The Technical Governance, Risk and Compliance (Technical GRC) team enables the growth of Toast as we build secure products and enter new markets, while meeting industry and regulatory requirements. Our team is a second line function, providing oversight and leadership to a first line team that is designed for high velocity product innovation and development.

We are looking for a new member of the team to grow our Technical Governance function which works in partnership with the Technical Risk and Compliance teams as we engage 1st line business and engineering teams to design scalable governance processes and frameworks that will further mature our cybersecurity programs.

The successful candidate will report directly to the leader of Technical Governance, who is responsible for maintaining Toast’s Technical Governance program across the privacy and IT security domains. They will work closely with team members across all areas of the business that touch sensitive data or who have influence over system controls. Ultimately this role serves as a crucial liaison, translating complex technical and security requirements into actionable strategies that align with business objectives and regulatory compliance.

About this roll* (Responsibilities) 

• Collaborate with cross-functional teams to implement technical controls in accordance with PCI DSS, SOC, SOX IT and NIST requirements.
• Provide administrative support for GRC training and awareness programs
• Contribute to the preparation of reports on GRC metrics and findings
• Participate in technical design discussions, evaluate security properties of systems and services, drive risk decisions, and influence technical architecture
• Interpret and communicate security and compliance constraints to key stakeholders
• Serve as the primary information security point of contact for business units, translating existing security policies and controls into practical guidance and real-world recommendations.
• Serve as a liaison between the InfoSec team and business units. Ensure InfoSec understands business-specific requirements and that security measures align with business objectives.
• Provide consultation and guidance on IT security architecture and data handling practices for current and upcoming projects within the business unit, ensuring alignment with organizational security policies.
• Participate in cybersecurity maturity assessments, identifying and supporting the management and mitigation of security risks specific to the assigned Lines of Business.
• Stay informed on emerging cybersecurity threats and industry trends, providing insights and recommendations relevant to the assigned business unit's operations.
• Foster accountability by ensuring business units actively participate in and take ownership of their specific cybersecurity posture and data security responsibilities.

Do you have the right ingredients*? (Requirements)

• Minimum of 8 years of related experience with a Bachelor’s degree; or 6 years and a Master’s degree; or equivalent experience in Cybersecurity, GRC, IT security, or a related field.
• Experience supporting Governance, Risk and Compliance programs inside fast growing companies.
• Knowledge of IT General Control requirements, scoping, control design, control implementation,
• Experience with IT-related audits (PCI, SSAE18, ISO27001) and balancing the needs of the business with external audit requirements
• Experience maintaining and maturing technical governance programs
• A strong understanding of cloud computing architectures and security patterns
• High levels of curiosity, persistence, and a grounded approach to getting things done
• Experience designing controls and stewarding implementation/maintenance with IT and business owners in alignment with industry privacy and security standards (e.g. NIST 800-53, ISO 27001, GDPR, CCPA/CPRA)
• Experience in using automation and data analytics to enable effectiveness and efficiencies in GRC programs

Our Spread* of Total RewardsWe strive to provide competitive compensation and benefits programs that help to attract, retain, and motivate the best and brightest people in our industry. Our total rewards package goes beyond great earnings potential and provides the means to a healthy lifestyle with the flexibility to meet Toasters’ changing needs. Learn more about our benefits at https://careers.toasttab.com/toast-benefits.

*Bread puns encouraged but not required

Diversity, Equity, and Inclusion is Baked into our Recipe for Success

At Toast, our employees are our secret ingredient—when they thrive, we thrive. The restaurant industry is one of the most diverse, and we embrace that diversity with authenticity, inclusivity, respect, and humility. By embedding these principles into our culture and design, we create equitable opportunities for all and raise the bar in delivering exceptional experiences.

We Thrive Together

We embrace a hybrid work model that fosters in-person collaboration while valuing individual needs. Our goal is to build a strong culture of connection as we work together to empower the restaurant community. To learn more about how we work globally and regionally, check out: https://careers.toasttab.com/locations-toast.

Apply today!

Toast is committed to creating an accessible and inclusive hiring process. As part of this commitment, we strive to provide reasonable accommodations for persons with disabilities to enable them to access the hiring process. If you need an accommodation to access the job application or interview process, please contact candidateaccommodations@toasttab.com.

------

For roles in the United States, It is unlawful in Massachusetts to require or administer a lie detector test as a condition of employment or continued employment. An employer who violates this law shall be subject to criminal penalties and civil liability.