Cyber Security and Data Manager

McDonald’s has operated in the UK since 1974, with over 1500 restaurants across the UK and Ireland, serving nearly four million customers daily. It is one of the UK’s largest private sector employers, employing over 170,000 people.

Hybrid Working: This role is based in our East Finchley office, working 3 days in the office and 2 days remotely.

The Opportunity: This role will join the Leadership Team of the Technology Function to lead the Cyber Security and Data capability. The role acts as a strategic leader within Running Great Restaurant Technology (RGRT), responsible for:

• Managing a broad range of technical and process security controls and leading a program of continuous improvement in response to evolving security threats.
• Implementing a UK&I market and globally aligned Cyber Security and Data Strategy and operating model.
• Providing advice and direction to the McDonald’s Technology senior leadership and broader organization, integrating security practices into strategic and operational processes.

This is a highly visible role across the UK&I business, interacting with functional leadership, franchisees, and contributing to leadership initiatives, plans, and roadmaps.

Accountabilities:

• Leading within RGRT and broader Technology teams to foster a high-performing culture aligned with company values.
• Developing and maintaining a business-aligned Information and Cyber Security strategy and operating model.
• Ensuring GDPR compliance and escalation in collaboration with the UK&I Legal team.
• Collaborating with other McDonald’s markets and the Global Risk function to embed policies and frameworks.
• Providing coaching and mentoring to team members, supporting their development and career progression.
• Offering consultancy during major security incidents.
• Managing a 24/7 offshore Cyber Security Operations Centre (SOC).
• Managing budgets for cyber and data TFA accounts and G&A compliance.
• Ensuring compliance with IT SOX and PCI DSS audits for the UK&I market.
• Sponsoring key cyber, data, and risk projects.
• Maintaining project governance and building vendor relationships to explore innovation and manage third-party risks.
• Representing McDonald’s UK&I in external groups and staying updated on legislation and security challenges.
• Aligning with McDonald’s Global Technology and Cyber Security standards.
• Supporting data enablement projects and providing data consultancy for enterprise projects.
• Assisting the Director of Technology in developing strategies and roadmaps.
• Driving team culture, prioritization, and leading town halls.

Team and Stakeholders: This role is part of the RGRT Leadership team and the UK&I Technology Leadership team, reporting to the Director of Technology. It interacts with Department Heads, Global & Segment Risk, Legal, Cyber and Data teams, and franchisees as needed.

Qualifications:

• Extensive experience in enterprise information security management.
• Bachelor’s degree in IT, cyber, or related fields.
• Relevant certifications (e.g., CISA, CISSP, CISM, CRISC).
• Experience managing budgets and securing approvals for enterprise-level business cases.
• Strong leadership, strategic, and problem-solving skills, with the ability to motivate teams.
• Proven stakeholder engagement and management skills, including with executives.
• Excellent communication skills, capable of simplifying complex technical issues.

Company Vision and Culture: Our vision is to build a better McDonald’s, aiming to be the UK & Ireland’s best-loved restaurant company. Our culture is driven by our values: Serve, Inclusion, Integrity, Community, and Family. We embrace diversity, promote inclusivity, and are committed to creating an environment where everyone can be their authentic selves. We do not tolerate inequality or discrimination and recognize our role in community development and skills enhancement.