Risk Analyst

Department Overview

We are moving fast and are adding to our best-in-class team and joining McDonald's means thinking big every day and preparing for a career that will have a global impact. We are customer-obsessed, committed to being leaders in our industry, and believe we are better when we work together. Over the last several years, we have launched home delivery, radically improved the digital experiences of our restaurants, introduced mobile pay, and have so much more to come. These critical initiatives require strong leadership to ensure resilient security posture and compliance with policies, standards, regulatory requirements, and best practices.

McDonald’s is investing heavily in technology to drive our growth. We’re looking at how to use technology to improve the customer journey and build new customer experiences. We’re also exploring technologies that can help us reduce or eliminate repetitive tasks and make employees’ jobs more exciting and rewarding. With all the new projects and initiatives, it is an exciting time to be on the cybersecurity team, helping to make a safer and better McDonald's!

McDonald's is seeking a Risk Analyst to join our team! Risk Management sits under our Governance, Risk and Compliance (GRC) team - which is ultimately responsible for the securing of McDonald’s information assets at a global level. This role will directly collaborate with the group within Global Cyber Security that is responsible for our cybersecurity risk management program and critical services, ensuring our leadership makes informed risk-based decisions. This individual will also be responsible for global information governance efforts, including but not limited to GDPR. The Risk Analyst will work closely with cybersecurity experts, Global Technology teams, and business leaders to support the assessment of cybersecurity risk to the organization and develop detailed security guidance.

This role will be hybrid with an expectation of three days a week at our new, state-of-the-art headquarters - located in the booming West Loop area in the heart of downtown Chicago. It's set up to be a global hub that cultivates innovation. Take a class at Hamburger University, sample future menu items in our Test Kitchen, and utilize the latest technology to communicate with your team around the globe! Our office helps us connect with each other like never before. Participate in monthly organized events, enjoy massive outdoor spaces, an 8000 square foot gym, and an onsite McDonald's serving international favorites. Needless to say, you’ll be lovin’ it here!

Responsibilities

• Maintain a deep understanding of industry risk trends and McDonald’s business strategies to identify security risks and concerns.
• Conduct comprehensive third-party security risk assessments to uncover potential vulnerabilities.
• Communicate and prioritize security risks across the organization; validate remediation efforts and timelines.
• Partner with stakeholders to implement security controls and risk mitigation strategies aligned with McDonald’s policies and standards.
• Manage intake and prioritization of new risk assessments across the enterprise.
• Map and report risks against industry frameworks (e.g., NIST, ISO) to highlight opportunities for improvement.
• Develop metrics, identify trends, and drive visibility into the business value of risk management activities.
• Advise global technology and business leaders on security best practices, risk analysis, and mitigation strategies.
• Create and maintain process documentation, including workflows, process maps, and controls.

Qualifications

• Bachelor’s Degree in Risk Management, GRC, Internal Audit, Third-Party Risk Management, Compliance, Cybersecurity, or related fields.
• 1 - 3 years of experience in Information/Technology Risk Management, Supply Chain Risk Management, Third-Party Risk Management, and/or Global Regulatory Compliance.
• Strong written and verbal communication skills. Proficiency in technical writing and creative communication for diverse audiences.
• Ability to build and maintain professional relationships across diverse teams.
• Detail-oriented with excellent project management, report writing, and presentation skills.
• Skilled at translating technical concepts for business stakeholders.
• Passion for process improvement and continuous enhancement.
• Familiarity with multinational organizations and distributed business models.
• Understanding of compliance, risk, and control frameworks (e.g., NIST, PCI, ISO, COBIT, CIS).
• Experience with GRC platforms (e.g., ServiceNow, OneTrust, RSA Archer).
• Ability to prioritize effectively and make sound decisions based on business needs.

Preferred Qualifications

• Professional certifications (or willingness to obtain): Security+, CIA, CISA, CISM, CRISC, CISSP, PMP.

Compensation

Bonus Eligible: Yes

Benefits Eligible: Yes

Salary Range

The expected salary range for this role is $65,820 - $82,280 per year
 
The above represents the expected salary range for this job requisition. Ultimately, in determining your pay, we may also consider your experience, and other job-related factors.