Lead Technical Governance Analyst at Toast

Toast creates technology to help restaurants and local businesses succeed in a digital world helping business owners operate increase sales engage customers and keep employees happy.The Lead Technical Governance Analyst is a high-impact autonomous role responsible for designing and driving the foundational architecture of our world-class GRC program.A day in the life (Responsibilities)In this role you will play an integral part in building the frameworks systems and transformation programs that enable scale and efficiency across all security and compliance and risk addition you will be responsible for supporting the ongoing oversight of certain workforce-related security initiatives and policies and will collaborate closely with our Security and Business Technology and Transformation teams to ensure the security of Toasts sensitive data and critical infrastructure. This role requires a proactive and strategic approach to identifying and mitigating risks as well as a deep understanding of the evolving cybersecurity landscape.Drive Security and Technical Governance Risk and Compliance Initiatives:GRC Platform Ownership: Serve as the primary admin and product owner for the GRC platform (AuditBoard). You will move beyond administration to design advanced workflows automation and metrics that centralize risk and compliance data.Common Controls Framework (CCF) Stewardship: Own and evolve the Common Controls Framework. You will map and maintain complex regulations (NIST CSF SOC 2 PCI DSS ISO 27001) to a single source of truth directly driving compliance efficienciesLead Strategic Initiatives: Independently lead complex cross-functional zero-to-one security programs taking them from concept to operational maturity.Customer Trust Optimization: Drive the strategy for our Trust Center operationalizing our ability to address customer and partner security questionnaires in a more efficient mannerreducing manual efforts and shortening lead times.Develop and implement governance policies controls and best practices to enhance the security posture across corporate IT and workforce systems.Compliance by Design Advisory: Champion the Shift Left strategy by co-developing standards that embed GRC checkpoints into the SDLC and Product innovation pipelines ensuring security is baked in not bolted on.Change Events Governance: Define and standardize the process for assessing GRC impacts during major system changes ensuring consistent intake and triage across all compliance programs.Track and report on security governance KPIs and risk metrics driving continuous improvement.Collaborate with IT and Security:Partner closely with the IT team to ensure corporate systems are managed appropriately and meet security objectives.Work with the Security team to implement monitoring and detection capabilities that support workforce security objectives.Promote Security Culture:Foster a strong security culture within the organization through training awareness programs and ongoing communication. .What youll need to thrive (Requirements)Core Program & Technical Experience8 Years of progressive experience in Information Security GRC Audit or Technical Program Management.CCF & Framework Expertise: Hands-on experience designing and operationalizing a Common Controls Framework (CCF) to map and consolidate controls across multiple regulatory frameworks (SOX PCI DSS SOC 2 NIST CSF ISO 27001).GRC Platform Mastery: Proven experience serving as an Administrator Architect or primary owner of a modern GRC tool (e.g. AuditBoard ServiceNow GRC Workiva) including advanced workflow design configuration and maintenance.Policy Architecture: Expert ability to define manage and enforce a clear hierarchy of governance documentation (Policy Standard Procedure) and maintain security baselines for corporate IT and workforce tools.Program Ownership: Demonstrated ability to drive the lifecycle of complex security initiatives such as Data Governance Oversight SaaS Posture Management End Protection/Hardware Inventory and Third-Party Risk Management.Technical Acumen: Strong understanding of cybersecurity controls across cloud security corporate IT security and identity and access management (IAM). Committed to staying ahead of the curve in the ever-evolving field of cybersecurity.Leadership & CollaborationProven ability to lead and manage security initiatives and drive complex cross-functional collaboration efforts without direct authority.Builds strong relationships with stakeholders across the organization and thrives in a dynamic and rapidly changing environment.Exceptional written and verbal communication skills with the ability to translate complex security architecture into clear business risks for non-technical audiences.A proactive and strategic approach to identifying mitigating and documenting risks in a high-growth fast-paced technology environment.Special Sauce (Nice-to-Haves)Controls Engineering Experience: Experience with scripting (e.g. Python SQL) or building APIs/integrations to automate evidence collection.Advanced Certifications: Relevant security certifications such as CISSP CISM or CISA.Teaching/Enablement: Experience designing or facilitating training programs (e.g. Compliance Champions) or leading Cyber Tabletop Exercises.Experience supporting security governance in a remote or hybrid workforce environment.AI at ToastAt Toast one of our company values is that were hungry to build and learn. We believe learning new AI tools empowers us to build for our customers faster more independently and with higher quality. We provide these tools across all disciplines from Engineering and Product to Sales and Support and are inspired by how our Toasters are already driving real value with them. The people who thrive here are those who embrace changes that let us build more for our customers; its a core part of our culture.Our Total Rewards PhilosophyWe strive to provide competitive compensation and benefits programs that help to attract retain and motivate the best and brightest people in our industry. Our total rewards package goes beyond great earnings potential and provides the means to a healthy lifestyle with the flexibility to meet Toasters changing needs. Learn more about our benefits at base salary range for this role is listed below. The starting salary will be determined based on skills and experience. In addition to base salary our total rewards components include cash compensation (overtime bonus/commissions if eligible) benefits and equity (if eligible).Pay Range$129000$206000 USDDiversity Equity and Inclusion is Baked into our Recipe for SuccessAt Toast our employees are our secret ingredientwhen they thrive we restaurant industry is one of the most diverse and we embrace that diversity with authenticity inclusivity respect and humility. By embedding these principles into our culture and design we create equitable opportunities for all and raise the bar in delivering exceptional experiences.We Thrive TogetherWe embrace a hybrid work model that fosters in-person collaboration while valuing individual needs. Our goal is to build a strong culture of connection as we work together to empower the restaurant community. To learn more about how we work globally and regionally check out: today!Toast is committed to creating an accessible and inclusive hiring process. As part of this commitment we strive to provide reasonable accommodations for persons with disabilities to enable them to access the hiring process. If you need an accommodation to access the job application or interview process please contact .------For roles in the United States It is unlawful in Massachusetts to require or administer a lie detector test as a condition of employment or continued employment. An employer who violates this law shall be subject to criminal penalties and civil liability.Required Experience:IC Key Skills Bakery & Pastry,Computer Software,Jira,Accident Investigation,Chemistry Employment Type : Full Time Experience: years Vacancy: 1