• Lead the operationalization of Yum!’s enterprise cyber risk management framework across brands, enabling measurable, repeatable, and scalable processes. • Maintain and continuously refine the enterprise risk register, ensuring risks are consistently assessed, updated, and tracked through mitigation or acceptance. • Translate risk appetite and tolerance thresholds into actionable decision criteria and embed these into enterprise processes. • Develop and report Key Risk Indicators (KRIs), leveraging automation and data analytics for timely insights. • Partner with IT, Security Engineering, and ERM to ensure risk data quality and alignment with enterprise priorities. • Manage daily operations within the GRC platform, ensuring data integrity and accurate reporting. • Oversee risk assessments, remediation tracking, and control validation across cybersecurity domains. • Enhance automation and reporting pipelines in collaboration with BI and data teams, leveraging prompt engineering to improve risk insight generation and dashboarding. • Oversee the operationalization of Yum!’s control alignment model across CIS, PCI DSS, ISO 27001, and SOC 2 frameworks as applicable. • Lead exception management, ensuring exceptions are risk-assessed, approved, tracked, and reviewed according to enterprise policy. • Manage the lifecycle of risk issues — classification, remediation, and closure validation — ensuring proper documentation and leadership visibility. • Serve as a key liaison between Cyber Risk, ERM, and Compliance teams to align methodologies and governance reporting. • Communicate risk insights to senior leaders, translating technical data into business impact. • Promote a risk-aware culture through targeted engagement, education, and communication initiatives. • Lead and coach a team of Cyber Risk Analysts, fostering professional development and technical growth. • Provide leadership oversight on prioritization, performance management, and delivery alignment. • Actively mentor team members and peer leaders on effective risk communication, analysis methods, and GRC tool utilization. • Represent the Cyber Risk function on steering committees and cross-functional governance councils.