Security Analyst

Company Description

At McDonald's, we are committed to being the best, and that starts with finding the best people. We have built a team of extraordinary people from around the world. We are problem solvers, risk takers, innovators, and thought leaders that take our work seriously, but have fun doing it. We challenge ourselves to get smarter and sharper every day, we value personal and professional growth, and believe in rewarding and celebrating our successes.

**Job Description**:
**Position title**: Security Analyst
**Department**: Global Technology Canada
**Position band**: Supervisory/Consultant (Global Grade 3)
**Reports to**: Infrastructure Data and Security Sr. Manager
**Type of position**: Full-time, permanent

**_ The Opportunity_**:

- McDonald’s Canada has a growth opportunity for a Security Analyst. Reporting to _**_the Infrastructure, Data and Security Sr. Manager, you will be a key member of the Global Technology Canada team, in the_**_ Toronto office._

We are looking for a self-starter expert that will champion security process improvement, best practices, Security incident response, audit, compliance and risk management throughout the enterprise. This role will include the delivery of security services which are essential to the operation of our business. If you are efficient in incident response, love to coordinate, have strong sense of ownership, love to act proactively and have an innovative approach to problem-solving in a fast paced environment, this role is for you.

**Principal Accountabilities**:

- In addition to following McDonald’s policies and procedures, principle accountabilities include, but are not limited to:_
- Guest Obsessed_
- Develop, enhance, and deliver relevant security programs, including incident response program, that ensure we keep systems safe and running
- Respond to incidents and lead the incident response team
- Adhere to and improve internal policies and procedures, technology control standards and applicable regulatory guidelines.
- Focus on improving the overall security posture of the distributed restaurant environment alerting on opportunities and identifying challenges and risks
- Advise and influence technology and business management regarding security best practices, risk analysis and risk mitigation strategies
- Influence behavior to reduce risk and foster a strong technology risk management culture throughout the enterprise
- Better Together _
- Work with various stakeholders raising awareness on security challenges making sure risk are mitigated with the agreed SLA/ SLO
- Manage strategic vendor partnerships with a focus on delivering outsourced security to ensure adequate protection to the information assets of the enterprise.
- Proactively develop, maintain and implement improvements to the assigned security programs
- Ensure technology, processes, and governance are in place to monitor, detect, prevent and react to both current and emerging technology and security threats against the enterprise
- Report regularly on security KPIs, showing trends, and suggest improvements and go-to-green trajectory if needed
- Conduct risk assessment, required controls definition, control procedure appropriateness, vulnerability assessments and any other relevant areas
- Works on projects of moderate to high complexity and provide analysis and assessments at the functional, business line or enterprise level.
- Manage the project and operational billing associated with the assigned security services and ensure they are by enterprise accounting practices.
- Proficient in technical writing and creation of policies, standards, procedures and guidelines.
- Commitment to Lead_
- Contribute to the review of internal processes and activities and assist in identifying potential opportunities for improvement
- Works with peers as well as other IT groups and third parties to identify future business or technical needs.
- Develop on going technology risk reporting, monitoring key trends and defining metrics to measure control effectiveness regularly.

**Qualifications**:

- Bachelor or specialized college degree in Computer Science, System Engineering or another related IT program. Professional designation such as: CISA, CISSP, CISM etc.
- 5+ years of information security experience.
- 5+ years of experience working in an outsourcing model.
- Knowledge of SOX, PCI, ITIL or other control frameworks.
- Understanding of NIST framework
- French language skills would be a definite asset

Additional Information