Head of Technology Risk

The Opportunity
This new role will join the Senior Leadership Team of the Technology & Change Function to lead across the risk, cyber security and control pillars. The role will act as a strategic leader as part of Running Great Restaurant Technology (RGRT), responsible for

• Management of a broad range of technical and process security controls whilst leading a programme of continuous improvement in response to changing security threats and risk
• Overseeing our control and engagement processes with all technology vendors, driving contractual, process and performance improvement

A highly visible role across the UK&I business which will be expected to interact with a broad range of functional leadership and Franchisees, whilst actively contributing to leadership initiatives, plans and roadmaps.

What will my accountabilities be?

• Provide senior leadership within the RGRT and broader Technology & Change teams’ to foster a high-performing culture aligned with the company values
• Accountable for the development and maintenance of a business-aligned Information and Cyber Security strategy and operating model
• Accountable for the on-going delivery of the McDs UK&I vendor management strategy, plans and roadmaps
• Accountable for the management of the Technology risk profile on behalf of the UK&I business, working closely in with the UK&I legal leadership team.
• Responsible for technology GDPR compliance and escalation, in conjunction the UK&I legal team
• Develop closer collaboration with other lead McDonalds markets as well as our global risk function to embed policies and frameworks within the scope of role.
• Build strong franchisee relationships, particularly with those in the Technology Committee community.
• Develop and lead an effective, high-performance Risk and Control team, retaining and attracting key talent to ensures continuous improvement in staff competencies, skills, and knowledge.
• Provide ongoing coaching and mentoring to all team members, ensuring that the team have strong development plans as well as career progression and succession plans.
• Transform relationships, contracts, and ongoing governance (data, supplier and cyber) to adopt models with greater outcomes for our restaurants and Franchisees.
• Provide consultancy and guidance in support of Major Incident security events.
• Accountable for a 24/7 Cyber Ops capability (Offshore) and maturing the capability.
• Accountable for ensuring all Tier 1 and Tier 2 suppliers have McDs product roadmaps in place, with clear ways of working and governance around the delivery of those roadmaps.
• Budget responsibility for cyber and data TFA accounts, as well as G&A compliance as required.
• Accountable for SoX and PCI DSS Audit compliance for the UK&I market, delivering on agreed actions in conjunction with GTRM.
• Leadership of shaping frameworks and processes for supplier tendering processes
• Ensure a robust contracts framework is in place for all suppliers that ensures a reduced risk profile for McDs.
• Establish a greater understanding of the Control and Risk practice across the UK&I business by building enhanced relationships across all functions at a Grade 1 & 2 level. Ensure all controls are subject to regular and robust review.
• Project sponsor to all key cyber, data, and risk-based projects.
• Maintain full compliance to all PMO processes and governance for all project related work.
• Build and maintain strong vendor partner relationships to enhance existing relationships whilst unlocking future opportunity.
• Represent McDonald’s UK&I on national and international external consortium groups and boards and engage effectively in appropriate external networks to stay close to local legislation and ensure that McDonald’s are well positioned to anticipate, meet and respond to new Risk and Security challenges and threats.
• Ensuring alignment to McDonalds Global & GTRM approaches
• Support the Director of Technology on developing forward plans, strategies, and roadmaps.

What Team will I be a part?
The Head of Technology Risk, Cyber and Control will operate within the Running Great Restaurant Technology (RGRT) Leadership team, whilst also sitting on the broader Senior Leadership Team for Technology and Change.

Who are my customers?
The role will report to the Director of Technology in the Running Great Restaurant Technology Team (RGRT) and will have close working relationships with all functional Department Heads; Global & Segment Risk, Cyber and Vendor management teams; as well as critical engagement with account mgt teams across all key IT partners, in particular Tier 1 suppliers. The role will also actively engage with Franchisees as required.

Requirements

What background do I need to have? Essential requirements

• Extensive experience working in senior technology roles
• Multi-year people management experience
• Proven experience at engaging, influencing and managing stakeholders across departmental and organisational boundaries up to and Directors, Executive and global/segment stakeholders
• A track record in directing and managing innovative change and continuous improvement, ensuring excellent organisational performance and outcomes across a complex portfolio of responsibilities
• Experienced in leading, developing and motivating a team of subject matter experts
• An excellent understanding of best practice within Information Security and risk management including standards such as ISO/IEC 27001, Cyber Essentials and CObIT
• An excellent understanding of legislation and regulations that impact information Security E.g. GDPR, Data Protection Act (2018), Freedom of Information Act, PCIDSS
• An understanding of current and emerging threats and countermeasures and the organisational challenges to addressing these threats
• Experience in negotiating large commercial contracts and tenders and be familiar with related legal constructs (desirable, not mandatory)A Self Starter with the ability to lead and drive change through an organisation
• Excellent communication skills, both written and verbal. Ability to present complex or highly technical issues in simple and easy-to-understand formats.
• The role holder will have senior Technology leadership experience with a broad remit.
• The ability to build highly effective relationships with account executives of technology suppliers and various other stakeholders including McDonald’s Franchisees.