity and the relationship between threat, vulnerability, and information value in the context of governance, compliance, and risk management preferred.

• Knowledge of current industry methods for evaluating, implementing, and disseminating information technology (IT) security tools and procedures preferred.

• An understanding of emerging technology and digital trends and their impacts on cybersecurity preferred.

• High proficiency with common cybersecurity management frameworks, regulatory requirements, and industry leading practices

• Strong knowledge of third-party management leading practices and the potential cybersecurity risks involved in third-party relationships

• Strong knowledge of organizational training and education policies, processes, and procedures

• Deep understanding of risk-based decision-making (i.e. risk analysis, mitigation, resolution, acceptance, etc.)

• Experience with technical documentation related to PCI DSS, ISO 27001, NIST, SOC 2 and continuous monitoring

• Demonstrate strong verbal and written communication skills as well as strong analytical and problem-solving abilities

• Strong process design, time management and organizational skills

• Strong work ethic, leadership skills, initiative, and ownership of work

• Proven ability to build consensus and support across the organization

• Proven ability to communicate complex information, concepts, or ideas in a confident and well-organized manner through verbal, written, and/or visual means

Where You’ll Work:

• A state-of-the-art building with a modern-day, open environment in the heart of The District Detroit.

• A colleague fitness center, work café and an outdoor patio with grills.

• Over 60 different meeting spaces to help promote a collaborative environment.

All items listed above are illustrative and not comprehensive. They are not contractual in nature and are subject to change at the discretion of Little Caesars Enterprises Inc.

Little Caesar Enterprises, Inc. is an Equal Employment Opportunity employer. All qualified applicants will receive consideration for employment without regards to that individual’s race, color, religion or creed, national origin or ancestry, sex (including pregnancy), sexual orientation, gender identity, age, physical or mental disability, veteran status, genetic information, ethnicity, citizenship, or any other characteristic protected by law.

The Company will strive to provide reasonable accommodations to permit qualified applicants who have a need for an accommodation to participate in the hiring process (e.g., accommodations for a job interview) if so requested.

This company participates in E-Verify.