Sr Director, Cyber Third-Party Risk Management

Company Description

Job Description

Job Description:

Company Description:

McDonald’s is proud to be one of the most recognized brands in the world, with restaurants in over 100 countries that serve 70 million customers daily. We continue to operate from a position of strength. Our updated growth strategy is focused on staying ahead of what our customers want and realizing further growth potential. Our relentless ambition is why McDonald’s remains one of the world’s leading corporations after almost 70 years. Joining McDonald's means thinking big and preparing for a career that can have influence around the world.

At McDonald’s, we see every day as a chance to create positive impact. We lead through our values centered on inclusivity, service, integrity, community and family. From support of Ronald McDonald House to our Youth Opportunity project and sustainability initiatives, our values keep us dedicated to using our scale for good: good for our customers, people, industry and planet. We also offer a broad range of outstanding benefits including a sabbatical program, tuition assistance and flexible work arrangements.

Department Overview

The Senior Director of Cyber Third-Party Risk Management (TPRM) is accountable for leading and modernizing McDonald’s global third-party cyber risk management capability across a highly distributed, market-driven technology and supplier ecosystem. This role owns the design and execution of a scalable, intelligence-driven TPRM program that moves beyond traditional, questionnaire-centric approaches and delivers meaningful, defensible assurance over third-party cyber risk.

The role places particular emphasis on third-party providers operating within IDL market segments, where complex technology integrations, data flows, and operational dependencies introduce elevated cyber and business risk. The Senior Director develops deep understanding of these integrations, works closely with security architecture and technical SMEs to validate control effectiveness, and ensures that third-party solutions supporting markets do not introduce unacceptable systemic or concentration risk.

This leader partners closely with Global Supply Chain, Indirect Procurement, Legal, Privacy, ERM, and IDL Market CTOs to reduce fragmentation across markets by translating market-specific solution sets into standardized enterprise agreements, security configurations, and control expectations. A core mandate of the role is innovation: designing new, differentiated approaches to third-party assurance that leverage automation, technical validation, and continuous monitoring rather than relying solely on static questionnaires.

Responsibilities

Program Leadership & Modernization

• Own and evolve McDonald’s global TPRM strategy and operating model, ensuring it is scalable, risk-based, and aligned to enterprise cyber risk governance expectations.
• Transform TPRM from a primarily questionnaire-driven process into a modern program that blends survey efficiency with technical validation, continuous monitoring, and risk quantification.
• Establish and operate the full third-party risk lifecycle, including onboarding, inherent risk tiering, due diligence, technical assessment, ongoing monitoring, reassessment, and secure offboarding.

Continuous Monitoring, Automation & Innovation

• Implement continuous monitoring capabilities to provide near real-time visibility into third-party cyber posture, control degradation, and emerging risk signals.
• Explore and deploy innovative approaches, including automation and AI-assisted techniques, for evidence collection, risk scoring, and exception management.
• Continuously evaluate emerging tools, data sources, and assurance models to improve coverage, reduce friction, and increase signal quality beyond traditional questionnaires.

Governance, Reporting & Escalation

• Maintain a centralized inventory of third-party engagements, risk tiers, and risk treatment decisions across the enterprise.
• Provide clear, concise reporting on third-party cyber risk posture, trends, and concentration risk to the Vice President, Cyber GRC and senior leadership.

Leadership & Collaboration

• Build and lead a high-performing team of third-party risk professionals and technical reviewers.
• Reinforce a culture of accountability, innovation, and constructive challenge consistent with McDonald’s values and operating principles

Qualifications

• 12+ years of experience in cybersecurity, technology risk, or information security, with significant ownership of third‑party / supplier cyber risk management in large, complex enterprises.
• Proven experience designing and leading a global TPRM program, including the full third‑party risk lifecycle (onboarding, tiering, due diligence, monitoring, reassessment, and offboarding).
• Demonstrated success modernizing TPRM, moving beyond questionnaire‑centric models to risk‑based approaches that incorporate technical validation, automation, and continuous monitoring.
• Strong technical fluency across cloud, APIs, identity, data flows, and integration architectures, with the ability to partner credibly with security architects and technical SMEs.
• Experience overseeing deep technical assessments for high‑risk or critical third parties (e.g., architecture reviews, threat modeling, penetration testing results, vulnerability assessments).
• Ability to operate effectively in highly distributed, market‑driven or franchise‑based environments, translating local solutions into standardized enterprise security requirements.
• Demonstrated leadership experience, including building and leading high‑performing teams and influencing senior stakeholders across Technology, Procurement, Legal, Privacy, and ERM.
• Strong executive communication skills, with experience reporting third‑party cyber risk posture and trends to senior leadership.

Preferred

• Familiarity with systemic, concentration, and fourth‑party risk.
• Working knowledge of NIST CSF, ISO 27001, GDPR, and CCPA.
• Relevant certifications (e.g., CISSP, CISM, CRISC, CISA)

Compensation

Bonus Eligible:Yes

Long - Term Incentive:Yes

Benefits Eligible: Yes

Salary Range

The expected salary range for this role is $237,102.00 - $296,377.00 per year

The above represents the expected salary range for this job requisition. Ultimately, in determining your pay, we may also consider your experience, and other job-related factors.

Additional Information:

Benefits eligible: This position offers health and welfare benefits, including but not limited to comprehensive health insurance, which includes medical, prescription drug, mental health, dental, and vision coverage, as well as, life insurance.

Bonus eligible: This position is eligible for a bonus, calculated based on individual and company performance.

Long term Incentive eligible: This position is eligible for stock or other equity grants pursuant to McDonald’s long-term incentive plan.

McDonald’s is an equal opportunity employer committed to the diversity of our workforce. We promote an inclusive work environment that creates feel-good moments for everyone. McDonald’s provides reasonable accommodations to qualified individuals with disabilities as part of the application or hiring process or to perform the essential functions of their job. If you need assistance accessing or reading this job posting or otherwise feel you need an accommodation during the application or hiring process, please contact [email protected]. Reasonable accommodations will be determined on a case-by-case basis.

McDonald’s provides equal employment opportunities to all employees and applicants for employment and prohibits discrimination and harassment of any type without regard to sex, sex stereotyping, pregnancy (including pregnancy, childbirth, and medical conditions related to pregnancy, childbirth, or breastfeeding), race, color, religion, ancestry or national origin, age, disability status, medical condition, marital status, sexual orientation, gender, gender identity, gender expression, transgender status, protected military or veteran status, citizenship status, genetic information, or any other characteristic protected by federal, state or local laws. This policy applies to all terms and conditions of employment, including recruiting, hiring, placement, promotion, termination, layoff, recall, transfer, leaves of absence, compensation and training.

Nothing in this job posting or description should be construed as an offer or guarantee of employment.

Qualifications

Additional Information

For more details click Job Post.