Supervisor, Data Governance [T500-22312]

About McDonald’s:

One of the world’s largest employers with locations in more than 100 countries, McDonald’s Corporation has corporate opportunities in Hyderabad. Our global offices serve as dynamic innovation and operations hubs, designed to expand McDonald's global talent base and in-house expertise. Our new office in Hyderabad will bring together knowledge across business, technology, analytics, and AI, accelerating our ability to deliver impactful solutions for the business and our customers across the globe.

Job Title: SecOps Engineer

Job Overview:

We are seeking an experienced SecOps Engineer to join our security operations within our AWS and GCP cloud environments. The ideal candidate will be responsible for implementing, monitoring, and maintaining cloud security operations, ensuring compliance, and responding to security incidents. This role focuses on operational security in a cloud-first environment without direct leadership responsibilities.

Key Responsibilities:

• Monitor and respond to security alerts and incidents in the cloud (AWS/GCP) environments.
• Implement and maintain security controls across GCP services including Compute Engine, Cloud Storage, BigQuery, Cloud Functions, Cloud Run, and Firestore.
• Manage identity and access controls using IAM, service accounts, and other GCP security features.
• Monitor, detect, and respond to security incidents across GCP using tools like Wiz, Snyk, StackHawk, Cloud Security Command Center, Security Logging, SIEM integration, and Cloud Monitoring .
• Collaborate with DevOps, DataOps, and application teams to embed security in CI/CD pipelines (DevSecOps practices).
• Conduct threat modeling, vulnerability assessments, and penetration tests for cloud workloads.
• Manage identity and access management (IAM) in GCP, ensuring least-privilege access and role-based access control.
• Implement data protection strategies , including encryption, key management, and secure storage (Cloud KMS, Cloud Storage, Secret Manager).
• Oversee network security , firewall rules, VPC Service Controls, and private connectivity.
• Maintain incident response playbooks , conduct tabletop exercises, and lead post-incident reviews.
• Keep abreast of emerging cloud threats, GCP security features, and industry regulations (ISO, NIST, SOC2, GDPR, HIPAA, etc.).

Required Qualifications:

• 2 - 5 years of experience in cloud security, with at least 1 year in GCP environments .
• Knowledge of GCP security services : Cloud IAM, Cloud Security Command Center, Cloud Armor, Cloud Key Management, VPC Service Controls, Cloud Logging/Monitoring.
• Hands-on experience with DevSecOps tools and practices (Terraform, Jenkins, GitOps, container security).
• Familiarity with security frameworks and compliance requirements (NIST, CIS Benchmarks, SOC2, HIPAA).
• Experience with SIEM, EDR, threat detection, and incident response .
• Experience with Wiz, Snyk, and StackHawk
• Expertise in network security, encryption, access controls, and identity management .
• Excellent leadership, communication, and cross-functional collaboration skills

Preferred Qualifications:

• GCP Security certifications (e.g., Professional Cloud Security Engineer )
• Experience with multi-cloud security (GCP, AWS, Azure)
• Knowledge of data protection and privacy regulations relevant to the business
• Hands-on experience with container and serverless security (GKE, Cloud Run, Cloud Functions)
• Familiarity with automated compliance monitoring tools

Core Competencies:

• Strategic thinking and risk management
• Analytical and problem-solving mindset
• Ability to work under pressure during incidents