Cybersecurity Governance and Compliance Specialist

About The Position

Requirements

• Proven ability to work independently and take ownership of compliance and governance functions.
• Strong understanding of cybersecurity risk management, control frameworks, and compensating control strategies.
• 5+ years of hands-on experience in cybersecurity governance, risk, and compliance roles including PCI DSS and ITGC.
• Demonstrated success in leading enterprise compliance programs and managing audits end-to-end.
• Deep knowledge of control frameworks such as NIST.
• Proficiency with GRC platforms (e.g., ServiceNow), audit documentation, and evidence management.
• Familiarity with cloud security (e.g., Azure) and enterprise IT environments.
• Excellent communication skills with the ability to influence and educate across technical and non-technical teams.

Nice To Haves

• Certifications such as CISA, CISM, CISSP, CRISC, or PCI ISA.
• Experience with frameworks like NIST CSF, ISO 27001, SOC 2, and GDPR.
• Demonstrated success in leading audit engagements and driving remediation efforts.

Responsibilities

• Lead Compliance Initiatives: Own and drive compliance programs including PCI DSS, ITGC, and other regulatory frameworks. Ensure controls are implemented, monitored, and continuously improved.
• Risk Assessment & Control Design: Conduct thorough cyber risk assessments, identify control gaps, and recommend effective compensating controls that align with business objectives and risk appetite.
• Audit Readiness & Execution: Prepare for and lead internal and external audits. Ensure evidence collection, documentation, and remediation tracking are complete and audit-ready.
• Policy & Standards Development: Author and maintain cybersecurity policies, standards, and procedures that reflect current regulatory expectations and industry best practices.
• Metrics & Reporting: Develop and maintain dashboards and metrics within GRC platforms to track compliance posture, control effectiveness, and risk trends.
• Cross-Functional Collaboration: Partner with infrastructure, cloud, QA, and security teams to embed compliance into system design, change management, and operational workflows.
• Security Awareness & Training: Deliver targeted training and guidance to business and technical stakeholders on compliance obligations and secure practices.
• Vulnerability & Control Monitoring: Oversee vulnerability remediation and ITGC control performance, including access reviews, logging, and backup validation.

Benefits

• Full time colleagues qualify for a variety of benefits, including medical, dental, and vision insurance, 401(k) with company match, paid holidays and paid time off, legal and counseling services, flexible spending accounts, disability and adoption benefits, and more.
• Colleagues also enjoy the perks of being associated with professional sports teams and have access to events at Little Caesars Arena and Comerica Park in our hometown of Detroit, Michigan.