Senior Risk Analyst - Cybersecurity

McDonald's - Chicago, IL

posted 2 months ago

Full-time - Mid Level
Chicago, IL
Food Services and Drinking Places

About the position

The Senior Risk Analyst - Cybersecurity at McDonald's plays a crucial role in supporting the cybersecurity team to protect the global brand. This position involves collaboration with cybersecurity experts, Global Technology teams, suppliers, and business leaders to assess technology risks and drive the development and maintenance of global policies and standards. The role is integral in fostering a secure culture through security awareness and managing third-party risk effectively.

Responsibilities

  • Maintain a working knowledge of current industry risk and trends and understand McDonald's business and technical strategies to identify security risks.
  • Perform complex application/solution/third-party security risk assessments to identify security risks and control gaps.
  • Communicate and prioritize security findings across the business and with third parties, monitoring remediation efforts and timelines.
  • Partner with relevant collaborators to implement appropriate controls to comply with McDonald's policies and standards.
  • Manage the intake queue for new risk assessments across the organization.
  • Implement mapping and reporting of risks and control objectives against industry frameworks to highlight opportunities.
  • Improve metrics and identify trends for risk management activities, driving visibility and transparency of business value for completed work.
  • Advise and influence global technology and business management regarding security standard methodologies, risk analysis, risk mitigation, and reporting.
  • Provide oversight, learning opportunities, and mentorship to junior Risk Analysts.

Requirements

  • Applicable bachelor's degree or equivalent work experience (3+ years) in Risk Management, Internal Audit, Third Party Risk Management, Compliance, Cybersecurity, IT Security Governance, Computer Science, or related fields.
  • Excellent written and verbal communication skills.
  • Ability to build and maintain professional relationships across the organization.
  • Strong project and time management skills, along with report writing and presentation skills.
  • Ability to translate messaging between technical teams and business collaborators.
  • Excitement for process enhancements and improvement.

Nice-to-haves

  • Familiarity with complex multinational companies and distributed business models.
  • Solid ability to develop and communicate strategic direction and long-term objectives without supervision.
  • Experience with Information/Technology Risk Management, Supply Chain Risk Management, Third Party Risk Management, and/or Global Regulatory Compliance.
  • Proficient in technical writing and creative communication mechanisms for diverse audiences.
  • Ability to assess urgency and prioritization and make decisions based on business or market requirements.
  • Understanding of key compliance, risk, and control frameworks such as NIST, PCI, ISO, COBIT, CIS.
  • Experience with GRC platforms (e.g., OneTrust, RSA Archer, ServiceNow).
  • Professional certifications such as Security+, CIA, CISA, CISM, CRISC, CISSP, and PMP.

Benefits

  • Equal employment opportunities without discrimination or harassment.
  • Reasonable accommodations for qualified individuals to perform essential job functions.

Tools

Career Hubs

Guides

Company

© 2024 Teal Labs, Inc
Privacy PolicyTerms of Service