Manager of Cybersecurity Governance & Compliance - Internal Controls

logo

Manager of Cybersecurity Governance & Compliance - Internal Controls

McDonald's

icon Chicago, IL, US, 60607

iconFull Time

icon7 November 2024

Apply Now

Company Description

McDonald's evolving Accelerating the Arches growth strategy puts our customers and people first and demonstrates our competitive advantages to strengthen our brand. We are recognized on lists like Fortune’s Most Admired Companies and Fast Company’s Most Innovative Companies.

Doubling Down on the 4Ds (Delivery, Digital, Drive Thru, and Development)

Our growth pillars emphasize the critical role technology plays as the best-in-class, global omni-channel restaurant brand. Technology enables the organization through digital technologies, and improving the customer, crew and employee experience each and every day!

Global Technology forging the way

Leading the digitization of our business is the Technology organization made up of innovation specialists who build industry defining tech using the latest innovations and platforms, like AI and edge computing to deliver on the next set of groundbreaking opportunities for the business. We take on technology innovation challenges at an incredible scale, and work across global teams who are always hungry for a challenge! This provides access to compelling career paths for technologists. It’s bonus points when you get to see your family and friends use the tech you build at their favorite McD restaurant.

Job Description

The Manager of Cybersecurity Governance & Compliance will lead global efforts to address cybersecurity and technology-related regulatory and compliance challenges. The Manager will help identify the most critical risks and compliance challenges, align with partners on their risk and compliance goals, perform assessments, report on non-compliance, and provide the guidance and leadership necessary to help partners to achieve their objectives.

The role will be focused initially on compliance with internal controls that address cybersecurity risks, helping both global and local leaders to enhance control effectiveness and efficiency. The Manager will manage efforts to collate global controls feedback and assessment results, ensure remediation plans are appropriate, and validate that markets remediate issues in a timely and effective manner. The Manager will improve the global processes for intake, tracking, and closure of control issues, focusing on information consistency, automation, and closure of priority issues.

The Manager will develop our internal cybersecurity control services, including program documentation, metrics, reporting, and automated tracking. The ideal candidate will demonstrate experience in identifying and developing effective metrics, building and driving scalable, global solutions, and building reports and automation. The Manager will have strong knowledge of cybersecurity risk and compliance. 

Accountabilities & Responsibilities:

  • Lead the cybersecurity internal control compliance portion of Global Cybersecurity Compliance team, ensuring that internal control compliance activities are successfully completed on-time and on-budget across global markets.
  • Lead regular compliance-related activities, such as finalizing compliance scope, updating policy content, delivering training, and driving remediation tracking.
  • Design effective metrics, reports, and automated data collection routines that enable an effective global, scalable compliance program.
  • Provide thought-leadership on remediation, identifying lessons-learned across markets, guiding other markets and facilitating cross-market learning.
  • Assist with the creation and support of global remediation services for common theme issues across markets, where appropriate.
  • Drive automation and off-shoring of control activities, increasing the efficiency, effectiveness, and scalability of the internal control compliance program.
  • Anticipate and identify control issues and risk challenges, assisting with the long-term internal control strategy.
  • Partner with all parties for internal control compliance, setting scope and objectives, enhancing the risk and control set, influencing the remediation validation approach, handling key communications, and supporting re-assessment activities.
  • Partner with assessment teams, including Offensive Security, Internal Audit, and third parties, ensuring that assessment results are effectively addressed and contributing on risks and future assessments topics.
  • Actively participate in the department’s strategy, processes, and approaches, demonstrating strong cybersecurity and compliance domain knowledge.
  • Work effectively with leadership on compliance and risk topics, helping align our efforts with leaders and gain support to address issues and improve the control environment.
  • Earn trust with leadership by efficiently running sensitive risk and audit discussions, communications, and work.
  • Provide relevant hands-on guidance to team members during work activities, providing real-time mentoring and coaching through clear guidance, instruction, and support.

Qualifications

Required Qualifications

  • Live the McDonald’s values every day: Serve, Inclusion, Integrity, Community, and Family.
  • Bachelor's degree in Engineering, Computer Science, Information Technology, or related field
  • 6+ years of related work experience
  • Experience in delivering and leading risk and compliance activities and projects, potentially including cybersecurity assessments and technology risk audits
  • Experience developing teams, delivering high-quality work products, and communicating effectively with various partners (e.g., technology teams, audit, senior management)
  • Familiarity with information technology, business processes, and familiarity with frameworks such as MITRE ATT&CK, NIST, PCI, ISO, SOX, and local and global data privacy laws (e.g. GDPR, CCPA, CPRA)
  • Proven to lead through influence and build relationships through collaboration

Preferred Qualifications

  • Experience with programming, scripting, and technical solution design and development
  • Master’s degree and additional degrees preferred
  • Strong knowledge across IT processes such as security operations, program management, security administration, system operations, change management, modern development (e.g., DevOps, Agile), data governance, privacy, and incident/problem management
  • Professional credentials preferred (OSCP, CRTO, CISSP, CEH, CIPT, CDPSE, CISA, or comparable).

Additional Information

McDonald’s is an equal opportunity employer committed to the diversity of our workforce. We promote an inclusive work environment that creates feel-good moments for everyone. McDonald’s provides reasonable accommodations to qualified individuals with disabilities as part of the application or hiring process or to perform the essential functions of their job. If you need assistance accessing or reading this job posting or otherwise feel you need an accommodation during the application or hiring process, please contact mcdhrbenefits@us.mcd.com. Reasonable accommodations will be determined on a case-by-case basis.

McDonald’s provides equal employment opportunities to all employees and applicants for employment and prohibits discrimination and harassment of any type without regard to sex, sex stereotyping, pregnancy (including pregnancy, childbirth, and medical conditions related to pregnancy, childbirth, or breastfeeding), race, color, religion, ancestry or national origin, age, disability status, medical condition, marital status, sexual orientation, gender, gender identity, gender expression, transgender status, protected military or veteran status, citizenship status, genetic information, or any other characteristic protected by federal, state or local laws. This policy applies to all terms and conditions of employment, including recruiting, hiring, placement, promotion, termination, layoff, recall, transfer, leaves of absence, compensation and training.

Nothing in this job posting or description should be construed as an offer or guarantee of employment.