Portfolio Jobs

The Technical Governance, Risk and Compliance (Technical GRC) team enables the growth of Toast as we build secure products and enter new markets while meeting industry and regulatory requirements. Our team is a second-line function, providing oversight and leadership to a first-line team designed for high-velocity product innovation and development.

We are looking for a new team member to grow our Technical Governance function which works in partnership with the Technical Risk and Compliance teams as we engage 1st line business and engineering teams to design scalable governance processes and frameworks that will further mature our cybersecurity programs.

The successful candidate will report directly to the Principal of Technical GRC, who is responsible for maintaining Toast’s Governance program across the privacy and IT security domains. They will work closely with team members across all areas of the business that touch sensitive data or who have influence over system controls. Ultimately this role is responsible for ensuring that Toast has strong governance over our systems and the data they contain.

About this roll* (Responsibilities)

• Assist in developing and maintaining GRC frameworks, policies, and procedures aligned with PCI DS, SOC, SOX and NIST standards.
• Support and enable new product and business partnerships, representing the security team to ensure a healthy balance of risk and reward is maintained consistently throughout the business
• Support Evidence Collection: As needed, act as an intermediary between the first line teams, Technical Compliance, and external auditors. Assist in managing and responding to requests for evidence, helping to gather and organize necessary documents and information from the first line teams in a timely and efficient manner. This includes understanding what information is needed, identifying where it can be obtained within the organization, and ensuring its secure and prompt delivery to the auditors.
• Collaborate with cross-functional teams to implement technical controls in accordance with PCI DSS, SOC, SOX IT and NIST requirements.
• Provide administrative support for GRC training and awareness programs
• Contribute to the preparation of reports on GRC metrics and findings
• Participate in technical design discussions, evaluate security properties of systems and services, drive risk decisions, and influence technical architecture
• Interpret and communicate security and compliance constraints to key stakeholders
• Monitor changes to applicable security and privacy related laws, regulations and industry standards while staying up to date on industry trends and emerging threats

Do you have the right ingredients*? (Requirements)

• Experience in Security GRC, IT security, or a related field, with exposure to PCI DSS and NIST standards.
• Experience supporting Governance, Risk and Compliance programs inside fast growing companies
• Knowledge of IT General Control requirements, scoping, control design, control implementation
• Experience with IT-related audits (PCI, SSAE18, ISO27001) and balancing the needs of the business with external audit requirements
• Experience maintaining and maturing technical governance programs
• A strong understanding of cloud computing architectures and security patterns
• High levels of curiosity, persistence, and a grounded approach to getting things done
• Experience designing controls and stewarding implementation/maintenance with IT and business owners in alignment with industry privacy and security standards (e.g. NIST 800-53, ISO 27001, GDPR, CCPA/CPRA)
• Experience in using automation and data analytics to enable effectiveness and efficiencies in GRC programs

Our Spread* of Total Rewards
We strive to provide competitive compensation and benefits programs that help to attract, retain, and motivate the best and brightest people in our industry. Our total rewards package goes beyond great earnings potential and provides the means to a healthy lifestyle with the flexibility to meet Toasters’ changing needs. Learn more about our benefits at https://careers.toasttab.com/toast-benefits.

*Bread puns encouraged but not required