• Develop, implement, administer, and enforce the firm’s compliance program in accordance with Rule 206(4)-7 under the Investment Advisers Act of 1940 (the “Advisers Act”) and all other applicable federal and state securities laws and regulations. • Serve as the firm’s primary point of contact with the U.S. Securities and Exchange Commission, state securities regulators, and other regulatory bodies. • Design, implement, and maintain the firm’s written compliance policies and procedures reasonably designed to prevent violations of the Advisers Act and rules thereunder. • Conduct at least an annual review of the adequacy of the firm’s compliance policies and procedures and the effectiveness of their implementation, and document the results of that review. • Identify and assess regulatory risks across all business activities and develop controls to mitigate those risks. • Maintain and update the firm’s compliance manual to reflect changes in applicable laws, regulations, SEC staff guidance, and business operations. • Oversee the firm’s Code of Ethics, including pre-clearance and reporting of personal securities transactions, gifts and entertainment, outside business activities, and political contributions. • Oversee the preparation, review, and timely filing of Form ADV Parts 1, 2A (Brochure), 2B (Brochure Supplements), and Form CRS, including annual amendments and interim updates. • Ensure timely filings on any such applicable regulatory filings/ requirements including Form ADV, Form 13F, Form 13H, U4s, and U5s. • Serve as the primary liaison with the SEC’s Division of Examinations (formerly OCIE) and state securities regulators during routine examinations, inquiries, and investigations. • Develop and deliver initial and ongoing compliance training for all employees, including investment professionals, operations staff, and senior management.

• Program Ownership : Lead the IT SOX program and design, implement, and test IT General Controls (ITGCs), IT Application controls (ITACs) and Key Reports (IPE) across our enterprise applications, databases, and infrastructure. • Audit Management : Serve as the primary "translator" between technical teams and external auditors, ensuring evidence is accurate, timely, and defensible. • Deficiency Management: Lead the root-cause analysis for any control failures and partner with stakeholders to build long-term, remediation plans. • Healthcare Compliance (HIPAA): Act as the technical SME for the HIPAA Security Rule, ensuring controls protect PHI, including controls monitoring and providing guidance to management for new systems. • International Resilience (NIS2): Lead the alignment of our security posture with the NIS2 Directive, focusing on key areas in the directive for our European operations. • Strategic Risk Assessments: Conduct deep-dive risk assessments for new technologies and vendors, ensuring compliance is baked in from the procurement stage. • Program Development: Manage the security awareness program that goes beyond "check-the-box" training. You will create engaging content for diverse audiences, from senior leadership to staff. • Policy Promotion: Translate dense Information Security Policies into digestible, actionable "good practices" for IT administrators and data owners. • Culture Building: Design targeted communication campaigns to increase internal reporting of security incidents and reinforce the importance of compliance.

• Lead SAP GRC implementation and enhancement projects. • Act as the Tax Reform governance lead within GRC, assessing SoD and compliance risks related to new tax processes. • Update risk matrices and controls in line with Brazilian Tax Reform changes. • Disseminate compliance and Tax Reform knowledge to business and IT teams. • Configure and support SAP GRC Access Control (ARA, ARM, BRM, EAM). • Lead role redesign and authorization reviews during transformation initiatives. • Support audit requirements and internal control improvements. • Collaborate with FI, MM, and SD teams during process redesign.

Build a Bigger, Better, Bolder Future: Imagine working for a company that measures its success based off the growth of its colleagues, a company that invests in its future by investing in you. Little Caesars is a company where our colleagues make an impact. Your Mission: The Cybersecurity Governance, Risk, and Compliance Manager will drive and manage the enterprise-wide Governance, Risk, and Compliance capabilities regarding information management, risk management, policies & standards, and internal/external compliance. The manager will lead a team that will design, develop, document, and communicate Governance, Risk, and Compliance related policies, standards, and procedures and is a key enabler in driving consistency across LCE. More specifically, the Governance, Risk, and Compliance Manager will be responsible for the design and development of robust operational capabilities in support of risk management (including third parties), compliance, and security training and awareness. In this role, the Manager will also offer guidance, consultations, and decision support for ad hoc requests and inquiries. The Manager will oversee the enterprise-wide Governance, Risk, and Compliance function to ensure key compliance metrics and reports are consistently generated, aggregated, and reported to senior management and other executive stakeholders. This position must be able to work on the development of a cybersecurity risk framework, implantation of policies, and security awareness program, as well as identifying and monitoring security compliance requirements. This position will interface with all levels of the organization and have access to security-sensitive information. How You’ll Make an Impact: - Drive compliance leadership and engagement with the stakeholder operations teams to ensure the timely identification of cyber risk across markets as well as compliance with all appropriate regulatory requirements and internal cybersecurity policies and standards - Develop and implement a cybersecurity risk assessment framework/methodology, standards, guidelines, and procedures with KPIs and coordinate the assessment across all business verticals - Develop and oversee the adoption of a global cybersecurity policies and standards framework. In addition, ensure these global policies and standards (and any exceptions to them) are maintained current and relevant, and appropriately managed over their lifecycle - Collaborate with Legal and Corporate Data Protection functions in the interpretation of regulatory requirements and compliance expectations, and ensure cybersecurity and regulatory requirements are properly addressed in third party contracts - Lead the development of a high-value asset framework, information management controls to drive the proper application of security controls in a manner that is commensurate with the associated risks - Lead the development of and oversee a global cybersecurity training, education, and awareness program - Lead a strong team of professionals assigned to major initiatives ensuring dependable and responsive support to the organization - Maintaining up-to-date, detailed knowledge of the IT security industry including awareness of new or improved security solutions and policies, processes, and procedures. Share and educate colleagues to mature the organization - Develop and manage compliance metrics within the governance risk and compliance system, and report on the effectiveness of governance and compliance activities by collecting and aggregated key risk and compliance metrics - Responsible for hiring, training, performance management, and corrective actions for direct reports. Collaborate with team members on career development and goal setting Who You Are: - Bachelors’ degree in Information Management, Information Security, Computer Engineering, Computer Science, or other closely related disciplines. Equivalent experience may be considered in lieu of a formal degree - Minimum of seven (7) years of experience in cybersecurity related functions, risk management, audit, risk assurance, compliance, or similar area - Minimum of four (4) years of progressive experience leading and managing a team building custom technical solutions and implementing third-party products is required - Extensive cybersecurity governance, risk management, and compliance leadership experience in a large complex business organization - Detailed working knowledge and prior experience in building and maintaining risk management framework, risk management processes, and associated reporting models - Experience developing and implementing third-party risk management frameworks and processes - Experience and familiarity with cloud data security and working with public cloud solutions - Experience working with a Governance Risk and Compliance tool - Experience identifying, evaluating, and managing risk in a complex and changing global environment - Experience developing or leading impactful cybersecurity awareness materials and campaigns at a global level - Prior experience developing security standards and policies and discerning and designing an organization’s protection needs (i.e. security controls) for information systems and networks - Experience with asset management - Demonstrated ability to prioritize and execute tasks in a high-pressure environment - Requires self-motivated approach to work with keen attention to detail - A proactive goal achiever who innovates to go above and beyond expectations to get the job done and is comfortable working in a fast-paced, dynamic environment - At least one of the following certifications is required or must be obtained within your first 12 months of employment: CISA, CISM, CRISC, or CISSP - Deep understanding of cybersecurity and the relationship between threat, vulnerability, and information value in the context of governance, compliance, and risk management preferred. - Knowledge of current industry methods for evaluating, implementing, and disseminating information technology (IT) security tools and procedures preferred. - An understanding of emerging technology and digital trends and their impacts on cybersecurity preferred. - High proficiency with common cybersecurity management frameworks, regulatory requirements, and industry leading practices - Strong knowledge of third-party management leading practices and the potential cybersecurity risks involved in third-party relationships - Strong knowledge of organizational training and education policies, processes, and procedures - Deep understanding of risk-based decision-making (i.e. risk analysis, mitigation, resolution, acceptance, etc.) - Experience with technical documentation related to PCI DSS, ISO 27001, NIST, SOC 2 and continuous monitoring - Demonstrate strong verbal and written communication skills as well as strong analytical and problem-solving abilities - Strong process design, time management and organizational skills - Strong work ethic, leadership skills, initiative, and ownership of work - Proven ability to build consensus and support across the organization - Proven ability to communicate complex information, concepts, or ideas in a confident and well-organized manner through verbal, written, and/or visual means Where You’ll Work: - A state-of-the-art building with a modern-day, open environment in the heart of The District Detroit. - A colleague fitness center, work café and an outdoor patio with grills. - Over 60 different meeting spaces to help promote a collaborative environment. All items listed above are illustrative and not comprehensive. They are not contractual in nature and are subject to change at the discretion of Little Caesars Enterprises Inc. Little Caesar Enterprises, Inc. is an Equal Employment Opportunity employer. All qualified applicants will receive consideration for employment without regards to that individual’s race, color, religion or creed, national origin or ancestry, sex (including pregnancy), sexual orientation, gender identity, age, physical or mental disability, veteran status, genetic information, ethnicity, citizenship, or any other characteristic protected by law. The Company will strive to provide reasonable accommodations to permit qualified applicants who have a need for an accommodation to participate in the hiring process (e.g., accommodations for a job interview) if so requested. This company participates in E-Verify. Click on any of the links below to view or print the full poster. E-Verify and Right to Work. PRIVACY POLICY