Global Technology Risk Management (GTRM) is the team which is ultimately responsible for the securing of McDonald’s information assets at a global level. This role will directly manage the group within GTRM that is responsible for managing the IT risk posture of the company and facilitating key services which ensure our leadership is making informed risk based decisions. This individual will also be responsible for global information governance efforts including but not limited to GDPR.
The Director of Information risk management and governance will lead a team of global professionals and will be responsible for working with stakeholders globally to oversee the day to day tactical functioning of the processes and people that are dedicated to the organizations. The position must set high level strategy and direction for those performing these daily activities and set clear expectations, goals, and requirements that must be obtained as a measure of success. This position will work closely with the Segment CIOs, ITS senior leadership, and other stakeholders to ensure that at all times the daily activities upon which McDonald’s depends to reduce risk to the environment are functioning as designed, and providing the desired benefit. To do this the selected person will:
• Assess the strategic and practical needs of McDonald’s globally to help ensure that
the Company has a world class IT Risk Management and Information Governance
• Ensure the visibility, value, security, integrity and availability of electronic data
and information throughout the Company.
• Devise a program that helps ensure that all data and information is properly
categorized, controlled, protected and retained in accordance with its value
and risk, and retained pursuant to applicable legal and regulatory requirements.
• Work with cross-functional teams to identify and implement cost and risk reducing
opportunities for IT Risk.
• Perform functions in a timely manner and with an extreme level of attention to detail,
urgency and thoroughness.
• Drive strategic deployment process within Risk Management and own development and
implementation of regular improvement priorities. (Continuous improvement methodology).
• Facilitation of risk, control and security policies, standards, procedures, and guidelines.
• Perform and deliver analytics of the Risk Management program and creation and
distribution of reporting / dash-boarding in form of the Technology Risk Report
and other mechanisms.
• Remediation and risk mitigation planning, execution and oversight as facilitated by the
RA/RA (Risk Assessment / Risk Acceptance.
• Lead the McDonald's risk management team in the development and deployment of a
security awareness program.
• Identifies developmental needs of members assigned to project teams and develops
suggestions to address those needs. Acts as mentors to team members on projects and provides on the job training. Schedules work, assigns responsibility, and delegates authority for assigned projects.
• Ability to analyze the most complex risk issues, determine its cause and impact to the
business and identify the corrective action needed to eliminate and prevent the event for the future
Key responsibilities include:
• Develop strategies and procedures to ensure the classification, confidentiality, privacy, security, retention and lawful disposal of Company information.
• Develop and oversee the implementation of a strategic program applying industry-leading practices and methodologies to support the achievement of short, medium and long-term goals.
• Develop and implement appropriate policies, SOPs, training and guidelines for the management of all information.
• Work to identify, categorize, manage and protect personal data.
• Collaborate with key business unit and capability stakeholders, including, but not limited to, Privacy, IT, Internal Audit, InfoSec and Compliance to develop and implement the company's IG and RIM programs.
• Work closely with the information management program vendors and consultants to improve programs.
• Support business units and capabilities (e.g., IT, Law Department, HR, Finance) day-to-day business needs and special projects.
• Manage and mentor team.
• Manage third party vendors, as applicable.
• Managing the annual departmental budget and capital requirements.
• Perform risk assessments, document results and maintain reports of significant risks and recommendations
• Partner with stakeholders on actions to be taken to address identified risks and track progress
• Create policies, standards, guidelines, and procedures in response to identified risks
•Provide training and technical support to management and employees regarding risk management strategies and programs
• Bachelor’s degree in Engineering, Computer Science, Finance, Accounting or other related fields. Preference will be given to an MBA from an accredited university along with an undergraduate degree in technical area.
• 5-10 years of experience of SR. LEADERSHIP (Sr. Manager or Director) experience with IT Security governance and risk.
• 5-10 years of professional experience required in internal or external auditing, accounting, compliance or other related fields.
• Expert knowledge of key compliance and IT frameworks such as: Payment Card Industry (PCI), Sarbanes-Oxley, SAS-70s, HIPAA, FERC/NERC, BITS, ISO27001, COBIT, VALIT, RISKIT.
• Familiarity with complex multi-national companies and distributed business models is a plus.
• Experience and willingness to manage a 24x7x365 team and work non regular hours.
• Deep experience in event / crisis management and reporting.
• Ability to interpret and understand business needs and convey such issues to information security teams.
• Proficient in technical writing and leveraging various creative mechanisms to communicate to diverse audiences.
• Strong ability to assess urgency and prioritization and make good decision based upon situation circumstances.
• Professional certification such as CPA, CA, CIA, CISA, CISSP, PMP, are strongly desired.