Director, Global Security Operations Center (GSOC)

The Director, Global Security Operations Center (GSOC) is responsible for leading McDonald’s 24/7/365 security monitoring, detection, and triage operations across three global locations spanning the United States, United Kingdom, and India. This role operates a follow-the-sun model that ensures continuous protection of McDonald’s global systems, data, and brand. 

Reporting to the Sr. Director, Cyber Defense, you are a peer to the Director of Threat Operations & Offensive Security, Director of Incident Response (CIRT), and Detection Engineering leadership. Together, this leadership team forms the Cyber Defense pillar within Global Cyber Security (GCS), delivering integrated detection, response, threat intelligence, and adversary validation services to McDonald’s markets worldwide. 

This role demands a technical leader who can operate at the intersection of hands-on security operations and executive-level program delivery. You must be comfortable with the demands of a 24/7 operation, including extended and non-standard working hours during major incidents and escalations. You will be responsible for building and developing a world-class defense team, maturing operational capabilities, driving measurable outcomes, and ensuring McDonald’s SOC operates as a best-in-class global capability. 

24/7 Security Operations and Service Delivery

• Own and lead 24/7/365 global security monitoring, alert triage, investigation, and escalation across regional SOC locations (US, UK, India) operating in a follow-the-sun model.
• Ensure consistent, high-quality event handling across all tiers (L1, L2, L3), maintaining adherence to service-level objectives, KPIs, and operational agreements.
• Manage the end-to-end lifecycle of security events from detection through triage, investigation, escalation to CIRT, and closure.
• Serve as the operational authority for GSOC service delivery, including onboarding new markets, log integration, and adoption of centralized monitoring services.
• Oversee and optimize the GSOC technology stack, including SIEM, SOAR, EDR and XDR, case management, and orchestration platforms.

Detection and Response Operations

• Drive continuous improvement in detection coverage, alert quality, triage accuracy, and response times (MTTD, MTTR) across the global SOC.
• Partner with Detection Engineering to operationalize detection content, validate alerts, reduce false positives, and align with the threat landscape.
• Coordinate with Incident Response (CIRT) to ensure seamless escalation and shared awareness during active incidents.
• Collaborate with Threat Operations and Offensive Security teams to integrate threat intelligence and validate defense coverage against adversary tactics.

Executive Communication and Metrics

• Develop and report GSOC metrics, KPIs, and SLOs to demonstrate performance, risk reduction, and business impact.
• Deliver program updates, business reviews, and risk briefings to technical and executive audiences, including CIO and CISO.
• Translate complex security events and trends into actionable insights and executive-level narratives.
• Maintain dashboards, reporting frameworks, and service performance documentation.

People Leadership and Team Development

• Lead and develop a global team of managers, senior analysts, and analysts across multiple regions.
• Recruit and retain cybersecurity talent while fostering technical excellence and accountability.
• Manage workforce planning, scheduling, and performance across a 24/7 operation.
• Provide hands-on mentorship to strengthen investigation, analysis, and response capabilities.
• Drive career development, training, and certification programs across all analyst levels.

Strategy, Program Maturity, and Cross-Functional Partnership

• Define and execute the GSOC strategic roadmap, including process improvements, automation, and AI-driven capabilities.
• Own the GSOC operating model and service playbook, ensuring clarity on roles and service boundaries globally.
• Partner with GRC, Cyber Market Engagement, and Legal or Privacy teams to ensure compliance across regions.
• Drive continuous improvement through lessons learned, incident reviews, and operational refinements.
• Evaluate and recommend new technologies and service models to enhance scalability and effectiveness.

Vendor and Partner Management

• Manage relationships with third-party providers, MSSPs, and technology partners supporting GSOC operations.
• Oversee vendor performance against SLAs and service expectations.
• Support onboarding and readiness of new security services across global markets.