Manager, Cybersecurity

McDonald’s growth strategy, Accelerating the Arches, encompasses all aspects of our business as the leading global omni-channel restaurant brand. As the consumer landscape shifts we are using our competitive advantages to further strengthen our brand. One of our core growth strategies is to Double Down on the 3Ds (Delivery, Digital and Drive Thru). McDonald’s will accelerate technology innovation so 65M+ customers a day will experience a fast, easy experience, whether at one of our 25,000 and growing Drive thrus, through McDelivery, dine-in or takeaway. 

McDonald’s Global Technology is here to power tomorrow’s feel-good moments.That’s why you’ll find us at the forefront of transformative technology, exploring new and innovative ways to serve our millions of customers and spread happiness one delicious Hot Fudge Sundae-dipped fry at a time. Using AI, robotics and emerging tech, we’re digitizing the Golden Arches. Combine that with our unparalleled global scale, and we’re reshaping all areas of the business, industry and every community that is home to a McDonald’s restaurant. We face complex tech challenges every day. But that’s where our diverse and talented teams come in. They’re made up of the best and brightest from all over the globe, and they thrive in the space where feel-good meets fast-paced.  

Check out the McDonald’s  Global Technology Technical Blog to learn how technology and our global team are directly enabling the Accelerating the Arches strategy. 

McDonald’s, one of the most recognized brands in the world, is seeking a Manager, Cybersecurity to join our Immediate Risk Reduction (IRR) team, which supports Global Cyber Security (GCS) in protecting McDonald’s. IRR is a series of programs that address areas of basic hygiene, critical and high security exploits, and short-term key efforts that tangibly reduce security risks to McDonald’s across the system. Program teams achieve results by addressing targeted areas of risk in 3-6 month cycles. Our measure of success includes not only reducing our risk exposure, but ensuring operational processes are in place to maintain our improved risk posture.

Working with the GCS Director, Tech Deployment, this role will be responsible for supporting the IRR strategy, developing solutions, & relentlessly prioritizing efforts across the entire program. You will collaborate closely with and lead cross-functional teams across Global Technology leadership, market leaders, application owners, project managers, Global Technology solutions teams, key vendors, and others to identify, prioritize, mitigate and resolve our most pressing cybersecurity risks. These risks may involve handling larger efforts across the enterprise or limited to individual markets or functions.

Responsibilities & Accountabilities

The ideal candidate for this role should possess a foundational understanding of cybersecurity practices, cloud technologies, detection and response frameworks, and incident handling procedures. They should be familiar with adhering to established incident response playbooks and practices, have an attention to detail, and be willing to work closely across global cross-functional teams. Experience in one or more cybersecurity domains such as identity & access management, vulnerability management, application protection, infrastructure security, or network security, including tools, methodologies, and solutions is highly desired.

• Ensure security policies, standards, procedures, and guidelines are followed.
• Maintain awareness of critical vulnerabilities and emerging threats that may impact McDonald’s.
• Focus on developing processes and business relationships for the effective and timely remediation of risk in McDonald’s environment.
• Maintain key stakeholder relationships and communications to ensure SLA’s are understood and exceptions advanced as required.
• Perform functions promptly and with an acute level of attention to detail and thoroughness.
• Lead assigned IRR programs with a focus on speed, impact and priority.
• Schedule work for assigned projects/programs to ensure scope, schedule, and budget are on target.
• Review and document, reports, and policies related to IRR programs.
• Contribute to continuous improvement efforts in partnership with security practitioners, cross-functional teams, and technology leaders.
• Analyze moderately complex issues, determine their cause and impact on the business, and identify the corrective action needed to eliminate and prevent them in the future.
• Track OKRs and other metrics to show the health and effectiveness of IRR programs.
• Conduct training and awareness for new staff and stakeholders on IRR processes and expectations.
• Contribute to the professional development of other team members.

• Bachelor’s degree in engineering, information technology, cybersecurity or other related fields.
• 2-4 years of experience in cybersecurity, technical project management, IT management, or related field.
• Good understanding of cybersecurity principles, practices, and technologies.
• Strong organizational skills and the ability to prioritize work within and outside the team.
• Ability to work under tight deadlines, handling multiple business priorities.
• Strong problem-solving and analytical skills to analyze complex cybersecurity issues and devise effective solutions.
• Competent in planning and risk management to anticipate and mitigate potential security threats.
• Competent in technical writing and demonstrating various creative mechanisms to communicate to diverse audiences.
• High level of integrity and professionalism to maintain the trust and confidence of partners.
• Experience in implementing cybersecurity measures and protocols to safeguard the organization’s digital assets.
• Experience managing 3rd party vendors and service providers.
• Excellent written & verbal communication.

Preferred Qualifications

• Familiarity with complex multinational companies and distributed business models.
• Experience and willingness to work with global teams.
• Certified Information Systems Security Professional (CISSP) or Certified Information Security Manager (CISM) certification.

Experience working and collaborating with business and IT teams to successfully secure applications, infrastructure and data in a large global organization

Benefits eligible: This position offers health and welfare benefits, a 401(k) plan, adoption assistance program, educational assistance program, flexible ways of working, and time off policies (including sick leave, parental leave, and vacation/PTO). Eligibility requirements apply to some benefits and may depend on job classification and length of employment. 

Bonus eligible: This position is eligible for a bonus, calculated based on individual and company performance.

McDonald’s is an equal opportunity employer committed to the diversity of our workforce. We promote an inclusive work environment that creates feel-good moments for everyone. McDonald’s provides reasonable accommodations to qualified individuals with disabilities as part of the application or hiring process or to perform the essential functions of their job. If you need assistance accessing or reading this job posting or otherwise feel you need an accommodation during the application or hiring process, please contact [email protected]. Reasonable accommodations will be determined on a case-by-case basis.

McDonald’s provides equal employment opportunities to all employees and applicants for employment and prohibits discrimination and harassment of any type without regard to sex, sex stereotyping, pregnancy (including pregnancy, childbirth, and medical conditions related to pregnancy, childbirth, or breastfeeding), race, color, religion, ancestry or national origin, age, disability status, medical condition, marital status, sexual orientation, gender, gender identity, gender expression, transgender status, protected military or veteran status, citizenship status, genetic information, or any other characteristic protected by federal, state or local laws. This policy applies to all terms and conditions of employment, including recruiting, hiring, placement, promotion, termination, layoff, recall, transfer, leaves of absence, compensation and training.

Nothing in this job posting or description should be construed as an offer or guarantee of employment.