Technical Security & Risk Manager

About the role

The Technical Security & Risk Manager will lead McDonald’s Singapore’s cybersecurity, technology risk and resilience agenda across restaurant operations, digital platforms and enterprise environments. This senior position ensures confidentiality, integrity, availability and privacy of critical assets while supporting secure innovation and seamless customer experiences.

Key responsibilities

• Define and execute a forward‑looking cybersecurity and technology risk strategy aligned with business objectives and digital transformation.
• Embed security‑by‑design and risk‑based decision‑making across all technology initiatives, championing Zero Trust Architecture and Secure Access Service Edge.
• Establish and continuously improve governance models based on NIST, ISO/IEC 27001/27701 and CIS Controls.
• Develop, enforce and audit practical policies, standards and controls for both corporate and restaurant technology ecosystems.
• Ensure compliance with PDPA, PCI DSS and other applicable global data regulations; act as primary liaison for audits and regulatory reviews.
• Oversee security operations including SIEM, SOC, XDR, threat intelligence, vulnerability management and endpoint, network and cloud security.
• Drive continuous control monitoring, automate compliance where possible and respond to emerging threats such as ransomware and supply‑chain attacks.

Required profile

• Proven senior leadership experience in enterprise cybersecurity and technology risk management.
• Deep knowledge of regulatory frameworks (PDPA, PCI DSS) and data protection best practices.
• Strong track record of building and governing security programs in fast‑paced, multi‑site environments.
• Excellent communication and stakeholder management skills to align security with business goals.

Required skills

• Zero Trust Architecture
• Secure Access Service Edge (SASE)
• Cloud‑native security
• NIST Cybersecurity Framework
• ISO/IEC 27001 & ISO/IEC 27701
• CIS Critical Security Controls
• PDPA compliance
• PCI DSS
• SIEM, SOC, XDR platforms
• Threat intelligence and proactive threat hunting
• Vulnerability and exposure management
• Endpoint, network and cloud security controls
• SaaS, API and mobile platform security