Technology Risk and Compliance Analyst

Company Description:

McDonald's is the largest family restaurant in the world, serving approximately 69 million customers across 36,000 restaurants a day: in more than 100 countries. The UK & Ireland market is one of the most successful entities across the wider business, serving on average 4 million people a day. It has operated in UK since 1974 and the business is growing continuously with more than 1,400 restaurants and over 154,000 employees.

McDonald’s UK & Ireland has a proven track record of investing in the development of its employees and offering flexibility as part of its dedication to being a modern and progressive company. Every year, it invests over £40 million in developing people, giving every one of its employees the opportunity to take part in structured training.

McDonald’s buys ingredients from over 17,500 British and Irish farmers and spends over £1.1billion annually on its food and packaging requirements. McDonald’s is committed to supporting British and Irish farmers to ensure it can continue to source many of its ingredients from the UK and Ireland.

McDonald’s is a market leader in its field, striving for the highest standard of quality, speed and restaurant experience. Re-generation of our restaurant infrastructure, covering digital ordering, re-imaging and dual-point service make working at McDonald’s more exciting than ever!

We are dedicated to using our scale for good: good for people, our industry and the planet. From bold recycling initiatives and sustainable sourcing efforts to our partnership with Ronald McDonald House Charities, we see every day as a chance to have a genuine impact on our customers, our people and our partners.

We're a people business just as much as we are a restaurant business. We strive to be the most inclusive brand in the world by building diverse teams who create delicious, feel-good moments that are easy for everyone to enjoy. Joining McDonald's means thinking big every day and preparing for a career that can have impact around the world.

Company Vision and Culture

Our Global vision is to build a better McDonald’s and, in the UK, and Ireland we are working hard to be the UK & Irelands best-loved restaurant company.

McDonald’s is defined by its culture. Our culture shapes and informs everything we think and everything we do. Our culture influences the way we interact with each other, and how we interact with customers, franchisees and suppliers. Our culture motivates and inspires us to attract and retain great talent, creating positive, energising, exceptional working environment for us all.

Our values drive our culture and shape our beliefs, our priorities and our actions. They influence the decisions we make, how we treat one another and how we show up as a brand to the world.

Serve: We put our customers and our people first

Inclusion: We open our doors to everyone

Integrity: We do the right thing

Community: We are good neighbours

Family: We get better together

Job Description:

Hybrid Working
This role is based in our East Finchley office working 3 days in the office and 2 days remotely.

What will my accountabilities be?

As a Technology Risk & Compliance Analyst you will be responsible for supporting a framework to facilitate McDonald’s adherence of data privacy and information security regulations, standards, and best practice. The role holder will learn McDonald’s technology environment, identify security and privacy risks and work with varying teams to ensure McDonald’s adapts its technical and organisational controls to protect data appropriately, based on an ever-changing compliance landscape.

Performing reviews/assessments of security and privacy controls throughout the organisation to identify risks and create risk treatment plans will be one of the main accountabilities of this role. This will include working with technology stakeholders (internal and external) to plan and implement security controls and coordinating and monitoring risk treatment progress whilst reporting this to relevant stakeholders. Additionally, acting as a point of contact and facilitating PCI-DSS and SOX audits to ensure these run smoothly. Understanding changes or additions to relevant legal or regulatory standards will be crucial to the role, as well as applying a practical approach for McDonald’s to adhere to these.

Other accountabilities will include:

• Supporting Legal team in maintaining Article 30 records of processing, completing privacy impact assessments, and managing data breach incidents
• Assisting with data discovery, data flow mapping and process analysis
• Operating technology solutions to perform data discovery and risk management
• Researching security and data privacy topics to improve organizational privacy efforts
• Providing reviews and input to information security and data privacy standards and policies as well as awareness, training, and education programmes

What Team will I be a part?

The role is part of the Cyber Security team within the Running Great Restaurant Technology function and will support the wider Technology and Change function. The Cyber Security team’s primary objective is to keep McDonald’s systems up and secure; diligently and systematically managing risks, the role holder will work closely with counterparts in other LIOM markets and with Cyber Security professionals within the GTRM function.

Who are my customers?

A variety of business stakeholders will be the primary customers, notably project sponsors, project stakeholders and vendor teams where risks treatment plans are required. Additionally, there will be key functional relationships with teams such as Legal, Finance and Marketing. Global Technology customers will include GTRM, GTIO and Internal Audit.

Qualifications:

What background do I need to have?

A successful candidate will have a bachelor’s degree or equivalent in computer science, information security, law, business administration or similar. Additionally, experience in evaluating security controls and data privacy measures across businesses and technology systems will be vital. Ideally, previous experience operating within or alongside a Legal or Data Privacy team, Information Security team or Risk Management team, or able to demonstrate knowledge of fundamental businesses processes within these areas.

• Solid understanding of compliance requirements including DPA 2018 (GDPR), PCI DSS and SOX and security frameworks including NIST and ISO27001
• Well-rounded knowledge of cyber security and data privacy principles
• Fundamental knowledge of basic IT concepts, technologies, and practises
• Demonstrable experience of key risk management concepts and techniques
• Ability to quickly grasp legal and technical concepts and identify areas of concern
• Able to work well across cross-functional teams with varying levels of technical expertise, as well as working independently with limited oversight
• Strong written and verbal communication skills with the ability to interpret complex legal and technical speak and translate into language that is well understood by the business
• Organised with a systematic approach to managing workloads and continually delivering outputs
• A strong business acumen including the ability to manage stakeholders and adjust the approaches with differing stakeholder groups to ensure the correct accountability and progress is made
• Experience in problem solving and reducing complexity in challenging scenarios

Additional Information:

At McDonald’s we are People from all Walks of Life... 

People are at the heart of everything we do, and they make the McDonald’s experience. We embrace diversity and are committed to creating an inclusive culture that means people can be their best authentic self in our restaurants and offices, which helps us to better serve our customers. We have a strong heritage of diversity and representation within our communities, which we are proud of. The diversity of our people, customers, Franchisees and suppliers gives us strength.

We do not tolerate inequality, injustice or discrimination of any kind.  These are hugely important issues and a brand with our reach and relevance means we have a very meaningful role to play.

We also recognise our responsibility as a large employer to continue being active in our communities, helping to develop skills and drive aspirations that will help people to be more aware of the world of work and more successful within it, whether with McDonald’s or elsewhere."

#LI-Hybrid