Job Summary:
We are seeking a highly driven and autonomous Governance and Compliance Specialist to lead and mature our cybersecurity compliance and risk management initiatives. This role demands a proactive professional with deep expertise in regulatory frameworks, risk assessment, and compensating controls—someone who can operate independently, influence cross-functional teams, and elevate our governance posture without constant oversight.

Key Responsibilities:

• Lead Compliance Initiatives: Own and drive compliance programs including PCI DSS, ITGC, and other regulatory frameworks. Ensure controls are implemented, monitored, and continuously improved.
• Risk Assessment & Control Design: Conduct thorough cyber risk assessments, identify control gaps, and recommend effective compensating controls that align with business objectives and risk appetite.
• Audit Readiness & Execution: Prepare for and lead internal and external audits. Ensure evidence collection, documentation, and remediation tracking are complete and audit-ready.
• Policy & Standards Development: Author and maintain cybersecurity policies, standards, and procedures that reflect current regulatory expectations and industry best practices.
• Metrics & Reporting: Develop and maintain dashboards and metrics within GRC platforms to track compliance posture, control effectiveness, and risk trends.
• Cross-Functional Collaboration: Partner with infrastructure, cloud, QA, and security teams to embed compliance into system design, change management, and operational workflows.
• Security Awareness & Training: Deliver targeted training and guidance to business and technical stakeholders on compliance obligations and secure practices.
• Vulnerability & Control Monitoring: Oversee vulnerability remediation and ITGC control performance, including access reviews, logging, and backup validation.

Required Knowledge, Skills and Abilities:

• Proven ability to work independently and take ownership of compliance and governance functions.
• Strong understanding of cybersecurity risk management, control frameworks, and compensating control strategies.
• Minimum 2 years of hands-on experience in cybersecurity compliance, including PCI DSS and ITGC.
• Proficiency with GRC platforms (e.g., ServiceNow), audit documentation, and evidence management.
• Familiarity with cloud security (e.g., Azure) and enterprise IT environments.
• Excellent communication skills with the ability to influence and educate across technical and non-technical teams.

Preferred Knowledge, Skills and Abilities:

• Certifications such as CISA, CISM, CISSP, CRISC, or PCI ISA.
• Experience with frameworks like NIST CSF, ISO 27001, SOC 2, and GDPR.
• Demonstrated success in leading audit engagements and driving remediation efforts.

Disclaimer:
The above is intended to describe the general content of and requirements for the performance of this job. It is not to be construed as an exhaustive statement of duties, responsibilities, or requirements.
All items listed above are illustrative and not comprehensive. They are not contractual in nature and are subject to change at the discretion of Little Caesars Enterprises Inc.
Little Caesar Enterprises, Inc. is an Equal Employment Opportunity employer. All qualified applicants will receive consideration for employment without regards to that individual’s race, color, religion or creed, national origin or ancestry, sex (including pregnancy), sexual orientation, gender identity, age, physical or mental disability, veteran status, genetic information, ethnicity, citizenship, or any other characteristic protected by law.
The Company will strive to provide reasonable accommodations to permit qualified applicants who have a need for an accommodation to participate in the hiring process (e.g., accommodations for a job interview) if so requested.
This company participates in E-Verify.

• Lead Compliance Initiatives: Own and drive compliance programs including PCI DSS, ITGC, and other regulatory frameworks. Ensure controls are implemented, monitored, and continuously improved.
• Risk Assessment & Control Design: Conduct thorough cyber risk assessments, identify control gaps, and recommend effective compensating controls that align with business objectives and risk appetite.
• Audit Readiness & Execution: Prepare for and lead internal and external audits. Ensure evidence collection, documentation, and remediation tracking are complete and audit-ready.
• Policy & Standards Development: Author and maintain cybersecurity policies, standards, and procedures that reflect current regulatory expectations and industry best practices.
• Metrics & Reporting: Develop and maintain dashboards and metrics within GRC platforms to track compliance posture, control effectiveness, and risk trends.
• Cross-Functional Collaboration: Partner with infrastructure, cloud, QA, and security teams to embed compliance into system design, change management, and operational workflows.
• Security Awareness & Training: Deliver targeted training and guidance to business and technical stakeholders on compliance obligations and secure practices.
• Vulnerability & Control Monitoring: Oversee vulnerability remediation and ITGC control performance, including access reviews, logging, and backup validation