Sr Manager - Governance, Risk & Compliance (GRC)

Governance, Risk, and Compliance

McDonald’s is seeking a Sr Manager, Governance, Risk & Compliance to support our cybersecurity team as we protect our global brand. You will collaborate closely with cybersecurity experts, Global Technology teams, and business leaders to assess technology risk across McDonald’s. In addition, this role will help build a more secure culture through security awareness. You’ll play a vital role in helping us engage with business collaborators in order to enhance and accelerate the risk management program, which includes internal solution/application assessments.

We are moving fast and are adding to our best-in-class team and joining McDonald's means thinking big every day and preparing for a career that will have a global impact. We are customer-obsessed, committed to being leaders in our industry, and believe we are better when we work together. Over the last several years, we have launched home delivery, radically improved the digital experiences of our restaurants, introduced mobile pay, and have so much more to come. These critical initiatives require strong leadership to ensure resilient security posture and compliance with policies, standards, regulatory requirements, and best practices.

McDonald’s is investing heavily in technology to drive our growth. We’re looking at how to use technology to improve the customer journey and build new customer experiences. We’re also exploring technologies that can help us reduce or eliminate repetitive tasks and make employees’ jobs more exciting and rewarding. With all the new projects and initiatives, it is an exciting time to be on the cybersecurity team, helping to make a safer and better McDonald's!

Responsibilities

• Aid with the creation of a robust reporting function that ensures visibility and clarity to our collaborators and leadership.
• Support the tracking of team goals, work, progress indicators, and strategic direction.
• Support the development of risk quantification mechanisms (KRI’s, KPI’s, etc.)
• Ensure accuracy and completeness of our global IT policies and standards
• Support in our continual effort to improve internal processes and the way in which we work.
• Define and operate a GRC strategy to lead the visibility, value, security, integrity, and availability of electronic data and information throughout McDonald’s.
• Collaborate with internal and external product and development teams to integrate security tools, standards, and processes into the product life cycle.
• Work with multi-functional teams to identify and implement value and risk-reducing opportunities.
• Facilitate stakeholder discussions related to risk, control, and security policies and standards
• Translate technical risks to senior leadership to help them better understand how they will affect their business objectives.
• Analyze the most complex risk issues, resolve their cause, and impact on the business, and identify the corrective action needed to eliminate and prevent the events in the future.
• Develop and be responsible for the implementation of a strategic program applying industry-leading practices and methodologies to support the achievement of short, medium, and long-term goals.
• Collaborate with other GCS leaders to improve our programs and add new value.
• Identifies developmental needs of team members and provides suggestions to address those needs. Acts as a mentor to junior staff and provides on-the-job training. Schedules work, assigns responsibility, and delegates authority for assigned projects.

Qualifications

• Applicable bachelor’s degree or equivalent work experience within Technology Risk Management, Computer Science, Information Technology, Cybersecurity, Engineering, or other related fields. Certifications are a plus (e.g. CISA, CISSP, CRISC, CISM, PMP)
• Preference will be given to an MBA or MS from an accredited university.
• Leadership experience with proven track record of success and growth.
• Excellent written & verbal communication.
• Ability to translate messaging and build the “story” between technical teams and business partners.
• Eagerness to join the ranks of an impactful team.
• Understanding of key compliance, risk, and control frameworks such as NIST, PCI, ISO, COBIT, etc. and understanding of a central GRC function.
• 10+ years of relevant work experience.
• Nice to have experience working with Service Now (GRC)

Compensation

Bonus Eligible: YES

Long - Term Incentive: YES

Benefits Eligible: YES

Salary Range

The expected salary range for this role is $152,678.00 - $190,847.00 per year
 
The above represents the expected salary range for this job requisition. Ultimately, in determining your pay, we may also consider your experience, and other job-related factors.