Director of Information Risk Management and Governance

McDonald’s is proud to be one of the most recognized brands in the world, with restaurants in over 100 countries and billions of customers served each year. As the global leader in the food service industry, we have a legacy of innovation and hard work that continues to drive us. Today, we are growing with velocity and are focused on modernizing our experiences, not to make a different McDonald’s, but to build a better McDonald’s.

We are moving fast and are adding to our best-in-class team. Joining McDonald’s means thinking big every day and preparing for a career that can have impact around the world. We are customer obsessed, committed to being leaders, and believe we are better when we work together. Over the last couple years, we’ve launched home delivery, modernized our restaurant experience through digital enhancements and have so much more to come.

We are dedicated to using our scale for good: good for people, our industry and the planet. From ambitious recycling initiatives and balanced sourcing efforts to our partnership with Ronald McDonald House Charities, we are constantly improving. We see every single day as a chance to have a genuine impact on our customers, our people and our partners.

Our new, state-of-the-art headquarters is located in the booming West Loop area in the heart of downtown Chicago. It’s set up to be a global hub that cultivates innovation. Take a class at Hamburger University, sample future menu items in our Test Kitchen, and utilize the latest technology to communicate with your team around the globe! Our office helps us connect with each other like never before. Participate in monthly organized events, enjoy massive outdoor spaces, an 8000 square foot gym, and an onsite McDonald’s serving international favorites. Needless to say, you’ll be lovin’ it here!

McDonald’s, one of the most recognized brands in the world, is seeking a Manager – Information Risk Management & Security Awareness to support our cybersecurity team as we protect McDonald’s. You will work in close collaboration with cybersecurity experts, market leads, project managers and Global Technology Solutions teams to help educate our workforce and partners. You will define and deploy a global cybersecurity awareness program. Additionally you will oversee management of McD technology Policies and Standards, including driving education and communication of standards.

We are moving fast and are adding to our best-in-class team. Joining McDonald’s means thinking big every single day and preparing for a career that will have impact around the world. We are customer obsessed, committed to being leaders in our industry and believe we are better when we work together. Over the last year, we have launched home delivery, radically improved the digital experiences of our restaurants, introduced mobile pay and have so much more to come.

McDonald’s is investing heavily in technology to drive our growth. We’re looking at how to use technology to improve the customer experience and build new customer experiences. We’re also exploring technologies that can help us reduce or eliminate repetitive tasks and make employees’ jobs more interesting and rewarding. In this role you will help reduce risk to our organization by ensuring all employees, staff and contractors know, understand and follow our security requirements and behave in a secure manner. With all the new projects and initiatives, it is an exciting time to be on the team that is helping to make a Better McDonald’s!

Global Technology Risk Management (GTRM) is the team which is ultimately responsible for the securing of McDonald’s information assets at a global level. This role will directly manage the group within GTRM that is responsible for managing the IT risk posture of the company and facilitating key services which ensure our leadership is making informed risk based decisions. This individual will also be responsible for global information governance efforts including but not limited to GDPR.

The Director of Information Risk Management and Governance will lead a team of global professionals and will work with partners globally to oversee the day to day tactical functioning of the processes and people that are dedicated to the organizations. The position must set high level strategy and direction for those performing these daily activities and set clear expectations, goals, and requirements that must be obtained as a measure of success. This position will work closely with the Segment CIOs, ITS senior leadership, and other partners to ensure that at all times the daily activities upon which McDonald’s depends to reduce risk to the environment are functioning as designed, and providing the desired benefit.

• Responsibilities

• Assess the strategic and practical needs of McDonald’s globally to help ensure that the Company has a world-class IT Risk Management and Information Governance Program.
• Ensure the visibility, value, security, integrity and availability of electronic data and information throughout the Company.
• Devise a program that helps ensure that all data and information is properly categorized, controlled, protected and retained in accordance with its value and risk, and retained pursuant to applicable legal and regulatory requirements.
• Work with cross-functional teams to identify and implement cost and risk reducing opportunities for IT Risk.
• Perform functions in a timely manner and with an acute level of attention to detail, urgency and thoroughness.
• Drive strategic deployment process within Risk Management and own development and implementation of regular improvement priorities. (Continuous improvement methodology).
• Facilitation of risk, control and security policies, standards, procedures, and guidelines.
• Perform and deliver analytics of the Risk Management program and creation and distribution of reporting / dash-boarding in form of the Technology Risk Report and other mechanisms.
• Remediation and risk mitigation planning, execution and oversight as facilitated by the RA/RA (Risk Assessment / Risk Acceptance.
• Lead the McDonald’s risk management team in the development and deployment of a security awareness program.
• Identifies developmental needs of members assigned to project teams and develops suggestions to address those needs. Acts as mentors to team members on projects and provides on the job training. Schedules work, assigns responsibility, and delegates authority for assigned projects.
• Ability to analyze the most complex risk issues, determine its cause and impact to the business and identify the corrective action needed to eliminate and prevent the event for the future
• Develop strategies and procedures to ensure the classification, confidentiality, privacy, security, retention and lawful disposal of Company information.
• Develop and oversee the implementation of a strategic program applying industry-leading practices and methodologies to support the achievement of short, medium and long-term goals.
• Develop and implement appropriate policies, SOPs, training and guidelines for the management of all information.
• Work to identify, categorize, lead and protect personal data.
• Collaborate with key business unit and capability partners, including, but not limited to, Privacy, IT, Internal Audit, InfoSec and Compliance to develop and implement the company’s IG and RIM programs.
• Work closely with the information management program vendors and consultants to improve programs.
• Support business units and capabilities (e.g., IT, Law Department, HR, Finance) day-to-day business needs and special projects.
• Lead and mentor team.
• Lead third party vendors, as applicable.
• Leading the annual departmental budget and capital requirements.
• Perform risk assessments, document results and maintain reports of significant risks and recommendations.
• Partner on actions to be taken to address identified risks and track progress.
• Build policies, standards, guidelines, and procedures in response to identified risks.
• Provide training and technical support to management and employees regarding risk management strategies and programs.

Minimum Requirements

• Bachelor’s degree in Engineering, Computer Science, Finance, Accounting or other related fields. Preference will be given to an MBA from an accredited university along with an undergraduate degree in technical area.
• 5+ years of experience of SR. LEADERSHIP (Sr. Manager or Director) experience with IT Security governance and risk.
• 5+ years of professional experience required in internal or external auditing, accounting, or compliance.

Desired skills:

• Experienced knowledge of key compliance and IT frameworks such as: Payment Card Industry (PCI), Sarbanes-Oxley, SAS-70s, HIPAA, FERC/NERC, BITS, ISO27001, COBIT, VALIT, RISKIT.
• Familiarity with complex multinational companies and distributed business models is a plus.
• Experience and willingness to lead a 24x7x365 team and work non regular hours.
• Deep experience in event / crisis management and reporting.
• Ability to interpret and understand business needs and convey such issues to information security teams.
• Proficient in technical writing and demonstrating various creative mechanisms to communicate to diverse audiences.
• Strong ability to assess urgency and prioritization and make good decision based upon situation circumstances.
• Professional certification such as CPA, CA, CIA, CISA, CISSP, PMP.

McDonald’s is committed to providing qualified individuals with disabilities reasonable accommodations to perform the essential functions of their jobs. Additionally, if you (or another applicant of whom you are aware) require assistance accessing or reading this job posting or otherwise seek assistance in the application process, please contact recruiting.supportteam@us.mcd.com

McDonald’s provides equal employment opportunities to all employees and applicants for employment and prohibits discrimination and harassment of any type without regard to sex, sex stereotyping, pregnancy (including pregnancy, childbirth, and medical conditions related to pregnancy, childbirth, or breastfeeding), race, color, religion, ancestry or national origin, age, disability status, medical condition, marital status, sexual orientation, gender, gender identity, gender expression, transgender status, protected military or veteran status, citizenship status, genetic information, or any other characteristic protected by federal, state or local laws. This policy applies to all terms and conditions of employment, including recruiting, hiring, placement, promotion, termination, layoff, recall, transfer, leaves of absence, compensation and training.

Nothing in this job posting or description should be construed as an offer or guarantee of employment.