The Technical Governance, Risk and Compliance (Technical GRC) team enables the growth of Toast as we build secure products and enter new markets while meeting industry and regulatory requirements. We are seeking a Principal of Technical Governance to lead efforts across our data governance and identity and access management oversight programs, as part of our 2nd line of defence. This role will partner closely with many leaders across the organisation, especially within the Compliance, Security, Legal, IT and Engineering Leadership.

The successful candidate will report directly to the Vice President of Technical GRC, who is responsible for maintaining Toast’s Governance, Risk and Compliance programs across the privacy and IT security domains. These programs span the entire organization and result in the successful completion of the following audits and certifications, SOC 1 Type 1 & 2, SOC 2 Type 1 & 2, Payment Card Industry (PCI) Data Security Standard, and SOX IT compliance. The Principal of Data and IAM Technical Governance is responsible for ensuring that Toast has strong governance over access to our systems, and the data that they contain.

About this roll* (Responsibilities) 

• Be a Privacy and IT Security GRC domain expert in partnership with Compliance, Security, Legal, IT and Engineering Leadership, with a main focus on our data governance and IAM oversight programs
• Play a leading role in our Identity, Access Management Governance program, ensuring that Toast consistently adheres to the principle of least privilege without causing unnecessary friction to the business
• Lead the 2nd line data governance program, owning the enterprise wide data governance policies, working closely with legal and 1st line teams to build a cohesive Data Governance program
• Help Toast automate governance and compliance functions to scale visibility into policy compliance and drive technical solutions that enable Toast teams to be compliant in a highly competitive industry
• Participate in technical design discussions, evaluate security properties of systems and services, drive risk decisions, and influence technical architecture
• Provide business and technical advice on privacy and security risk and trade-offs to enable security across the enterprise
• Develop, implement and promote security standards and frameworks
• Interpret and communicate security and compliance constraints to key stakeholders
• Monitor changes to applicable security and privacy related laws, regulations and industry standards

Do you have the right ingredients*? (Requirements)

• 3+ years in a security leadership role
• 7+ years in a security focused role in a technology heavy industry
• Experience maintaining and maturing a data governance program
• A proven track record of impactful involvement in Identity and Access Management programs
• A strong understanding of cloud computing architectures and security patterns
• Ability to drive change in a complex environment with minimal supervision
• High levels of curiosity, persistence, and a grounded approach to getting things done
• Experience designing controls and stewarding implementation/maintenance with IT and business owners in alignment with industry privacy and security standards (e.g. NIST 800-53, ISO 27001, GDPR, CCPA/CPRA)
• Working knowledge of one or more relevant compliance regulations such as PCI DSS, SOX, SSAE18
• Experience in using automation and data analytics to enable effectiveness and efficiencies in GRC programs 

Ideal candidates will have familiarity with some of the technologies we use in our environment

• AWS and GCP or Azure IAM
• Terraform, Docker, Java, Kotlin, Python
• HTTP, JSON, gRPC, and Protocol Buffers
• PostgreSQL, DynamoDB
• Event-driven architecture
• Hex, Looker, Snowflake, Jupyter notebooks
• Salesforce, ServiceNow
• Agile software development and change management tools such as GitHub
• IAM tools such as Okta, Sailpoint 

Our Spread* of Total RewardsWe strive to provide competitive compensation and benefits programs that help to attract, retain, and motivate the best and brightest people in our industry. Our total rewards package goes beyond great earnings potential and provides the means to a healthy lifestyle with the flexibility to meet Toasters’ changing needs. Learn more about our benefits at https://careers.toasttab.com/toast-benefits.

*Bread puns encouraged but not required

We are Toasters

Diversity, Equity, and Inclusion is Baked into our Recipe for Success.

At Toast our employees are our secret ingredient. When they are powered to succeed, Toast succeeds.

The restaurant industry is one of the most diverse industries. We embrace and are excited by this diversity, believing that only through authenticity, inclusivity, high standards of respect and trust, and leading with humility will we be able to achieve our goals.

Baking inclusive principles into our company and diversity into our design provides equitable opportunities for all and enhances our ability to be first in class in all aspects of our industry.

Bready* to make a change? Apply today!

Toast is committed to creating an accessible and inclusive hiring process. As part of this commitment, we strive to provide reasonable accommodations for persons with disabilities to enable them to access the hiring process. If you need an accommodation to access the job application or interview process, please contact candidateaccommodations@toasttab.com.