Job Description

The Manager of Cybersecurity Governance & Compliance will lead global efforts to address cybersecurity and technology-related regulatory and compliance challenges. The Manager will help identify the most critical risks and compliance challenges, align with partners on their risk and compliance goals, perform assessments, report on non-compliance, and provide the guidance and leadership necessary to help partners to achieve their objectives.

The role will be focused initially on compliance with internal controls that address cybersecurity risks, helping both global and local leaders to enhance control effectiveness and efficiency. The Manager will manage efforts to collate global controls feedback and assessment results, ensure remediation plans are appropriate, and validate that markets remediate issues in a timely and effective manner. The Manager will improve the global processes for intake, tracking, and closure of control issues, focusing on information consistency, automation, and closure of priority issues.

The Manager will develop our internal cybersecurity control services, including program documentation, metrics, reporting, and automated tracking. The ideal candidate will demonstrate experience in identifying and developing effective metrics, building and driving scalable, global solutions, and building reports and automation. The Manager will have strong knowledge of cybersecurity risk and compliance.

Accountabilities & Responsibilities:

• Lead the cybersecurity internal control compliance portion of Global Cybersecurity Compliance team, ensuring that internal control compliance activities are successfully completed on-time and on-budget across global markets.
• Lead regular compliance-related activities, such as finalizing compliance scope, updating policy content, delivering training, and driving remediation tracking.
• Design effective metrics, reports, and automated data collection routines that enable an effective global, scalable compliance program.
• Provide thought-leadership on remediation, identifying lessons-learned across markets, guiding other markets and facilitating cross-market learning.
• Assist with the creation and support of global remediation services for common theme issues across markets, where appropriate.
• Drive automation and off-shoring of control activities, increasing the efficiency, effectiveness, and scalability of the internal control compliance program.
• Anticipate and identify control issues and risk challenges, assisting with the long-term internal control strategy.
• Partner with all parties for internal control compliance, setting scope and objectives, enhancing the risk and control set, influencing the remediation validation approach, handling key communications, and supporting re-assessment activities.
• Partner with assessment teams, including Offensive Security, Internal Audit, and third parties, ensuring that assessment results are effectively addressed and contributing on risks and future assessments topics.
• Actively participate in the department’s strategy, processes, and approaches, demonstrating strong cybersecurity and compliance domain knowledge.
• Work effectively with leadership on compliance and risk topics, helping align our efforts with leaders and gain support to address issues and improve the control environment.
• Earn trust with leadership by efficiently running sensitive risk and audit discussions, communications, and work.
• Provide relevant hands-on guidance to team members during work activities, providing real-time mentoring and coaching through clear guidance, instruction, and support.

Qualifications

Required Qualifications

• Live the McDonald’s values every day: Serve, Inclusion, Integrity, Community, and Family.
• Bachelor's degree in Engineering, Computer Science, Information Technology, or related field
• 6+ years of related work experience
• Experience in delivering and leading risk and compliance activities and projects, potentially including cybersecurity assessments and technology risk audits
• Experience developing teams, delivering high-quality work products, and communicating effectively with various partners (e.g., technology teams, audit, senior management)
• Familiarity with information technology, business processes, and familiarity with frameworks such as MITRE ATT&CK, NIST, PCI, ISO, SOX, and local and global data privacy laws (e.g. GDPR, CCPA, CPRA)
• Proven to lead through influence and build relationships through collaboration

Preferred Qualifications

• Experience with programming, scripting, and technical solution design and development
• Master’s degree and additional degrees preferred
• Strong knowledge across IT processes such as security operations, program management, security administration, system operations, change management, modern development (e.g., DevOps, Agile), data governance, privacy, and incident/problem management
• Professional credentials preferred (OSCP, CRTO, CISSP, CEH, CIPT, CDPSE, CISA, or comparable).

Additional Information

McDonald’s is committed to providing qualified individuals with reasonable accommodations to perform the essential functions of their jobs. Additionally, if you (or another applicant of whom you are aware) require assistance accessing or reading this job posting or otherwise seek assistance in the application process, please contact recruiting.supportteam@us.mcd.com

McDonald’s provides equal employment opportunities to all employees and applicants for employment and prohibits discrimination and harassment of any type without regard to sex, sex stereotyping, pregnancy (including pregnancy, childbirth, and medical conditions related to pregnancy, childbirth, or breastfeeding), race, color, religion, ancestry or national origin, age, disability status, medical condition, marital status, sexual orientation, gender, gender identity, gender expression, transgender status, protected military or veteran status, citizenship status, genetic information, or any other characteristic protected by federal, state or local laws. This policy applies to all terms and conditions of employment, including recruiting, hiring, placement, promotion, termination, layoff, recall, transfer, leaves of absence, compensation and training.

Nothing in this job posting or description should be construed as an offer or guarantee of employment.