This role is with Yum Restaurants Europe
Salary Range: 87,785-100,220 GBP annually + bonus eligibility. This is the expected salary range for this position. Ultimately, in determining pay, we'll consider the successful candidate’s location, experience, and other job-related factors.
Role Summary
The EMEA Regional Principal Security Consultant plays a critical role in executing Yum!’s cybersecurity strategy across multiple brands and markets within the EMEA region. This position supports the Yum Digital & Technology (D&T) organization and contributes to enterprise-wide technology and security initiatives, while being employed through KFC (Great Britain) Ltd for legal, payroll, and compliance purposes.
As part of the Global Cybersecurity – Business Information Security Officer (BISO) team, this role bridges the gap between corporate cybersecurity leadership and regional business operations. The Regional BISO ensures that global standards are implemented effectively while aligning with local regulatory and business needs.
This position manages a small team (1–3 direct reports) and partners closely with cross-functional teams across IT, Privacy, Legal, and Brand to strengthen Yum!’s cybersecurity posture and support global growth objectives.
Key Responsibilities
- Lead the regional cybersecurity strategy across EMEA, ensuring implementation of global policies, standards, and controls aligned to Yum! Global Cybersecurity frameworks.
- Manage and develop a team of cybersecurity professionals (1–3 direct reports).
- Conduct regional risk assessments, security reviews, and compliance initiatives to ensure regulatory alignment and effective risk mitigation.
- Act as the primary liaison between Yum Global Cybersecurity and regional leadership.
- Collaborate with IT, Privacy, Legal, and Brand partners to address control gaps and enhance governance.
- Translate complex technical risks into actionable business insights for leadership teams.
- Champion “security by design” principles across technology and operational initiatives.
- Deliver regular executive dashboards and risk metrics to senior stakeholders.
- Support incident response coordination and remediation activities.
- Define cybersecurity requirements for regional M&A initiatives.
Required Skills & Experience
- Proven leadership and people management skills with the ability to drive results through influence.
- Deep knowledge of cybersecurity frameworks (NIST 800-53, ISO 27001/2, PCI DSS, SOC 2, etc.).
- Strong communication skills and the ability to simplify complex security issues for diverse audiences.
- Demonstrated success leading cybersecurity programs in a global or multi-region environment.
- Skilled in risk reporting, KPI design, and data-driven performance management.
- Strong organizational skills; comfortable managing multiple projects across time zones.
Qualifications
- Bachelor’s degree in Cybersecurity, Information Systems, or related field.
- 8+ years of cybersecurity, risk management, or IT governance experience.
- 2+ years of people leadership experience.
- Preferred certifications: CISSP, CISM, CRISC, or CISA.
- Experience in global or franchised organizations preferred.
- Experience with AI or cloud-native security a plus.
- Proficient in written and spoken English.
Key Performance Indicators (KPIs)
Short-Term (3–6 Months):
- Deliver a regional cybersecurity engagement plan aligned with Yum Global standards (100% completion by end of Q2).
- Complete security roadmaps across all equity-managed regional markets.
- Onboard and coach direct reports with defined quarterly goals.
- Launch monthly executive reporting dashboards on regional cyber risk and compliance posture.
Long-Term (6–12+ Months):
- Achieve ≥90% compliance with Yum! Cybersecurity Policy requirements or approved risk acceptances.
- Reduce critical and high-risk exceptions by 25% year-over-year.
- Ensure all equity-managed markets complete annual tabletop exercises and risk revalidations.