Privacy Risk and Security Specialist

About McDonald’s: One of the world’s largest employers with locations in more than 100 countries, McDonald’s Corporation has corporate opportunities in Hyderabad. Our global offices serve as dynamic innovation and operations hubs, designed to expand McDonald's global talent base and in-house expertise. Our new office in Hyderabad will bring together knowledge across business, technology, analytics, and AI, accelerating our ability to deliver impactful solutions for the business and our customers across the globe.Position Summary: Privacy, Security, & Risk Specialist: (Supervisor, Data Governance_G3_EDAA0104) As a Data Risk & Compliance Analyst within the Enterprise Data Governance (EDG) team, you will play a key role in supporting data risk management, privacy, and compliance efforts across the organization. You will operationalize and enhance processes that support secure data practices, regulatory alignment, and the protection of sensitive data assets. Working cross-functionally with business, legal, privacy, and cybersecurity teams, you will help ensure that data governance capabilities are implemented with integrity and transparency. This role combines technical acumen, risk assessment, and compliance management to support data discovery, access controls, data classification, and privacy risk assessments.Who we’re looking for: Primary Responsibilities: Risk & Privacy Controls Execution : Maintain and support risk and privacy controls across key processes such as data retention, access monitoring, and records destruction. Data Discovery & Classification Enablement : Help drive the implementation of data discovery, tagging, and classification activities by identifying structured data with privacy and regulatory implications. Governance Platform Integration : Collaborate in testing and integrating data governance capabilities with risk and compliance systems (e.g., GRC tools, OneTrust, ServiceNow IRM).Key Responsibilities: Partner with the privacy, legal, and security teams to operationalize privacy-by-design, records management, and access governance. Support the creation, enhancement, and enforcement of data handling policies, including ROPA, data classification, and regulatory reporting. Maintain and analyze Records of Processing Activities (ROPA) and ensure accuracy and traceability of critical data elements. Assist with privacy and compliance risk assessments, tracking mitigation plans, and supporting enterprise audit requests. Align with Identity and Access Management teams to manage privileged access appropriately, supporting the governance of access control and provisioning. Assist in developing data quality metrics, health indices, and access provisioning dashboards. Provide expert guidance to EDG councils and data stewards regarding privacy, data protection, and compliance requirements. Support the organization in addressing questions about security classification, data-sharing agreements, and retention schedules.Skill: Bachelor’s degree in information technology, Computer Science, or a related field. 5+ years of experience in data governance, privacy, information risk, and compliance. Familiarity with NIST CSF, NIST Privacy Framework, and ISO 27001. Hands-on experience with GRC and privacy tools like OneTrust, RSA Archer, Collibra, or ServiceNow IRM. Strong understanding of data discovery and classification technologies; ability to define policies and regex rules. Knowledge of information governance, access control, and secure records lifecycle management. Excellent analytical and communication skills with the ability to work across technical and business teams. Cybersecurity certifications preferred (e.g., CISSP, CISA).Work location:Hyderabad, India Work pattern:Full time role. Work mode:Hybrid.