Head of Technology Risk, Cyber and Control

3 months ago


London, Greater London, Afghanistan McDonald's Global Technology Full time

Job Description
Company Description:
McDonald's has run its business in the UK since 1974 and celebrates its 50 th anniversary this year. The business currently operates over 1,450 restaurants across the UK and Ireland, serving almost four million customers each day. McDonald's is one of the UK's largest private sector employers, employing over 177,000 people.
McDonald's UK & Ireland has a proven track record of investing in the development of its employees and offering flexibility as part of its dedication to being a modern and progressive company. Every year, it invests over £40 million in developing people, giving every one of its employees the opportunity to take part in structured training.
McDonald's buys ingredients from over 23,000 British and Irish farmers and spends over £1.1billion annually on its food and packaging requirements. McDonald's is committed to supporting British and Irish farmers to ensure it can continue to source many of its ingredients from the UK and Ireland.
McDonald's is a market leader in its field, striving for the highest standard of quality, speed and restaurant experience. Re-generation of our restaurant infrastructure, covering digital ordering, re-imaging and dual-point service make working at McDonald's more exciting than ever
We are dedicated to using our scale for good: good for people, our industry and the planet. From bold recycling initiatives and sustainable sourcing efforts to our partnership with Ronald McDonald House Charities, we see every day as a chance to have a genuine impact on our customers, our people and our partners.
We're a people business just as much as we are a restaurant business. We strive to be the most inclusive brand in the world by building diverse teams who create delicious, feel-good moments that are easy for everyone to enjoy. Joining McDonald's means thinking big every day and preparing for a career that can have impact around the world.
Company Vision and Culture
Our Global vision is to build a better McDonald's and, in the UK, and Ireland we are working hard to be the UK & Irelands best-loved restaurant company.
McDonald's is defined by its culture. Our culture shapes and informs everything we think and everything we do. Our culture influences the way we interact with each other, and how we interact with customers, franchisees and suppliers. Our culture motivates and inspires us to attract and retain great talent, creating positive, energising, exceptional working environment for us all.
Our values drive our culture and shape our beliefs, our priorities and our actions. They influence the decisions we make, how we treat one another and how we show up as a brand to the world.
Serve: We put our customers and our people first
Inclusion: We open our doors to everyone
Integrity: We do the right thing
Community: We are good neighbours
Family: We get better together
Job Description:
The Opportunity
This new role will join the Senior Leadership Team of the Technology & Change Function to lead across the risk, cyber security and control pillars. The role will act as a strategic leader as part of Running Great Restaurant Technology (RGRT), responsible for

  • Management of a broad range of technical and process security controls whilst leading a programme of continuous improvement in response to changing security threats and risk
  • Overseeing our control and engagement processes with all technology vendors, driving contractual, process and performance improvement

A highly visible role across the UK&I business which will be expected to interact with a broad range of functional leadership and Franchisees, whilst actively contributing to leadership initiatives, plans and roadmaps.
What will my accountabilities be?

  • Provide senior leadership within the RGRT and broader Technology & Change teams' to foster a high-performing culture aligned with the company values
  • Accountable for the development and maintenance of a business-aligned Information and Cyber Security strategy and operating model
  • Accountable for the on-going delivery of the McDs UK&I vendor management strategy, plans and roadmaps
  • Accountable for the management of the Technology risk profile on behalf of the UK&I business, working closely in with the UK&I legal leadership team.
  • Responsible for technology GDPR compliance and escalation, in conjunction the UK&I legal team
  • Develop closer collaboration with other lead McDonalds markets as well as our global risk function to embed policies and frameworks within the scope of role.
  • Build strong franchisee relationships, particularly with those in the Technology Committee community.
  • Develop and lead an effective, high-performance Risk and Control team, retaining and attracting key talent to ensures continuous improvement in staff competencies, skills, and knowledge.
  • Provide ongoing coaching and mentoring to all team members, ensuring that the team have strong development plans as well as career progression and succession plans.
  • Transform relationships, contracts, and ongoing governance (data, supplier and cyber) to adopt models with greater outcomes for our restaurants and Franchisees.
  • Provide consultancy and guidance in support of Major Incident security events.
  • Accountable for a 24/7 Cyber Ops capability (Offshore) and maturing the capability.
  • Accountable for ensuring all Tier 1 and Tier 2 suppliers have McDs product roadmaps in place, with clear ways of working and governance around the delivery of those roadmaps.
  • Budget responsibility for cyber and data TFA accounts, as well as G&A compliance as required.
  • Accountable for SoX and PCI DSS Audit compliance for the UK&I market, delivering on agreed actions in conjunction with GTRM.
  • Leadership of shaping frameworks and processes for supplier tendering processes
  • Ensure a robust contracts framework is in place for all suppliers that ensures a reduced risk profile for McDs.
  • Establish a greater understanding of the Control and Risk practice across the UK&I business by building enhanced relationships across all functions at a Grade 1 & 2 level. Ensure all controls are subject to regular and robust review.
  • Project sponsor to all key cyber, data, and risk-based projects.
  • Maintain full compliance to all PMO processes and governance for all project related work.
  • Build and maintain strong vendor partner relationships to enhance existing relationships whilst unlocking future opportunity.
  • Represent McDonald's UK&I on national and international external consortium groups and boards and engage effectively in appropriate external networks to stay close to local legislation and ensure that McDonald's are well positioned to anticipate, meet and respond to new Risk and Security challenges and threats.
  • Ensuring alignment to McDonalds Global & GTRM approaches
  • Support the Director of Technology on developing forward plans, strategies, and roadmaps.

What Team will I be a part?
The Head of Technology Risk, Cyber and Control will operate within the Running Great Restaurant Technology (RGRT) Leadership team, whilst also sitting on the broader Senior Leadership Team for Technology and Change.
Who are my customers?
The role will report to the Director of Technology in the Running Great Restaurant Technology Team (RGRT) and will have close working relationships with all functional Department Heads; Global & Segment Risk, Cyber and Vendor management teams; as well as critical engagement with account mgt teams across all key IT partners, in particular Tier 1 suppliers. The role will also actively engage with Franchisees as required.
Qualifications:
What background do I need to have?
Essential requirements


  • Extensive experience working in senior technology roles
  • Multi-year people management experience
  • Proven experience at engaging, influencing and managing stakeholders across departmental and organisational boundaries up to and Directors, Executive and global/segment stakeholders
  • A track record in directing and managing innovative change and continuous improvement, ensuring excellent organisational performance and outcomes across a complex portfolio of responsibilities
  • Experienced in leading, developing and motivating a team of subject matter experts
  • An excellent understanding of best practice within Information Security and risk management including standards such as ISO/IEC 27001, Cyber Essentials and CObIT
  • An excellent understanding of legislation and regulations that impact information Security E.g. GDPR, Data Protection Act (2018), Freedom of Information Act, PCIDSS
  • An understanding of current and emerging threats and countermeasures and the organisational challenges to addressing these threats
  • Experience in negotiating large commercial contracts and tenders and be familiar with related legal constructs (desirable, not mandatory)A Self Starter with the ability to lead and drive change through an organisation
  • Excellent communication skills, both written and verbal. Ability to present complex or highly technical issues in simple and easy-to-understand formats.
  • The role holder will have senior Technology leadership experience with a broad remit.
  • The ability to build highly effective relationships with account executives of technology suppliers and various other stakeholders including McDonald's Franchisees.

Additional Information:
At McDonald's we are People from all Walks of Life...
People are at the heart of everything we do and they make the McDonald's experience. We embrace diversity and are committed to creating an inclusive culture that means people can be their best authentic self in our restaurants and offices, which helps us to better serve our customers.
We have a strong heritage of diversity and representation within our communities, which we are proud of. The diversity of our people, customers, Franchisees and suppliers give us strength.
We do not tolerate inequality, injustice or discrimination of any kind. These are hugely important issues and a brand with our reach and relevance means we have a very meaningful role to play.
We also recognise our responsibility as a large employer to continue being active in our communities, helping to develop skills and drive aspirations that will help people to be more aware of the world of work and more successful within it, whether with McDonald's or elsewhere."
#LI-Hybrid