Job Description

Global Technology Risk Management (GTRM) is the team that is ultimately responsible for the securing of McDonald’s information assets at a global level.

Global Technology Risk Management (GTRM) is the team that is ultimately responsible for the securing of McDonald’s information assets at a global level. This role will partner to lead the Information and Security Risk Assessment program within GTRM that is responsible for vendor and supplier risk identification and mitigation, ultimately ensuring the protection of our assets and global supply chain.

McDonald’s is seeking a Manager of Risk Management to support our growing Information Risk Management team as we protect McDonald’s. You will closely collaborate with cybersecurity guides, Global Technology teams, suppliers, vendors, and business leaders to assess technology risk across McDonald’s, drive the development, deployment, and maintenance of our global policies and standards, and help build a more secure culture through security awareness.

The Manager of Risk Management will lead a team of global professionals and will work with partners globally to oversee the day-to-day tactical functioning of the processes and people dedicated to the organization. The position will help set data security, information protection, and cyber awareness strategies across our supplier network. It is important to set clear expectations, define measures of success, and provide direction for the team members supporting these daily activities. This Manager will work closely with cybersecurity experts, Global Technology teams, suppliers, and business leaders to assess information risk across McDonald’s and help build a more secure culture.

• Facilitate stakeholder discussions related to risk, control, and security policies, standards, procedures, and guidelines.
• Analyze the most complex risk issues, resolve their cause, and impact on the business, and identify the corrective action needed to eliminate and prevent the events in the future.
• Partner with Global Supply Chain to prioritize and implement a robust third party risk management program.
• Develop and refine our approach to assessing risk for our supply chain partners.
• Create ongoing stakeholder and leadership reporting that outlines the state of the program, where risk has been identified, ongoing mitigation efforts, and other key information.
• Create and maintain documentation pertaining to integrated risk processes and controls.
• Provide recommendations on Information Security policies and defining governance procedures for McDonald’s data shared with our third party partners.
• Assess the maturity of global supply chain third-party risk programs.
• Work with cross-functional teams to identify and implement value and risk-reducing opportunities.
• Develop and maintain a program roadmap to ensure our supply chain remains protected among the constantly evolving threat environment.
• Translate technical risks to senior leadership to help them better understand how they will affect their business objectives.
• Develop reoccurring cybersecurity awareness communications to educate our vendors and suppliers on new/emerging threats that may impact their operations.
• Develop cases and lead resource prioritization to deliver projects on time and on budget.
• Collaborate with other GTRM leaders to improve our programs and add new value.
• Identifies developmental needs of members assigned to project teams and develops suggestions to address those needs. Acts as a mentor to team members on projects and provides on-the-job training. Schedules work, assigns responsibility, and delegates authority for assigned projects.

Qualifications

• Applicable bachelor’s degree or equivalent work experience within Risk Management, Internal Audit, Third Party Risk Management, Compliance, Cybersecurity, Engineering, Computer Science, or other related fields.
• Leadership experience with proven track record of success and growth.
• Prior experience within Risk Management and IT Security governance a plus.
• Excellent written & verbal communication
• Ability to translate messaging between technical teams and business partners
• Eagerness to join the ranks of an impactful team

Desired skills:

• Familiarity with complex multinational companies and distributed business models.
• Strong ability to develop and communicate strategic direction and long-term objectives without supervision.
• Eagerness to build relationships with supply chain partners and those who support them.
• Experience with Information/Technology Risk Management, Supply Chain Risk Management, Third Party Risk Management, and/or Global Regulatory Compliance.
• Proficient in technical writing and demonstrating various creative mechanisms to communicate to diverse audiences.
• Strong ability to assess urgency and prioritization and make good decisions based upon situational circumstances.
• Demonstrable ability to quickly identify project objectives and define optimal project approach to align security controls with overall program success.
• Relevant professional certifications a plus.
• Understanding of key compliance, risk, and control frameworks such as NIST, PCI, ISO, COBIT, etc.

Additional Information

McDonald’s is committed to providing qualified individuals with reasonable accommodations to perform the essential functions of their jobs. Additionally, if you (or another applicant of whom you are aware) require assistance accessing or reading this job posting or otherwise seek assistance in the application process, please contact recruiting.supportteam@us.mcd.com

McDonald’s provides equal employment opportunities to all employees and applicants for employment and prohibits discrimination and harassment of any type without regard to sex, sex stereotyping, pregnancy (including pregnancy, childbirth, and medical conditions related to pregnancy, childbirth, or breastfeeding), race, color, religion, ancestry or national origin, age, disability status, medical condition, marital status, sexual orientation, gender, gender identity, gender expression, transgender status, protected military or veteran status, citizenship status, genetic information, or any other characteristic protected by federal, state or local laws. This policy applies to all terms and conditions of employment, including recruiting, hiring, placement, promotion, termination, layoff, recall, transfer, leaves of absence, compensation and training.

Nothing in this job posting or description should be construed as an offer or guarantee of employment.