Compliance and Risk Management Specialist

Position is hybrid / 4 days per week on site at Dearborn, MI

Skills Required:
Risk Assessment, Risk Management, Compliance Professional, Auditing, Information Security 1. Risk Assessment – Candidates must be able to perform targeted risk assessments that compare the company''s current security posture against the specific requirements mandated by various state agencies. This involves evaluating the risk of non-compliance and determining if the organization can meet security standards (such as NIST or CSF) often found in state-level questionnaires. 2. Risk Management – Candidates will manage the lifecycle of identified security deficiencies. If a questionnaire reveals a gap in state-mandated controls, you are expected to facilitate the development of a remediation plan. You must be able to document compensating controls and articulate the organization''s risk-handling strategy to state regulators to ensure business continuity and contract eligibility. 3. Compliance Professional – You will serve as the primary interpreter of diverse state cybersecurity regulations and frameworks (e.g., NYDFS, or CCPA/CPRA). 4. Auditing – You are expected to adopt an "audit-ready" approach to every questionnaire submission. This means you will not only provide answers but also identify and organize the necessary "artifacts" (evidence) to support those answers 5. Information Security - You are expected to translate complex technical architectures—such as zero-trust models, encryption protocols, and incident response procedures—into clear, concise responses that satisfy state-level security inquiries.
Experience Required:
Senior Specialist Exp: 7+ experience in relevant field.
Education Required:
Bachelor''s Degree
Additional Information :
***Position is hybrid / 4 days per week on site*** Regulatory Response Leadership: Lead the end-to-end management of regulatory cybersecurity assessments and questionnaires from local, state, and national government entities Quality: Strategic Consolidation of Global IT Regulatory Requirements Strategic Consulting: Act as a subject matter expert (SME) for Client Credit teams, providing guidance on IT security, risk mitigation, and control implementation Legal & Privacy Partnership: Collaborate closely with Credit Privacy and Compliance Attorneys to interpret and execute IT-related regulatory requirements Audit & Assessment Oversight: Facilitate and support internal/external audits, third-party consulting engagements, and comprehensive risk assessments Agile Governance: Maintain transparency and momentum by managing user stories and backlogs within JIRA, ensuring compliance activities are integrated into the broader technology roadmap