The Technical Governance team plays a crucial role in supporting Toast's growth by ensuring the development of secure products and expansion into new markets while adhering to industry, partner, and regulatory requirements. We are currently seeking a Senior Analyst for Technical Compliance as we grow Toast's PCI compliance program. In this role, you will collaborate with various teams throughout Toast, including Product, Infrastructure Engineering, IT Security, Developers, Legal, and Risk.

The successful candidate will report directly to the Vice President of Global Technical Governance, and work closely with the Senior PCI Manager, who is responsible for overseeing all aspects of Toast's PCI Compliance Program.

About this roll* (Responsibilities)

• Assist in the planning and execution of PCI audits of the Toast payment solutions and environments
• Work closely with partner teams to prepare for upcoming audits, collecting evidence and refining the relevant runbooks to continuously improve the program
• Assist in the management, scheduling and task tracking of the PCI QSA partner, ensuring that the overall audit timeline is achieved
• Assist in monitoring the implementation and validation of any recommended remediations
• Assist in the execution of the ongoing PCI Compliance activities
• Create and maintain documentation to support the PCI Management Program
• Perform ongoing design reviews for changes to existing products and infrastructure and the adoption of new architectures and technologies
• Help to develop and deliver training on PCI topics to relevant stakeholders
• Manage and respond to customer requests regarding PCI compliance
• Execute periodic control monitoring to ensure continuous compliance

Qualifications

• Experience (5+ years) supporting IT compliance programs for technology/software-focused companies.
• Proven track record of successfully supporting PCI audits
• Experience performing IT audits in a cloud computing environment
• Familiarity with GRC (Governance, Risk, and Compliance) solutions, tools, platforms, and Enterprise Risk Management (ERM) processes.
• Knowledge of industry security, audit, and privacy standards, frameworks, and regulations, such as ISO27001, PCI DSS, GDPR, COBIT, SSAE18.
• Familiarity with industry security, audit, and privacy standards, frameworks, and regulations (e.g., EBA’s ICT, GDPR, COBIT, DORA)
• Relevant industry certifications such as CISSP (Certified Information Systems Security Professional), CISA (Certified Information Systems Auditor), CISM (Certified Information Security Manager) OR equivalent expertise

Our Spread* of Total Rewards
We strive to provide competitive compensation and benefits programs that help to attract, retain, and motivate the best and brightest people in our industry. Our total rewards package goes beyond great earnings potential and provides the means to a healthy lifestyle with the flexibility to meet Toasters’ changing needs. Learn more about our benefits at https://careers.toasttab.com/toast-benefits.

*Bread puns encouraged but not required