Technology Risk and Compliance Analyst London, England
Job description
The Opportunity
As a Technology Risk & Compliance Analyst you will be responsible for supporting a framework to facilitate McDonalds adherence of data privacy and information security regulations, standards, and best practice. The role holder will learn McDonalds technology environment, identify security and privacy risks and work with varying teams to ensure McDonalds adapts its technical and organizational controls to protect data appropriately, based on an ever-changing compliance landscape.
What will my accountabilities be?
Performing reviews/assessments of security and privacy controls throughout the organisation to identify risks and create risk treatment plans will be one of the main accountabilities of this role. This will include working with technology stakeholders (internal and external) to plan and implement security controls and coordinating and monitoring risk treatment progress whilst reporting this to relevant stakeholders. Additionally, acting as a point of contact and facilitating PCI-DSS and SOX audits to ensure these run smoothly. Understanding changes or additions to relevant legal or regulatory standards will be crucial to the role, as well as applying a practical approach for McDonalds to adhere to these.
Other accountabilities will include:
- Supporting Legal team in maintaining Article 30 records of processing, completing privacy impact assessments, and managing data breach incidents
- Assisting with data discovery, data flow mapping and process analysis
- Operating technology solutions to perform data discovery and risk management
- Researching security and data privacy topics to improve organizational privacy efforts
- Providing reviews and input to information security and data privacy standards and policies as well as awareness, training, and education programmes
What Team will I be a part?
The role is part of the Cyber Security team within the Running Great Restaurant Technology function and will support the wider Technology and Change function. The Cyber Security teams primary objective is to keep McDonalds systems up and secure; diligently and systematically managing risks, the role holder will work closely with counterparts in other LIOM markets and with Cyber Security professionals within the GTRM function.
Who are my customers?
A variety of business stakeholders will be the primary customers, notably project sponsors, project stakeholders and vendor teams where risks treatment plans are required. Additionally, there will be key functional relationships with teams such as Legal, Finance and Marketing. Global Technology customers will include GTRM, GTIO and Internal Audit.
