Director of Information Risk Management and Governance
Overview:
Global Technology Risk Management (GTRM) is the team which is ultimately responsible for the securing of McDonald’s information assets at a global level. This role will directly manage the group within GTRM that is responsible for managing the IT risk posture of the company and facilitating key services which ensure our leadership is making informed risk based decisions. This individual will also be responsible for global information governance efforts including but not limited to GDPR.
The Director of Information Risk Management and Governance will lead a team of global professionals and will work with partners globally to oversee the day to day tactical functioning of the processes and people that are dedicated to the organizations. The position must set high level strategy and direction for those performing these daily activities and set clear expectations, goals, and requirements that must be obtained as a measure of success. This position will work closely with the Segment CIOs, ITS senior leadership, and other partners to ensure that at all times the daily activities upon which McDonald’s depends to reduce risk to the environment are functioning as designed, and providing the desired benefit.
· Bachelor’s degree in Engineering, Computer Science, Finance, Accounting or other related fields. Preference will be given to an MBA from an accredited university along with an undergraduate degree in technical area.
· 5+ years of experience of SR. LEADERSHIP (Sr. Manager or Director) experience with IT Security governance and risk.
· 5+ years of professional experience required in internal or external auditing, accounting, or compliance.
Desired skills:
· Experienced knowledge of key compliance and IT frameworks such as: Payment Card Industry (PCI), Sarbanes-Oxley, SAS-70s, HIPAA, FERC/NERC, BITS, ISO27001, COBIT, VALIT, RISKIT.
· Familiarity with complex multinational companies and distributed business models is a plus.
· Experience and willingness to lead a 24x7x365 team and work non regular hours.
· Deep experience in event / crisis management and reporting.
· Ability to interpret and understand business needs and convey such issues to information security teams.
· Proficient in technical writing and demonstrating various creative mechanisms to communicate to diverse audiences.
· Strong ability to assess urgency and prioritization and make good decision based upon situation circumstances.
· Professional certification such as CPA, CA, CIA, CISA, CISSP, PMP.
We are an equal opportunity employer and value diversity at our company. We do not discriminate on the basis of race, religion, color, national origin, gender, sexual orientation, age, marital status, veteran status, or disability status.
· Assess the strategic and practical needs of McDonald’s globally to help ensure that the Company has a world-class IT Risk Management and Information Governance Program.
· Ensure the visibility, value, security, integrity and availability of electronic data and information throughout the Company.
· Devise a program that helps ensure that all data and information is properly categorized, controlled, protected and retained in accordance with its value and risk, and retained pursuant to applicable legal and regulatory requirements.
· Work with cross-functional teams to identify and implement cost and risk reducing opportunities for IT Risk.
· Perform functions in a timely manner and with an acute level of attention to detail, urgency and thoroughness.
· Drive strategic deployment process within Risk Management and own development and implementation of regular improvement priorities. (Continuous improvement methodology).
· Facilitation of risk, control and security policies, standards, procedures, and guidelines.
· Perform and deliver analytics of the Risk Management program and creation and distribution of reporting / dash-boarding in form of the Technology Risk Report and other mechanisms.
· Remediation and risk mitigation planning, execution and oversight as facilitated by the RA/RA (Risk Assessment / Risk Acceptance.
· Lead the McDonald's risk management team in the development and deployment of a security awareness program.
· Identifies developmental needs of members assigned to project teams and develops suggestions to address those needs. Acts as mentors to team members on projects and provides on the job training. Schedules work, assigns responsibility, and delegates authority for assigned projects.
· Ability to analyze the most complex risk issues, determine its cause and impact to the business and identify the corrective action needed to eliminate and prevent the event for the future
· Develop strategies and procedures to ensure the classification, confidentiality, privacy, security, retention and lawful disposal of Company information.
· Develop and oversee the implementation of a strategic program applying industry-leading practices and methodologies to support the achievement of short, medium and long-term goals.
· Develop and implement appropriate policies, SOPs, training and guidelines for the management of all information.
· Work to identify, categorize, lead and protect personal data.
· Collaborate with key business unit and capability partners, including, but not limited to, Privacy, IT, Internal Audit, InfoSec and Compliance to develop and implement the company's IG and RIM programs.
· Work closely with the information management program vendors and consultants to improve programs.
· Support business units and capabilities (e.g., IT, Law Department, HR, Finance) day-to-day business needs and special projects.
· Lead and mentor team.
· Lead third party vendors, as applicable.
· Leading the annual departmental budget and capital requirements.
· Perform risk assessments, document results and maintain reports of significant risks and recommendations.
· Partner on actions to be taken to address identified risks and track progress.
· Build policies, standards, guidelines, and procedures in response to identified risks.
· Provide training and technical support to management and employees regarding risk management strategies and programs.