Director Third Party Compliance

Job Description
The Director of Third-Party Compliance (“Director”) will lead global efforts to address cybersecurity and technology-related risks across our third-party partners. The role will develop a compliance program for driving and validating the effective remediation of third-party vulnerabilities and security objectives. This includes establishing a framework for actively monitoring compliance to McDonald’s standards, providing guidance for the effective remediation of gaps, driving and reporting on the remediation activities, and efficiently validating compliance. To achieve this, the Director will build strong relationships with third-party partners, align on common goals, and hold both parties accountable to achieving security results.
As a leader, the Director hires, coaches, and mentors the Third-Party Compliance team (“Team”). The Director will develop our third-party compliance processes, including the strategic objectives, program design, and the metrics, reporting, and automated tracking necessary to get results. We’re seeking a hands-on leader with leadership, management, and technical experience, who is willing and able to lead by example for compliance activities.
Accountabilities &
Responsibilities:
Lead the third-party compliance team, ensuring that global third-party compliance activities are successfully completed on-time.
Lead regular activities, such as establishing third-party compliance strategy, related compliance scope, and developing the program components necessary to deliver results.
Develop and maintain a compliance program that actively identifies and remediates third-party security controls that violate McDonald’s standards.
Own the engagement of regulatory assessments including the collection of control evidence to support program certifications.
Develop and maintain an intake mechanism to drive the tracking and remediation of vulnerabilities and policy violations that are identified through other sources (ex. risk assessments, audits, etc.)
Provide thought-leadership on remediation, identifying lessons-learned across third parties, guiding other markets and facilitating learning activities.
Anticipate and identify third-party cybersecurity issues and challenges, raising the right issues and concerns timely.
Continuously improve the efficiency and effectiveness of the program through innovative processes and delivery methods.
Partner with internal parties such as vendor management, supply chain, and third-party governance and risk, aligning on third-party compliance scope, objectives, security requirements, remediation validation approach, and coordinating third-party communication.
Participate in the department’s overall strategy, processes, and approaches, demonstrating strong overall cybersecurity and compliance domain knowledge.
Provide relevant guidance to team members during work activities, providing real-time mentoring and coaching through clear guidance, instruction, and support.