Senior Manager-Tech Governance & Compliance
McDonald’s evolving Accelerating the Arches growth strategy puts our customers and people first, and leverages our competitive advantages to strengthen our brand. We are recognized on lists like Fortune’s Most Admired Companies and Fast Company’s Most Innovative Companies.
Doubling Down on the 4Ds (Delivery, Digital, Drive Thru, and Development)
Our growth pillars emphasize the important role technology plays as the leading, global omni-channel restaurant brand. Technology enables the organization through digital technology, and improving the customer, crew and employee experience each and every day.
Global Technology forging the way
Leading the digitization of our business is the Technology organization made up of intrapreneurs who build industry defining tech using the latest innovations and platforms, like AI and edge computing to deliver on the next set of cutting-edge opportunities for the business. At McDonald’s you get to solve technology innovation challenges at an incredible scale, and work across global teams who are always hungry for a challenge. This provides access to exciting career paths for technologists. It’s bonus points when you get to see your family and friends use the tech you build at their favorite McD restaurant.Job Description:
The Senior Manager of Cybersecurity Governance & Compliance will lead global efforts to address cybersecurity and technology-related regulatory and compliance challenges. The Senior Manager will help identify the most critical risks and compliance challenges, align with partners on their risk and compliance goals, perform assessments, report on non-compliance, and provide the guidance and leadership vital to help partners to achieve their objectives. will
The role will be focused initially on compliance with internal controls that address cybersecurity risks, helping both global and local leaders to enhance control effectiveness and efficiency. The Senior Manager will run efforts to collate global controls feedback and assessment results, ensure remediation plans are appropriate, and validate that markets remediate issues in a timely and effective manner. The Senior Manager will improve the global processes for intake, tracking, and closure of control issues.
The Senior Manager will demonstrate strong risk and control experience, effective client engagement, and ability to guide and develop analysts.
The Senior Manager will develop our internal cybersecurity control services, including program documentation, metrics, reporting, and automated tracking. The ideal candidate will demonstrate experience in identifying and developing effective metrics, building and driving scalable, global solutions, and building reports and automation. The Senior Manager will have strong knowledge of cybersecurity risk and compliance.
Accountabilities & Responsibilities:
- Own the cybersecurity internal control compliance portion of Global Cybersecurity Compliance team, ensuring that activities are optimally completed on-time and on-budget across global markets.
- Lead regular compliance-related activities, such as finalizing compliance scope, updating policy content, delivering training, and driving remediation tracking.
- Design effective metrics, reports, and automated data collection routines that enable an effective global, scalable compliance program.
- Provide thought-leadership on remediation, identifying lessons-learned across markets, guiding other markets and facilitating cross-market learning.
- Assist with the creation and support of global remediation services for common theme issues across markets, where appropriate.
- Drive automation and off-shoring of control activities, growing the efficiency, effectiveness, and scalability of the internal control compliance program.
- Anticipate and identify control issues and risk challenges, assisting with the long-term internal control strategy.
- Partner with all parties for internal control compliance, setting scope and objectives, improving the risk and control set, influencing the remediation validation approach, handling key communications, and supporting re-assessment activities.
- Partner with assessment teams, including Offensive Security, Internal Audit, and third parties, ensuring that assessment results are effectively addressed.
- Actively participate in the department’s strategy, processes, and approaches, demonstrating strong cybersecurity and compliance domain knowledge.
- Work successfully with leadership on compliance and risk topics, helping align our efforts with leaders and gain support to address issues and improve the control environment.
- Earn trust with leadership by efficiently running critical risk and audit discussions, communications, and work.
- Lead and be responsible for an effective Internal Controls team, including management of third-party personnel.
- Provide relevant hands-on mentorship to direct reports during work activities, and mentoring through clear guidance, instruction, and support.
- Live the McDonald’s values every day: Serve, Inclusion, Integrity, Community, and Family.
- Bachelor's degree in Engineering, Computer Science, Information Technology, or related field
- 8+ years of related work experience in delivering and leading risk and compliance activities and projects, potentially including cybersecurity assessments and technology risk audits
- Experience developing teams, delivering high-quality work products, and presenting reliably with various partners (e.g., technology teams, audit, senior management)
- Familiarity with information technology, business processes, and familiarity with frameworks such as MITRE ATT&CK, NIST, PCI, ISO, SOX, and local and global data privacy laws (e.g. GDPR, CCPA, CPRA)
- Shown to lead through influence and establish relationships through collaboration
- Experience with programming, scripting, and technical solution design and development
- Master’s degree or equivalent experience and additional degrees preferred
- Solid understanding across IT processes such as security operations, program management, security administration, system operations, organizational change, modern development (e.g., DevOps, Agile), data governance, privacy, and incident/problem management
- Professional credentials preferred (OSCP, CRTO, CISSP, CEH, CIPT, CDPSE, CISA, or comparable).
All your information will be kept confidential according to EEO guidelines.