Senior Manager of Cybersecurity Governance & Compliance

Company Description:

McDonald’s new growth strategy, Accelerating the Arches, encompasses all aspects of our business as the leading global omni-channel restaurant brand. As the consumer landscape shifts we are using our competitive advantages to further strengthen our brand. One of our core growth strategies is to Double Down on the 3Ds (Delivery, Digital and Drive Thru). McDonald’s will accelerate technology innovation so 65M+ customers a day will experience a fast, easy experience, whether at one of our 25,000 and growing Drive Thrus, through McDelivery, dine-in or takeaway.

Leading this tech revolution is McDonald’s Global Technology organization made up of intrapreneurs who get to build really cool tech with scary smart people using the latest innovations like AI, IOT, and edge computing. We do this working along diverse, global teams who are always hungry for a challenge. It’s bonus points when you get to see your family and friends use the tech you build at their favorite McD restaurant.

This role will collaborate closely with cybersecurity experts, market leads, project managers, and Global Technology Solutions teams to ensure the reliable and efficient operation of McDonald’s security services. In addition, this role will be responsible for managing and collaborating with the support teams that handle tickets and other operational tasks for McDonald’s security services. This person will work closely with others in Global Technology Risk Management and other areas of Global Technology to ensure that our services are meeting the needs of markets, application teams, and other stakeholders.

Check out the Global Technology Technical Blog to learn how technology is directly enabling the Accelerating the Arches strategy.

Job Description:

The Senior Manager of Cybersecurity Governance & Compliance will lead global efforts to address cybersecurity and technology-related regulatory and compliance challenges. The Senior Manager will help identify critical risks, align global compliance goals, train and assist partners, and provide guidance and leadership to contribute towards broader cybersecurity objectives. 

The role will be focused initially on compliance to address data privacy risks, ensuring that processes and controls comply with privacy laws and regulations globally. The Senior Manager will help build and deploy global, automated privacy controls to corporate functions and markets, monitor compliance, drive remediation efforts, and partner with legal to remain aligned with privacy requirements. The Senior Manager will provide a global view of data privacy controls and risks to leadership and reduce privacy related risks to the organization.

We’re seeking a hands-on leader with both project management and technical experience who can lead by example. The Senior Manager should demonstrate the ability to lead, develop, and guide others, building a strong team that delivers high-impact results.

Accountabilities & Responsibilities:

• Lead the privacy compliance portion of our Global Cybersecurity Compliance team, ensuring that privacy compliance activities are successfully completed to meet privacy compliance objectives.
• Manage regular compliance-related activities, such as finalizing compliance scope, updating policy content, delivering training, and driving remediation tracking.
• Help design effective metrics, reports, and automated data collection routines that enable an effective global, scalable compliance program.
• Provide thought-leadership on remediation, identifying lessons-learned across markets, guiding other markets and facilitating cross-market learning.
• Assist with the creation and support of global remediation services for common theme issues across markets, where appropriate.
• Contribute to automation and off-shoring of control activities, increasing the efficiency, effectiveness, and scalability of the privacy compliance program.
• Anticipate and identify control issues and risk challenges, assisting with the long-term privacy compliance strategy.
• Partner with all relevant parties for privacy compliance, setting privacy objectives, enhancing the risk and control set, influencing the remediation validation approach, handling key communications, and supporting re-assessment activities.
• Partner with assessment teams, including Legal Privacy, Data Governance, Internal Audit, and third parties, ensuring that assessment results are effectively addressed and contributing on risks and future assessments topics.
• Actively participate in the department’s strategy, processes, and approaches, demonstrating strong cybersecurity and compliance domain knowledge.
• Work effectively with leadership on compliance and risk topics, helping align our efforts with leaders and gain support to address issues and improve the control environment.
• Earn trust with leadership by efficiently running sensitive risk and audit discussions, communications, and work.
• Provide relevant hands-on guidance to team members during work activities, providing real-time mentoring and coaching through clear guidance, instruction, and support.

Qualifications:

Required Qualifications

• Live the McDonald’s values every day: Serve, Inclusion, Integrity, Community, and Family.
• Bachelor's degree in Engineering, Computer Science, Information Technology, or related field
• 6+ years of related work experience
• Strong familiarity with data privacy and common privacy laws (e.g. GDPR, CCPA, CPRA), including conducting privacy data discovery and data privacy assessment activities
• Experience delivering and leading risk and compliance activities and projects, potentially including cybersecurity assessments and technology risk audits
• Experience developing teams, delivering high-quality work products, and communicating effectively with various partners (e.g., technology teams, audit, senior management)
• Strong familiarity with security controls and frameworks, such as NIST CSF and ISO 27001
• Ability to lead through influence and build relationships through collaboration

Preferred Qualifications

• Experience running a privacy compliance program
• Privacy-related professional credentials preferred (IAPT, IAPP, CDPSE, or comparable)
• Strong familiarity with cybersecurity risks and threats, as well as the MITRE framework
• Experience with programming, scripting, and technical solution design and development
• Strong knowledge across IT processes such as security operations, program management, security administration, system operations, change management, modern development (e.g., DevOps, Agile), data governance, privacy, and incident/problem management
• Master’s degree and additional degrees preferred

Additional Information:

McDonald’s is committed to providing qualified individuals with reasonable accommodations to perform the essential functions of their jobs. Additionally, if you (or another applicant of whom you are aware) require assistance accessing or reading this job posting or otherwise seek assistance in the application process, please contact recruiting.supportteam@us.mcd.com

McDonald’s provides equal employment opportunities to all employees and applicants for employment and prohibits discrimination and harassment of any type without regard to sex, sex stereotyping, pregnancy (including pregnancy, childbirth, and medical conditions related to pregnancy, childbirth, or breastfeeding), race, color, religion, ancestry or national origin, age, disability status, medical condition, marital status, sexual orientation, gender, gender identity, gender expression, transgender status, protected military or veteran status, citizenship status, genetic information, or any other characteristic protected by federal, state or local laws. This policy applies to all terms and conditions of employment, including recruiting, hiring, placement, promotion, termination, layoff, recall, transfer, leaves of absence, compensation and training.

Nothing in this job posting or description should be construed as an offer or guarantee of employment.