Application Security Program Lead
- Chicago, IL
Refer A Friend
McDonald's is proud to be one of the most recognized brands in the world, with restaurants in over 100 countries that serve 70 million customers daily. As the global leader in the food service industry, our legacy of innovation and hard work continues to drive us.
From drive thru updates to delivery to mobile order and pay, we are innovating quickly and growing. Joining McDonald's means thinking big and preparing for a career that can have influence around the world.
At McDonald's, we see every day as a chance to create positive impact. We lead through our values centered on inclusivity, service, integrity, community and family. From support of Ronald McDonald House Charities to our Youth Opportunity project and sustainability initiatives, our values keep us dedicated to using our scale for good: good for our customers, people, industry and planet. We also offer outstanding benefits including a sabbatical program, tuition assistance and flexible work arrangements.
While most of us are working remote during COVID-19, we're excited to get back to our state-of-the-art headquarters in the booming West Loop of downtown Chicago! It's set up to be a global hub that cultivates collaboration:
- Take a class at Hamburger University
- Sample future items in our Test Kitchen
- Utilize the latest technology to connect with your team around the globe
We are an equal opportunity employer committed to the diversity of our crew members, staff, operators, and suppliers. We promote an inclusive work environment that creates feel-good moments for everyone. We are interested in people who enhance our company culture: Does this role interest you? We encourage you to apply even if you don't meet every single requirement!
McDonald's, one of the most recognized brands in the world, is seeking an Application Security Program Lead to support our security team. You will work in close collaboration with application owners, project managers, business analysts, and developers from IT Solutions teams to ensure Global Technology Risk Management (GTRM) policies and standards are being met for McDonald's initiatives. You will need to be able to take technical details and summarize them for consumption by executive leadership in the Business and IT functions.
We are moving fast and are adding to our best-in-class team. Joining McDonald's means thinking big every single day and preparing for a career that can have impact around the world. We are customer obsessed, committed to being leaders in our industry and believe we are better when we work together. Over the last year, we have launched home delivery, radically improved the digital experiences of our restaurants, introduced mobile pay and have so much more to come.
That said, the biggest area of increase in our spending has been in technology, which is helping to drive our growth. We're looking at how to use technology to improve the customer experience and build new customer experiences. We're also exploring technologies that can help us reduce or eliminate repetitive tasks and make employees' jobs more interesting and rewarding. With all the new projects and initiatives, it is an exciting time to be on the team that is helping to make a Better McDonald's!
In this role, you will develop and maintain an application security program that is designed to ensure that any software developed or acquired meets stringent McDonald's standards while enabling continued innovation to meet customers' ever-changing needs.
Additional responsibilities will include, but are not limited to:
- Providing recommendations to Information Security policies and defining governance procedures for secure application development.
- You will craft and deploy application security tools and processes to support OWASP Top 10 alignment of critical central Secure Software Development Lifecycle controls.
- Collaborating with internal and external development teams (Java, .Net, etc.) to integrate security tools, standards, and processes into the product life cycle.
- You will ensure that developers and QA personnel have the appropriate level of security knowledge and support to perform their daily activities.
- You will assist application owners and development teams with analysis and interpretation of identified vulnerabilities.
- Providing application security expertise to support the incident response and architecture review processes.
- You will establish a governance framework to benchmark the state of said program and the performance of development teams against McDonald's current program.
- You have at least two years of product or application development experience
- You have at least two years of direct information security experience, including architectural integration of security technologies and ability to identify potential risks to solution security.
- Previous experience on global teams.
- Strong ability to develop strategic direction and long-term objectives without supervision.
- Confirmed interpersonal skills with the ability to translate complex technical issues or concepts to non-technical audiences in a clear and concise manner that focuses on business value.
- Proficient in technical writing and creation of policies, standards, procedures and guidelines.
McDonald's is committed to providing qualified individuals with disabilities reasonable accommodations to perform the essential functions of their jobs. Additionally, if you (or another applicant of whom you are aware) require assistance accessing or reading this job posting or otherwise seek assistance in the application process, please contact firstname.lastname@example.org
McDonald's provides equal employment opportunities to all employees and applicants for employment and prohibits discrimination and harassment of any type without regard to sex, sex stereotyping, pregnancy (including pregnancy, childbirth, and medical conditions related to pregnancy, childbirth, or breastfeeding), race, color, religion, ancestry or national origin, age, disability status, medical condition, marital status, sexual orientation, gender, gender identity, gender expression, transgender status, protected military or veteran status, citizenship status, genetic information, or any other characteristic protected by federal, state or local laws. This policy applies to all terms and conditions of employment, including recruiting, hiring, placement, promotion, termination, layoff, recall, transfer, leaves of absence, compensation and training.
Nothing in this job posting or description should be construed as an offer or guarantee of employment.
Back to top