Director Third Party Governance & Compliance

Company Description:

McDonald’s new growth strategy, Accelerating the Arches, encompasses all aspects of our business as the leading global omni-channel restaurant brand. As the consumer landscape shifts we are using our competitive advantages to further strengthen our brand. One of our core growth strategies is to Double Down on the 3Ds (Delivery, Digital and Drive Thru). McDonald’s will accelerate technology innovation so 65M+ customers a day will experience a fast, easy experience, whether at one of our 25,000 and growing Drive Thrus, through McDelivery, dine-in or takeaway.

Leading this tech revolution is McDonald’s Global Technology organization made up of intrapreneurs who get to build really cool tech with scary smart people using the latest innovations like AI, IOT, and edge computing. We do this working along diverse, global teams who are always hungry for a challenge. It’s bonus points when you get to see your family and friends use the tech you build at their favorite McD restaurant.

This role will collaborate closely with cybersecurity experts, market leads, project managers, and Global Technology Solutions teams to ensure the reliable and efficient operation of McDonald’s security services. In addition, this role will be responsible for managing and collaborating with the support teams that handle tickets and other operational tasks for McDonald’s security services. This person will work closely with others in Global Technology Risk Management and other areas of Global Technology to ensure that our services are meeting the needs of markets, application teams, and other stakeholders.

Check out the Global Technology Technical Blog to learn how technology is directly enabling the Accelerating the Arches strategy.

Job Description:

The Director of Third Party Governance & Compliance ("Director") will lead global efforts to address cybersecurity and technology-related risks across our third party partners. The Director will develop a strategy and compliance program for validating third party adherence to McDonald’s security objectives. This includes establishing a governance framework, providing guidance and training, and efficiently validating compliance. To achieve this, the Director will build strong relationships with third party partners, align on common goals, and hold both parties accountable to achieving security results.

We’re seeking a hands-on leader with leadership, management, and technical experience, who is willing and able to lead by example for governance and compliance activities. The Director will lead, develop, and guide others, building a strong team that delivers high-impact results.

Accountabilities & Responsibilities:

• Lead the third party governance and compliance team, ensuring that global third party compliance activities are successfully completed on-time and on-budget.
• Support effective communication to boards and committees, conveying our goals and achievements succinctly to company and third party leaders.
• Lead regular activities, such as establishing third party governance strategy, related compliance scope, and developing the program components necessary to deliver results.
• Design effective metrics, reports, and automated data collection routines that enable an effective global, scalable third party compliance program.
• Provide thought-leadership on remediation, identifying lessons-learned across third parties, guiding other markets and facilitating learning activities.
• Assist with the creation and support of global remediation services for common theme issues across third parties, where appropriate.
• Innovate processes and delivery methods through activities such as automation and off-shoring, continuously improving the efficiency and effectiveness of the program.
• Anticipate and identify third party cybersecurity issues and challenges, raising the right issues and concerns timely.
• Partner with internal parties such as vendor management, supply chain, and third party risk, aligning on third party compliance scope, objectives, security requirements, remediation validation approach, and coordinating third party communication.
• Partner with internal third party assessment teams and third parties, ensuring that assessment results are effectively addressed and contributing on risks and future assessments topics.
• Participate in the department’s overall strategy, processes, and approaches, demonstrating strong overall cybersecurity and compliance domain knowledge.
• Work effectively with leadership and across departments and third parties, leveraging relationships to address priority issues and remediation effectively and timely.
• Provide relevant guidance to team members during work activities, providing real-time mentoring and coaching through clear guidance, instruction, and support.

 

Qualifications:

Required Qualifications

• Bachelor's degree in Engineering, Computer Science, Information Technology, or related field
• 10+ years of related work experience
• Proven ability to lead, motivate, influence and build relationships at al levels
• Demonstrates an obsession for high-quality work and for achieving outcomes
• Experience in leading and delivering risk and compliance activities and projects, including running compliance programs, managing third party risk, and conducting cybersecurity assessments
• Experience with standard organizational leadership activities such as budgeting, performance management, and preparing for engagement with boards and committees
• Experience developing teams, delivering high-quality work products, and communicating effectively with various partners (e.g., technology teams, audit, senior management)
• Strong cybersecurity governance and compliance knowledge, including familiarity with relevant frameworks and how to leverage them to address priority cybersecurity risks

Preferred Qualifications

• Leadership role performing third party cybersecurity governance and compliance at a comparable organization
• Master’s degree and other advanced education preferred
• Professional credentials preferred (OSCP, CRTO, CISSP, CEH, CIPT, CDPSE, CISA, or comparable).

Additional Information:

All your information will be kept confidential according to EEO guidelines.