Job Description

As member of the Cybersecurity BISO team, this role partners with US Brand BISOs to support and execute cybersecurity priorities across business and technology teams. Acting as a business-facing security resource, the role helps ensure effective implementation of security controls and alignment with regulatory and organizational requirements across restaurant, above-store, and corporate environments.

This role is designed to operate with a high degree of independence while serving as a back-up to US Brand BISOs. The role focuses on managing day-to-day security operations, stakeholder engagement, risk management activities, and ownership of security domains. Working in a dynamic, brand-focused environment, this role leverages technical expertise to evaluate risks, support security services, and enhance the overall security posture of the business. Occasional after-hours or on-call support may be required.

• Own specific portions of US Brand BISOs and partner with business leaders to drive cybersecurity strategy and priorities, aligning security with brand objectives

• Own and manage cybersecurity risk assessment and remediation activities across brand, corporate, and restaurant environments

• Provide expert guidance on security controls and frameworks (e.g., CCPA, PCI-DSS, NIST), influencing decisions and ensuring effective implementation

• Serve as a delegated back-up to US Brand BISOs, representing cybersecurity in stakeholder discussions and maintaining continuity of leadership

• Independently manage complex cybersecurity requests and issues, making risk-based decisions with minimal oversight

• Lead execution of key security processes (e.g., access reviews, compliance, governance), ensuring accountability and quality of outcomes

• Deliver actionable insights through reporting and dashboards, supporting risk governance and decision-making at the leadership level

• Engage and influence stakeholders across business and technology teams to drive alignment and adoption of security practices

• Monitor and analyze security metrics and KPIs, identifying trends and driving continuous improvement

• Take ownership of defined initiatives, workstreams, or domains over time, contributing to broader security strategy and capability development

• Strong understanding of cybersecurity principles, common threat vectors, and security best practices
• Strong communication and stakeholder engagement skills, including the ability to influence without direct authority
• Maintain at least one internationally recognized cybersecurity certification, to include but not limited to Security+, SSCP, ISC2 CC, GIAC, etc.
• Able to successfully communicate with technical and non-technical stakeholders across brand and enterprise teams
• Strong organizational and program management skills, with the ability to manage multiple concurrent initiatives and prioritize effectively
• Experience working in a global team spanning multiple locations preferred.
• Knowledge of cloud and enterprise technology environments, including SaaS platforms, and foundational cloud security controls
• Knowledge of third-party application and vendor security and network level and perimeter security controls.

Salary Range: $110,000 - $140,000 annually + bonus eligibility. This is the expected salary range for this position. Ultimately, in establishing pay, we'll consider the successful candidate’s location, experience, and other job-related factors.