Cybersecurity Engineer III - Governance, Risk & Compliance

Company Description:

McDonald’s new growth strategy, Accelerating the Arches, encompasses all aspects of our business as the leading global omnichannel restaurant brand. As the consumer landscape shifts, we are using our competitive advantages to further strengthen our brand. One of our core growth strategies is to Double Down on the 3Ds (Delivery, Digital, and Drive Thru). McDonald’s will accelerate technology innovation so 65M+ customers a day will experience a fast, easy experience, whether at one of our 25,000 and growing Drive Thrus, through McDelivery, dine-in, or takeaway.

Leading this tech revolution is McDonald’s Global Technology organization made up of intrapreneurs who get to build really cool tech with scary smart people using the latest innovations like AI, IoT, and edge computing. We do this by working along diverse, global teams who are always hungry for a challenge. It’s bonus points when you get to see your family and friends use the tech you build at their favorite McD restaurant.

As we have matured as an engineering organization and seen the demands for technology grow exponentially, we’re gearing up to deliver on the next set of opportunities for the business. We are building up an engineering team in-house accountable for our strategic products. We’ll have diverse squads made up of engineers with traditional and specialized skill sets, both from internal engineers coupled with our partners, to help us flex with demand and solve technology innovation challenges done at an incredible scale.

Check out the Global Technology Technical Blog to learn how technology is directly enabling the Accelerating the Arches strategy.

Job Description:

We are seeking a highly skilled Cybersecurity Engineer III to join our GRC team. In this role, you will play a pivotal part in ensuring the security, compliance, and risk management of our organization. You will provide technical support, maintain our GRC platform, and implement and engineer innovative solutions to enhance our security posture.

Key Responsibilities

• Platform Support: Provide technical support and fixing for our GRC platform, currently OneTrust GRC.
• User Management: Run user access and permissions within the GRC platform, ensuring appropriate authorization levels.
• Solution Development: Design, develop, engineer and configure GRC solutions, such as TPRM, Risk & Control, Privacy Risk Assessments and Compliance Automation.
• Automation: Automate routine tasks and processes to improve efficiency and reduce manual effort.
• Integration: Integrate the GRC platform with other systems and applications using APIs and other technologies.
• Reporting and Analytics: Develop and maintain detailed reports and dashboards to monitor important data and recognize patterns.
• Continuous Improvement: Find opportunities to improve GRC platform automation and implement improvements.

Benefits eligible: Yes
Bonus eligible: Yes
Long term incentive eligible: Yes
The expected salary range for this role is $129,800.00 - $165,490.00
The above represents the expected salary range for this job requisition. Ultimately, in determining your pay, we may also consider your experience, and other job-related factors.

Qualifications:

• 3+ years of experience in information security, cybersecurity, privacy, risk management, or compliance fields.
• Strong understanding of GRC concepts, architectures, and standard processes.
• Hands-on experience with OneTrust GRC and/or ServiceNow GRC, Archer GRC platforms.
• Proficiency in scripting languages (e.g., Python, PowerShell) and API integrations.
• Strong analytical and problem-solving skills.
• Excellent communication and interpersonal skills.
• Ability to work independently and as part of a team.
• Relevant certifications such as CISSP, CRISC, CISA, CISM, or ServiceNow/OneTrust certifications are a plus.

What We Offer

• Opportunities for professional growth and development.
• A collaborative and supportive work environment.
• The chance to work on cutting edge GRC initiatives.

If you are a highly motivated and skilled cybersecurity engineer with a passion for GRC, we encourage you to apply.

Additional Information:

Benefits eligible: This position offers health and welfare benefits, a 401(k) plan, adoption assistance program, educational assistance program, flexible ways of working, and time off policies (including sick leave, parental leave, and vacation/PTO). Eligibility requirements apply to some benefits and may depend on job classification and length of employment. 

Bonus eligible: This position is eligible for a bonus, calculated based on individual and company performance.

Long term Incentive eligible: This position is eligible for stock or other equity grants pursuant to McDonald’s long-term incentive plan.

McDonald’s is an equal opportunity employer committed to the diversity of our workforce. We promote an inclusive work environment that creates feel-good moments for everyone. McDonald’s provides reasonable accommodations to qualified individuals with disabilities as part of the application or hiring process or to perform the essential functions of their job. If you need assistance accessing or reading this job posting or otherwise feel you need an accommodation during the application or hiring process, please contact mcdhrbenefits@us.mcd.com. Reasonable accommodations will be determined on a case-by-case basis.

McDonald’s provides equal employment opportunities to all employees and applicants for employment and prohibits discrimination and harassment of any type without regard to sex, sex stereotyping, pregnancy (including pregnancy, childbirth, and medical conditions related to pregnancy, childbirth, or breastfeeding), race, color, religion, ancestry or national origin, age, disability status, medical condition, marital status, sexual orientation, gender, gender identity, gender expression, transgender status, protected military or veteran status, citizenship status, genetic information, or any other characteristic protected by federal, state or local laws. This policy applies to all terms and conditions of employment, including recruiting, hiring, placement, promotion, termination, layoff, recall, transfer, leaves of absence, compensation and training.

Nothing in this job posting or description should be construed as an offer or guarantee of employment.