Senior Analyst for Technical Compliance - Remote

Overview

Toast is driven by building the restaurant platform that helps restaurants adapt, take control, and get back to what they do best: building the businesses they love.

The Technical Governance, Risk and Compliance (Technical GRC) team enables the growth of Toast as we build secure products and enter new markets while meeting industry and regulatory requirements. Our team is a second-line function, providing oversight and leadership to first-line teams designed for high-velocity product innovation and development.

We are currently seeking a Senior Analyst for Technical Compliance who will be responsible for overseeing and supporting many aspects of Toast's PCI Compliance Program. In this role, you will collaborate with our Principal PCI Compliance Analyst and various teams throughout Toast, including Product, Infrastructure Engineering, IT Security, Developers, Legal, and Merchant Risk to ensure our products and processes are following PCI standards.

The successful candidate will report directly to the Senior Director of Technical Compliance who is responsible for establishing and maintaining compliance programs across Toast globally.

In Short

• Direct and support the planning and execution of PCI assessments of Toast payment solutions and environments.
• Coordinate with external assessors and internal stakeholders to streamline the assessment process.
• Support the monitoring of the implementation and validation of recommended remediations.
• Actively support ongoing PCI program health and maturity.
• Document and maintain cardholder data environment scope narratives and controls.
• Monitor business activities to ensure compliance with external certifications.
• Evaluate processes and technical controls to identify compliance gaps.
• Advise internal teams on PCI-related initiatives and programs.
• Create and maintain documentation for the PCI Management Program.
• Develop and deliver training on PCI topics to relevant stakeholders.

Requirements

• 5-7+ years in Security GRC, IT security, or a related field.
• In-depth knowledge of PCI standards including PCI DSS.
• Understanding of cloud computing architectures and security patterns.
• Familiarity with GRC solutions and Enterprise Risk Management processes.
• Knowledge of industry security, audit, and privacy standards.
• Relevant industry certifications such as CISSP, CISA, CISM.

Benefits

• Competitive compensation and benefits programs.
• Flexibility to meet changing needs.
• Inclusive hiring process with accommodations for disabilities.