Sr Manager, Penetration Testing

Job description

Job Description:
Company Description:

McDonald’s is proud to be one of the most recognized brands in the world, with restaurants in over 100 countries that serve 70 million customers daily.

We continue to operate from a position of strength.

Our updated growth strategy is focused on staying ahead of what our customers want and realizing further growth potential.

Our relentless ambition is why McDonald’s remains one of the world’s leading corporations after almost 70 years.

Joining McDonald's means thinking big and preparing for a career that can have influence around the world.



At McDonald’s, we see every day as a chance to create positive impact.

We lead through our values centered on inclusivity, service, integrity, community and family.

From support of Ronald McDonald House Charities to our Youth Opportunity project and sustainability initiatives, our values keep us dedicated to using our scale for good: good for our customers, people, industry and planet.

We also offer a broad range of outstanding benefits including a sabbatical program, tuition assistance and flexible work arrangements.




Duties


+ Conduct Penetration testing (50-75% of the role) to identify and mitigate security vulnerabilities.

+ Assist in executing annual risk assessment activities for technology, digital, and related areas, and developing the technology and digital audit plan.

+ Lead the Security & Privacy portion of our technology and digital audit plan, ensuring that assessment activities are successfully completed on-time and on-budget.

+ Lead technology assessments including penetration testing, red teaming, and technical assessments related to data privacy, cloud infrastructure, data protection, network security, secure coding, mobile and web applications, and Internet of Things (IoT).

+ Manage and guide the Technology & Digital Audit team in conducting all aspects of our projects including, but not limited to, the development of assessment scope and objectives, development of risk and control matrix, testing approach, handling key communications, audit deliverables, and monitoring issue remediation efforts.

+ Assist with setting and executing the department's Security & Privacy Assessment strategy.

+ Assist in the successful execution of Sarbanes-Oxley (SOX) IT controls testing, including providing support and assistance to our offshore third-party testing partner.

+ Contribute during periodic leadership meetings on the department's strategy, processes, and approaches, demonstrating strong security, privacy, and audit domain knowledge.

+ You will work with IT leadership on topics including technology and digital strategies, privacy and related regulations, customer loyalty program, and cybersecurity.

Partner with management to improve effective identify risks and improve the control environment.

+ Earn trust with leadership by effectively managing sensitive risk and audit discussions, communications, and deliverables.

+ Demonstrate thought leadership for current and emerging technology topics including cybersecurity, DevOps, privacy compliance, and data governance.

+ Provide meaningful hands-on guidance during assessments of areas including privacy and data protection, data governance, information security, third parties, and digital operations.

Whenever necessary, directly execute audit work.

+ Ensure that all team deliverables are of high-quality through high-engagement, detailed oversight, direct involvement, and thought leadership.

+ Lead internal infrastructure projects, increasing the department's capabilities and contributing to the continuous improvement of the audit function.

+ Develop, coach, and mentor a high-performing audit team through hiring, oversight, training, and timely and candid performance feedback.



Qualifications


+ Bachelor's degree in Engineering, Computer Science, Information Technology, or related field; master's degree preferred.

+ 6+ years of related work experience.

+ Experience in delivering and leading penetration testing activities, red teaming, mobile and web application assessments, technical assessments, information technology audits, financial compliance (Sarbanes-Oxley) audits, program and system implementation reviews, and advisory projects.

+ Hands-on experience with enterprise-grade tools such as Nmap, Wireshark, BloodHound and Impacket

+ Experience with programming, scripting, data analytics, and other technical solution design and development.

+ Experience in managing teams, delivering high-quality audit work products, and communicating effectively with various partners (e.g., external/internal audit, senior management, etc.).

+ Familiarity with information technology, business processes and financial reporting audits and familiarity with control frameworks such as NIST, COBIT, ITIL, PCI, ISO, SOX, and global data privacy laws (e.g. GDPR, CCPA, CPRA).

+ Strong knowledge across a breadth of IT processes, including but not limited to: security operations, program management, security administration, system operations, change management, modern development (e.g., DevOps, Agile), data governance, privacy, and incident/problem management.

+ Proven leadership skills and a tendency to lead through influence, lead by example, build relationship and collaborate.

+ Available to travel (domestic and international) up to 10%.

+ Professional credentials preferred (CISSP, OSCP, CRTO, CISSP, CEH, CIPT, CDPSE, CISA, or comparable).



Compensation

Bonus Eligible: Yes

Long - Term Incentive: Yes

Benefits Eligible: Yes


Salary Range

The expected salary range for this role is $149,260.00 - $190,310.00 per year

The above represents the expected salary range for this job requisition.

Ultimately, in determining your pay, we may also consider your experience, and other job-related factors.


Competencies

Execution Proficiency

Background & Values

Strategic Proficiency

Building Blocks

Talent Proficiency


Additional Information:

Benefits eligible: This position offers health and welfare benefits, a 401(k) plan, adoption assistance program, educational assistance program, flexible ways of working, and time off policies (including sick leave, parental leave, and vacation/PTO).

Eligibility requirements apply to some benefits and may depend on job classification and length of employment.



Bonus eligible: This position is eligible for a bonus, calculated based on individual and company performance.



Long term Incentive eligible: This position is eligible for stock or other equity grants pursuant to McDonald’s long-term incentive plan.



McDonald’s is an equal opportunity employer committed to the diversity of our workforce.

We promote an inclusive work environment that creates feel-good moments for everyone.

McDonald’s provides reasonable accommodations to qualified individuals with disabilities as part of the application or hiring process or to perform the essential functions of their job.

If you need assistance accessing or reading this job posting or otherwise feel you need an accommodation during the application or hiring process, please contact mcdhrbenefits@us.mcd.com.

Reasonable accommodations will be determined on a case-by-case basis.



McDonald’s provides equal employment opportunities to all employees and applicants for employment and prohibits discrimination and harassment of any type without regard to sex, sex stereotyping, pregnancy (including pregnancy, childbirth, and medical conditions related to pregnancy, childbirth, or breastfeeding), race, color, religion, ancestry or national origin, age, disability status, medical condition, marital status, sexual orientation, gender, gender identity, gender expression, transgender status, protected military or veteran status, citizenship status, genetic information, or any other characteristic protected by federal, state or local laws.

This policy applies to all terms and conditions of employment, including recruiting, hiring, placement, promotion, termination, layoff, recall, transfer, leaves of absence, compensation and training.



Nothing in this job posting or description should be construed as an offer or guarantee of employment.



Requsition ID: 2319

Required Skill Profession

Other General