Senior BISO Security Analyst

As member of the Cybersecurity BISO team, this role partners with US Brand BISOs to support and execute cybersecurity priorities across business and technology teams. Acting as a business-facing security resource, the role helps ensure effective implementation of security controls and alignment with regulatory and organizational requirements across restaurant, above-store, and corporate environments.

This role is designed to operate with a high degree of independence while serving as a back-up to US Brand BISOs. The role focuses on managing day-to-day security operations, stakeholder engagement, risk management activities, and ownership of security domains. Working in a dynamic, brand-focused environment, this role leverages technical expertise to evaluate risks, support security services, and enhance the overall security posture of the business. Occasional after-hours or on-call support may be required.

Responsibilities

• Own specific portions of US Brand BISOs and partner with business leaders to drive cybersecurity strategy and priorities, aligning security with brand objectives

• Own and manage cybersecurity risk assessment and remediation activities across brand, corporate, and restaurant environments

• Provide expert guidance on security controls and frameworks (e.g., CCPA, PCI-DSS, NIST), influencing decisions and ensuring effective implementation

• Serve as a delegated back-up to US Brand BISOs, representing cybersecurity in stakeholder discussions and maintaining continuity of leadership

• Independently manage complex cybersecurity requests and issues, making risk-based decisions with minimal oversight

• Lead execution of key security processes (e.g., access reviews, compliance, governance), ensuring accountability and quality of outcomes

• Deliver actionable insights through reporting and dashboards, supporting risk governance and decision-making at the leadership level

• Engage and influence stakeholders across business and technology teams to drive alignment and adoption of security practices

• Monitor and analyze security metrics and KPIs, identifying trends and driving continuous improvement

• Take ownership of defined initiatives, workstreams, or domains over time, contributing to broader security strategy and capability development

Qualifications

• Strong understanding of cybersecurity principles, common threat vectors, and security best practices
• Strong communication and stakeholder engagement skills, including the ability to influence without direct authority
• Maintain at least one internationally recognized cybersecurity certification, to include but not limited to Security+, SSCP, ISC2 CC, GIAC, etc.
• Able to successfully communicate with technical and non-technical stakeholders across brand and enterprise teams
• Strong organizational and program management skills, with the ability to manage multiple concurrent initiatives and prioritize effectively
• Experience working in a global team spanning multiple locations preferred.
• Knowledge of cloud and enterprise technology environments, including SaaS platforms, and foundational cloud security controls
• Knowledge of third-party application and vendor security and network level and perimeter security controls.

Salary Range: $110,000 - $140,000 annually + bonus eligibility. This is the expected salary range for this position. Ultimately, in establishing pay, we'll consider the successful candidate’s location, experience, and other job-related factors.