Analyst, Cybersecurity Operations

McDonald’s evolving Accelerating the Arches growth strategy puts our customers and people first and leverages our competitive advantages to strengthen our brand. We are recognized on lists like Fortune’s Most Admired Companies and Fast Company’s Most Innovative Companies. Doubling Down on the 4Ds (Delivery, Digital, Drive Thru, and Development) Our growth pillars emphasize the important role technology plays as the leading, global omni-channel restaurant brand. Technology enables the organization through digital technology, and improving the customer, crew, and employee experience each and every day.

The Cybersecurity Data Security team is committed to securing and protecting McDonald’s information anywhere, on any device, and at all times. We are seeking the most determined and ambitious cybersecurity professionals to partner with us in continuing to build our culture of security. We strive to find the balance of security with productivity but will never compromise on the quality and effectiveness of our data protection controls. We are looking for tenacious individuals to bring clarity to ambiguous situations by synthesizing information from multiple sources and merging it into a plan that will bring quantifiable results towards our goals.

The McDonald’s Global Cybersecurity Data Security team is growing. We are seeking an Analyst, Data Security Operations to support operational activities for data classification, data retention, data loss prevention (DLP), data security posture management (DSPM), and email security.

• Analyse and escape data security events, including DLP, DSPM, and email security to the proper MCD stakeholders.
• Report critical and high severity data security incidents and risks to data security leadership as needed.
• Design, test, and deploy data security controls to the McD Markets.
• Support consistent improvement and refinement of the implemented data security controls specific to the EMEA Markets.
• Help to define data security operational metrics, including key risk and performance indicators, specific to the EMEA Markets.
• Help to create data security reports that properly present the data security operational key risk and performance indicators specific to the EMEA Markets.
• Develop and maintain data security control documentation, including policy logic details, purpose, exceptions, escalation workflow, and any data needed to recreate the controls.
• Develop and maintain data security system documentation, including runbooks and system-wide configurations.
• Conduct complex troubleshooting and remediation of issues caused by the data security tools by engaging with the Help Desk, end users, and the vendors.
• Follow data classification change and system management process to implement changes to data classification labels and label policies.
• Supports the execution of data classification integrations with other security technologies.
• Conducts regular review of findings generated in the DSPM tool for unstructured data.

• Experience in areas of data classification, data retention, DLP, DSPM, general data security and email security.
• Designing, deploying, testing, and tuning data security controls.
• Leading data classification and DLP technologies, such as Microsoft Purview, Proofpoint, and Zscaler.
• Demonstrated competency in developing effective solutions to diverse and complex business problems.
• Program/Portfolio management experience implementing global processes and technology platforms.
• Ability to work independently and cross-functionally with strong leadership skills to drive organizational change to effectively meet strategic and tactical goals.
• Excellent judgment and the ability to make quick decisions and think outside the box when working with complex situations.
• Ability to successfully adjust to changing needs in a fast-paced, dynamic environment.
• Forward thinking and possesses solid business acumen.
• Excellent time management and related organisational skills including appropriate sense of urgency and a proactive approach.
• Exhibit a high level of integrity, trustworthiness and confidence, and represents the company and its management team at the highest level of professionalism.

• Knowledge and experience with various cybersecurity control frameworks and standards such as NIST CSF, CIS Controls, SOC II, and security regulations/directives including GPDR, SOX, PCI, and CCPA.
• Willingness to learn and understand additional data protection capabilities and how those capabilities can be used at a global organisation like McDonald’s.
• Familiarity with sophisticated multinational companies and distributed business models.

• Professional certifications such as CISSP, CISM, CIPP, or similar.

At McDonald’s we are People from all Walks of Life… People are at the heart of everything we do, and they make the McDonald’s experience. We embrace diversity and are committed to creating an inclusive culture that means people can be their best authentic self in our restaurants and offices, which helps us to better serve our customers. We have a strong heritage of diversity and representation within our communities, which we are proud of. The diversity of our people, customers, Franchisees and suppliers gives us strength. We do not tolerate inequality, injustice or discrimination of any kind. These are hugely important issues and a brand with our reach and relevance means we have a very meaningful role to play. We also recognise our responsibility as a large employer to continue being active in our communities, helping to develop skills and drive aspirations that will help people to be more aware of the world of work and more successful within it, whether with McDonald’s or elsewhere.