Director Third Party Compliance

Job Description
Company Description:
McDonald's new growth strategy, Accelerating the Arches, encompasses all aspects of our business as the leading global omni-channel restaurant brand. As the consumer landscape shifts we are using our competitive advantages to further strengthen our brand. One of our core growth strategies is to Double Down on the 3Ds (Delivery, Digital and Drive Thru). McDonald's will accelerate technology innovation so 65M+ customers a day will experience a fast, easy experience, whether at one of our 25,000 and growing Drive Thrus, through McDelivery, dine-in or takeaway.
Leading this tech revolution is McDonald's Global Technology organization made up of intrapreneurs who get to build really cool tech with scary smart people using the latest innovations like AI, IOT, and edge computing. We do this working along diverse, global teams who are always hungry for a challenge. It's bonus points when you get to see your family and friends use the tech you build at their favorite McD restaurant.
This role will collaborate closely with cybersecurity experts, market leads, project managers, and Global Technology Solutions teams to ensure the reliable and efficient operation of McDonald's security services. In addition, this role will be responsible for managing and collaborating with the support teams that handle tickets and other operational tasks for McDonald's security services. This person will work closely with others in Global Technology Risk Management and other areas of Global Technology to ensure that our services are meeting the needs of markets, application teams, and other stakeholders.
Check out the Global Technology Technical Blog to learn how technology is directly enabling the Accelerating the Arches strategy.
Job Description:
The Director of Third-Party Compliance ("Director") will lead global efforts to address cybersecurity and technology-related risks across our third-party partners. The role will develop a compliance program for driving and validating the effective remediation of third-party vulnerabilities and security objectives. This includes establishing a framework for actively monitoring compliance to McDonald's standards, providing guidance for the effective remediation of gaps, driving and reporting on the remediation activities, and efficiently validating compliance. To achieve this, the Director will build strong relationships with third-party partners, align on common goals, and hold both parties accountable to achieving security results.
As a leader, the Director hires, coaches, and mentors the Third-Party Compliance team ("Team"). The Director will develop our third-party compliance processes, including the strategic objectives, program design, and the metrics, reporting, and automated tracking necessary to get results. We're seeking a hands-on leader with leadership, management, and technical experience, who is willing and able to lead by example for compliance activities.
Accountabilities & Responsibilities:

• Lead the third-party compliance team, ensuring that global third-party compliance activities are successfully completed on-time.
• Lead regular activities, such as establishing third-party compliance strategy, related compliance scope, and developing the program components necessary to deliver results.
• Develop and maintain a compliance program that actively identifies and remediates third-party security controls that violate McDonald's standards.
• Own the engagement of regulatory assessments including the collection of control evidence to support program certifications.
• Develop and maintain an intake mechanism to drive the tracking and remediation of vulnerabilities and policy violations that are identified through other sources (ex. risk assessments, audits, etc.)
• Provide thought-leadership on remediation, identifying lessons-learned across third parties, guiding other markets and facilitating learning activities.
• Anticipate and identify third-party cybersecurity issues and challenges, raising the right issues and concerns timely.
• Continuously improve the efficiency and effectiveness of the program through innovative processes and delivery methods.
• Partner with internal parties such as vendor management, supply chain, and third-party governance and risk, aligning on third-party compliance scope, objectives, security requirements, remediation validation approach, and coordinating third-party communication.
• Participate in the department's overall strategy, processes, and approaches, demonstrating strong overall cybersecurity and compliance domain knowledge.
• Provide relevant guidance to team members during work activities, providing real-time mentoring and coaching through clear guidance, instruction, and support.

Qualifications:

• Live the McDonald's values every day: Serve, Inclusion, Integrity, Community, and Family.
• Lead, empower, influence and establish relationships at all levels
• Experience in leading and delivering risk and compliance activities and projects
• Experience with standard organizational leadership activities such as budgeting, performance management, and preparing for engagement with boards and committees
• Demonstrable ability to develop teams, deliver high-quality work products, and reliably connect with various partners (e.g., technology teams, audit, senior management)
• Strong cybersecurity compliance knowledge, including familiarity with relevant frameworks and how to use them to address priority cybersecurity risks
• Leadership role performing third-party cybersecurity governance and compliance at a comparable organization
• Bachelor's degree in Engineering, Computer Science, Information Technology, or related field

Additional Information:
McDonald's is committed to providing qualified individuals with reasonable accommodations to perform the essential functions of their jobs. Additionally, if you (or another applicant of whom you are aware) require assistance accessing or reading this job posting or otherwise seek assistance in the application process, please contact [email protected]
McDonald's provides equal employment opportunities to all employees and applicants for employment and prohibits discrimination and harassment of any type without regard to sex, sex stereotyping, pregnancy (including pregnancy, childbirth, and medical conditions related to pregnancy, childbirth, or breastfeeding), race, color, religion, ancestry or national origin, age, disability status, medical condition, marital status, sexual orientation, gender, gender identity, gender expression, transgender status, protected military or veteran status, citizenship status, genetic information, or any other characteristic protected by federal, state or local laws. This policy applies to all terms and conditions of employment, including recruiting, hiring, placement, promotion, termination, layoff, recall, transfer, leaves of absence, compensation and training.
Nothing in this job posting or description should be construed as an offer or guarantee of employment.