Full-Time Senior Technical Compliance Analyst

Toast is driven by building the restaurant platform that helps restaurants adapt, take control, and get back to what they do best: building the businesses they love.

The Technical Governance, Risk and Compliance (Technical GRC) team enables the growth of Toast as we build secure products and enter new markets while meeting industry and regulatory requirements.

Our team is a second-line function, providing oversight and leadership to first-line teams designed for high-velocity product innovation and development.

We are currently seeking a Senior Technical Compliance Analyst who will be responsible for overseeing and supporting many aspects of Toast's PCI Compliance Program.

In this role, you will collaborate with our Principal PCI Compliance Analyst and various teams throughout Toast, including Product, Infrastructure Engineering, IT Security, Developers, Legal, and Merchant Risk to ensure our products and processes are following PCI standards.

The successful candidate will report directly to the Senior Director of Technical Compliance who is responsible for establishing and maintaining compliance programs across Toast globally.

Responsibilities:

1. Audit/Assessment Management: Direct and support the planning and execution of PCI assessments of Toast payment solutions and environments.
2. Support Monitoring: Support the monitoring of the implementation and validation of any recommended remediations.
3. Readiness and Compliance: Actively support ongoing PCI program health and maturity. Document and maintain cardholder data environment scope narratives, controls and supporting evidence. Monitor business activities by collaborating with cross-functional team leaders to ensure the organization maintains compliance.
4. Process Evaluation: Evaluate current and evolving processes and technical controls to identify compliance gaps and produce actionable feedback.
5. Advice and Consultation: Advise and consult with internal teams on PCI-related initiatives and programs.
6. Design and Operating Reviews: Perform ongoing design and operating effectiveness reviews.
7. Customer Support: Manage and respond to customer requests regarding PCI compliance.
8. Documentation: Create and maintain documentation to support the PCI Management Program.
9. Training: Develop and deliver training on PCI topics.
10. Team Collaboration: Collaborate with other members of the GRC team on team-wide initiatives.

Requirements:

• Experience (5-7+ years) in Security GRC, IT security, or a related field, with in-depth working knowledge of PCI standards (especially PCI DSS), preferably inside fast-growing companies.
• Understanding of cloud computing architectures and security patterns.
• High curiosity, persistence, grounded approach to problem-solving.
• Familiarity with GRC solutions, tools, platforms, and ERM processes.
• Knowledge of industry security, audit, and privacy standards (PCI DSS, ISO27001).
• Relevant certifications (CISSP, CISA, CISM) or equivalent expertise. QSA/ISA certification/experience preferred.
• Bonus skills: Experience with GRC tools (AuditBoard), Atlassian tools (Jira, Confluence, Atlas), enterprise risk management, GDPR, EBA ICT, DORA, SOX, COBIT, SOC/SSAE18, Fintech experience, payment facilitation/marketplace, merchant processing and/or fraud/risk.

What is the last date for applying to the job?

Which countries are accepted for this remote job?