Supervisor, Governance, Risk & Compliance

McDonald's Corporation•Chicago, IL

About The Position

McDonald’s growth strategy, Accelerating the Arches, encompasses all aspects of our business as the leading global omni-channel restaurant brand. As the consumer landscape shifts we are using our competitive advantages to further strengthen our brand. One of our core growth strategies is to Double Down on the 3Ds (Delivery, Digital and Drive Thru). McDonald’s will accelerate technology innovation so 65M+ customers a day will experience a fast, easy experience, whether at one of our 25,000 and growing Drive thrus, through McDelivery, dine-in or takeaway.  McDonald’s Global Technology is here to power tomorrow’s feel-good moments.   That’s why you’ll find us at the forefront of transformative technology, exploring new and innovative ways to serve our millions of customers and spread happiness one delicious Hot Fudge Sundae-dipped fry at a time. Using AI, robotics and emerging tech, we’re digitizing the Golden Arches. Combine that with our unparalleled global scale, and we’re reshaping all areas of the business, industry and every community that is home to a McDonald’s restaurant. We face complex tech challenges every day. But that’s where our diverse and talented teams come in. They’re made up of the best and brightest from all over the globe, and they thrive in the space where feel-good meets fast-paced.   Check out the McDonald’s Global Technology Technical Blog to learn how technology and our global team are directly enabling the Accelerating the Arches strategy.  Department OverviewMcDonald’s is seeking a Senior Risk Analyst to support our cybersecurity team as we protect our global brand. You will collaborate closely with cybersecurity experts, Global Technology teams, suppliers, and business leaders to assess technology risk across McDonald’s. In addition, the Senior Risk Analyst will help in driving the development, deployment, and maintenance of our global policies and standards, and help build a more secure culture through security awareness. As a Senior Risk Analyst, you’ll play a vital role in helping us engage with vendors and partners and help accelerate the third-party risk management program.Duties

Requirements

Bachelor’s Degree in Risk Management, GRC, Internal Audit, Third-Party Risk Management, Compliance, Cybersecurity, or related fields.
3+ years of experience in Information/Technology Risk Management, Supply Chain Risk Management, Third-Party Risk Management, and/or Global Regulatory Compliance.
Strong written and verbal communication skills. Proficiency in technical writing and creative communication for diverse audiences.
Ability to build and maintain professional relationships across diverse teams.
Detail-oriented with excellent project management, report writing, and presentation skills.
Skilled at translating technical concepts for business stakeholders.
Passion for process improvement and continuous enhancement.
Eagerness to join the ranks of a hard-working team.

Nice To Haves

Familiarity with complex multinational companies and distributed business models.
Solid ability to develop and communicate strategic direction and long-term objectives without supervision.
Experience with Information/Technology Risk Management, Supply Chain Risk Management, Third Party Risk Management, and/or Global Regulatory Compliance.
Proficient in technical writing and demonstrating various creative mechanisms to communicate to diverse audiences.
Solid ability to assess urgency and prioritization and make good decisions based upon business or market requirements.
Demonstrable ability to quickly identify project objectives and define optimal project approach to align security controls with overall program success.
Understanding of compliance, risk, and control frameworks (e.g., NIST, PCI, ISO, COBIT, CIS).
Experience with GRC platforms (e.g., ServiceNow, OneTrust, RSA Archer).
Professional certifications (or willingness to obtain): Security+, CIA, CISA, CISM, CRISC, CISSP, PMP.

Responsibilities

Maintain a working knowledge of current industry risk and trends as well as clear understanding of McDonalds’ business and technical strategies in order to be accountable for identifying security risks and concerns.
Perform complex third-party security risk assessments to identify security risks and control gaps that put McDonald’s at risk.
Communicate and prioritize security risks across the organization; validate remediation efforts and timelines.
Partner with collaborators to implement security controls and risk mitigation strategies aligned with McDonald’s policies and standards.
Manage intake and prioritization of new risk assessments across the enterprise.
Map and report risks against industry frameworks (e.g., NIST, ISO) to highlight opportunities for improvement.
Develop metrics, identify trends, and drive access to the business value of risk management activities.
Advise global technology and business leaders on security guidelines, risk analysis, and mitigation strategies.
Create and maintain process documentation, including workflows, process maps, and controls.
Support the development and execution of central initiatives to elevate program maturity, ensuring continuity of essential daily operations.
Drive process improvements, tooling enhancements, and automation opportunities to increase program scalability.
Provide oversight, learning opportunities, and mentorship to the more junior Risk Analyst.