Senior Manager - Cybersecurity (Immediate Risk Reduction)

Job Description
Company Description:
McDonald's new growth strategy, Accelerating the Arches, encompasses all aspects of our business as the leading global omni-channel restaurant brand. As the consumer landscape shifts, we are using our competitive advantages to further strengthen our brand. One of our core growth strategies is to Double Down on the 4Ds (Delivery, Digital, Drive Thru, and Development). Our growth pillars emphasize the critical role technology plays as the best-in-class, global omni-channel restaurant brand. Technology enables the organization through digital technologies, and improving the customer, crew, and employee experience each and every day.
Leading the security of our business is the Global Cyber Security (GCS) organization made up of leading practitioners who partner with the enterprise and provide security for the next set of groundbreaking opportunities business. We take on the highest security challenges for McDonalds - driving security platforms, enabling McDonalds to do business securely, and helping continuously mature secure practices for McDonalds all while improving operational effectiveness. GCS provides access to compelling career paths for aspiring technologists. It's bonus points when you get to see your family and friends use the tech you secure at their favorite McDonald's restaurant.
Job Description:
McDonald's, one of the most recognized brands in the world, is seeking a Senior Manager, Cybersecurity to join our Immediate Risk Reduction (IRR) team, which supports Global Cyber Security (GCS) in protecting McDonald's. IRR is a series of programs that address areas of basic hygiene, critical and high security exploits, and short-term key efforts that tangibly reduce security risks to McDonald's across the system. Program teams achieve results by addressing targeted areas of risk in 3-6 month cycles. Our measure of success includes not only reducing our risk exposure, but ensuring operational processes are in place to maintain our improved risk posture.
Reporting to the GCS Director, Tech Deployment, this role will be responsible for supporting the IRR strategy, developing solutions, & relentlessly prioritizing efforts across the entire program. They will collaborate closely with and lead cross-functional teams across Global Technology leadership, market leaders, application owners, project managers, Global Technology solutions teams, key vendors, and others to identify, prioritize, mitigate and resolve our most pressing cybersecurity risks. These risks may involve managing larger efforts across the enterprise or limited to individual markets or functions.
Responsibilities & Accountabilities
The ideal candidate for this role should possess an excellent understanding of cybersecurity practices, cloud technologies, detection and response frameworks, and incident handling procedures. They should be familiar with adhering to established incident response playbooks and practices, have an attention to detail, and be willing to work collaboratively across global cross-functional teams. Experience in one or more cybersecurity domains such as identity & access management, vulnerability management, application protection, infrastructure security, or network security, including tools, methodologies, and solutions is highly desired.

• Ensure security policies, standards, procedures, and guidelines are followed.
• Maintain awareness of critical vulnerabilities and emerging threats that may impact McDonald's.
• Focus on developing processes and business relationships for the effective and timely remediation of risk in McDonald's environment.
• Maintain key stakeholder relationships and communications to ensure SLA's are understood and exceptions escalated as required.
• Perform functions promptly and with an acute level of attention to detail, urgency, and thoroughness.
• Lead and supervise IRR programs with a focus on speed, impact and priority.
• Schedule work, assign responsibility, and delegate authority for assigned projects/programs to ensure scope, schedule, and budget are on target.
• Review and create technical documentation, reports, and policies related to IRR programs.
• Lead continuous improvement efforts including best practice sharing, analyzing insights, and identifying process gaps in partnership with security practitioners, cross-functional teams, and technology leaders.
• Analyze complex issues, determine their cause and impact on the business, and identify the corrective action needed to eliminate and prevent them in the future.
• Assist in identifying OKRs and other metrics to show the health and effectiveness of IRR programs.
• Ensure vendors follow appropriate policies, SOPs, training, and guidelines for related implementations.
• Provide input into the department's annual budget and ability to manage expenditures effectively.
• Foster a collaborative and high-performance team environment.
• Support the professional development of team members through coaching and training.
• Provide leadership and mentorship to the cybersecurity managers and other team members.

Benefits eligible : Yes
Bonus eligible : Yes
Long term incentive eligible : Yes
The expected salary range for this role is $149,260 - $190,310
The above represents the expected salary range for this job requisition. Ultimately, in determining your pay, we may also consider your experience, and other job-related factors.
Qualifications:

• Bachelor's degree in engineering, information technology, cybersecurity or other related fields.
• 5+ years of experience in cybersecurity, technical project management, IT management, or related field.
• Strong understanding of cybersecurity principles, practices, and technologies.
• Strong organizational skills and the ability to prioritize work within and outside the team.
• Ability to work under tight deadlines, handling multiple business priorities.
• Strong problem-solving and analytical skills to analyze complex cybersecurity issues and devise effective solutions.
• Proficient in planning and risk management to anticipate and mitigate potential security threats.
• Proficient in technical writing and demonstrating various creative mechanisms to communicate to diverse audiences.
• High level of integrity and professionalism to maintain the trust and confidence of partners.
• Experience in implementing cybersecurity measures and protocols to safeguard the organization's digital assets.
• Experience managing 3rd party vendors and service providers.
• Adept at coordinating with various business units to ensure smooth operations and effective collaboration.
• Excellent written & verbal communication.

Preferred Qualifications

• Familiarity with complex multinational companies and distributed business models.
• Experience and willingness to work with global teams.
• Certified Information Systems Security Professional (CISSP) or Certified Information Security Manager (CISM) certification.
• Extensive experience working and collaborating with business and IT teams to successfully secure applications, infrastructure and data in a large global organization.

Additional Information:
Benefits eligible: This position offers health and welfare benefits, a 401(k) plan, adoption assistance program, educational assistance program, flexible ways of working, and time off policies (including sick leave, parental leave, and vacation/PTO). Eligibility requirements apply to some benefits and may depend on job classification and length of employment.
Bonus eligible: This position is eligible for a bonus, calculated based on individual and company performance.
Long term Incentive eligible: This position is eligible for stock or other equity grants pursuant to McDonald's long-term incentive plan.
McDonald's is committed to providing qualified individuals with reasonable accommodations to perform the essential functions of their jobs. Additionally, if you (or another applicant of whom you are aware) require assistance accessing or reading this job posting or otherwise seek assistance in the application process, please contact recruiting.supportteam@us.mcd.com
McDonald's provides equal employment opportunities to all employees and applicants for employment and prohibits discrimination and harassment of any type without regard to sex, sex stereotyping, pregnancy (including pregnancy, childbirth, and medical conditions related to pregnancy, childbirth, or breastfeeding), race, color, religion, ancestry or national origin, age, disability status, medical condition, marital status, sexual orientation, gender, gender identity, gender expression, transgender status, protected military or veteran status, citizenship status, genetic information, or any other characteristic protected by federal, state or local laws. This policy applies to all terms and conditions of employment, including recruiting, hiring, placement, promotion, termination, layoff, recall, transfer, leaves of absence, compensation and training.
Nothing in this job posting or description should be construed as an offer or guarantee of employment.