Specialist, Governance, Risk & Compliance

Department Overview

We are moving fast and are adding to our best-in-class team and joining McDonald's means thinking big every day and preparing for a career that will have a global impact. We are customer-obsessed, committed to being leaders in our industry, and believe we are better when we work together. Over the last several years, we have launched home delivery, radically improved the digital experiences of our restaurants, introduced mobile pay, and have so much more to come. These critical initiatives require strong leadership to ensure resilient security posture and compliance with policies, standards, regulatory requirements, and best practices.

McDonald’s is investing heavily in technology to drive our growth. We’re looking at how to use technology to improve the customer journey and build new customer experiences. We’re also exploring technologies that can help us reduce or eliminate repetitive tasks and make employees’ jobs more exciting and rewarding. With all the new projects and initiatives, it is an exciting time to be on the cybersecurity team, helping to make a safer and better McDonald's!

Duties

• Maintain a deep understanding of industry risk trends and McDonald’s business strategies to identify security risks and concerns.
• Conduct comprehensive third-party security risk assessments to uncover potential vulnerabilities.
• Communicate and prioritize security risks across the organization; validate remediation efforts and timelines.
• Partner with stakeholders to implement security controls and risk mitigation strategies aligned with McDonald’s policies and standards.
• Manage intake and prioritization of new risk assessments across the enterprise.
• Map and report risks against industry frameworks (e.g., NIST, ISO) to highlight opportunities for improvement.
• Develop metrics, identify trends, and drive visibility into the business value of risk management activities.
• Advise global technology and business leaders on security best practices, risk analysis, and mitigation strategies.
• Create and maintain process documentation, including workflows, process maps, and controls.

Qualifications

• Bachelor’s Degree in Risk Management, GRC, Internal Audit, Third-Party Risk Management, Compliance, Cybersecurity, or related fields.
• 1 - 3 years of experience in Information/Technology Risk Management, Supply Chain Risk Management, Third-Party Risk Management, and/or Global Regulatory Compliance.
• Strong written and verbal communication skills. Proficiency in technical writing and creative communication for diverse audiences.
• Ability to build and maintain professional relationships across diverse teams.
• Detail-oriented with excellent project management, report writing, and presentation skills.
• Skilled at translating technical concepts for business stakeholders.
• Passion for process improvement and continuous enhancement.
• Familiarity with multinational organizations and distributed business models.
• Understanding of compliance, risk, and control frameworks (e.g., NIST, PCI, ISO, COBIT, CIS).
• Experience with GRC platforms (e.g., ServiceNow, OneTrust, RSA Archer).
• Ability to prioritize effectively and make sound decisions based on business needs.

Preferred Qualifications

• Professional certifications (or willingness to obtain): Security+, CIA, CISA, CISM, CRISC, CISSP, PMP.

Compensation

Bonus Eligible: Yes

Long - Term Incentive: No

Benefits Eligible: Yes

Salary Range

The expected salary range for this role is $84,051.00 - $105,064.00 per year
 
The above represents the expected salary range for this job requisition. Ultimately, in determining your pay, we may also consider your experience, and other job-related factors.