Lead Technical Compliance Analyst

Toast creates technology to help restaurants and local businesses succeed in a digital world, helping business owners operate, increase sales, engage customers, and keep employees happy. The Technical Governance, Risk and Compliance (Technical GRC) team enables the growth of Toast as we build secure products and enter new markets while meeting industry and regulatory requirements. Our team is a second-line function, providing oversight and leadership to first-line teams that are engaged in high-velocity product innovation and development.

Are you bready* for a change?

We are currently seeking a Lead Technical Compliance Analyst who will work alongside both our internal stakeholders and internal/external auditors to coordinate and execute on several compliance programs such as: PCI, ISO 27001, RED DA, NIS2, EBA ICT, GDPR, UK OpRes, CRA, PSD2 and others that become applicable as Toast expands into more product offerings or geographies. In this role, you will collaborate with various teams throughout Toast, including Engineering, IT, HR, and Internal Audit, contributing to the overall success of our Technical GRC function.

The successful candidate will report directly to the Sr. Director of Technical Compliance, who is responsible for Toast's second-line function across all Technical Compliance programs (e.g. SOX, SOC, PCI, NIST, ISO, etc). 

About this roll* (Responsibilities) 

• Compliance Impact Analysis - Coordinate with and act as the second-line expert to advise first-line teams on the impact of proposed cloud and application architecture changes against compliance and regulatory requirements. 
• Control Validation Testing - Direct, execute, and own activities related to routine proactive assessments of IT controls, systems, and procedures to ensure conformity with expected requirements and documented controls.  
• Audit Program Management - Own and drive successful, on-time delivery of complex assurance programs (e.g., PCI, ISO) by effectively managing auditors, timelines, and cross-functional evidence collection. 
• Risk Identification Support for Compliance - Assist in proactively identifying potential compliance vulnerabilities, risks, or emerging areas of focus within IT processes in line with compliance standards. Participate in developing and assessing management action under the guidance of more senior team members.
• Process and Procedure Definition and Maturity - Support the team in developing, implementing, and maintaining IT Compliance processes and procedures that meet external and internal requirements. Help ensure these procedures are effectively communicated across all IT departments.
• Continued Growth of a Compliance First Culture - Support the creation and facilitation of compliance training programs, runbooks, and communications to further enable Toasters to continuously operate in a compliant manner.

Do you have the right ingredients*? (Requirements)

• 8+ years of progressive experience owning and successfully delivering multi-framework compliance programs such as ISO 27001, PCI (DSS and other standards), ISO 27001, RED DA, NIS2, EBA ICT, GDPR, UK OpRes, CRA, PSD2, etc. 
• Knowledge of IT General Control requirements, scoping, control design, control implementation.
• Deep understanding of cloud computing architectures and security patterns, including assessing and implementing compliance controls in such environments. 
• Familiarity with AuditBoard or other GRC (Governance, Risk, and Compliance) and Enterprise Risk Management (ERM) solutions, tools, platforms, and processes.
• Experience with compliance programs in fast-changing and evolving environments. 
• Proven ability to operate as a trusted second-line advisor who can educate, influence, and partner with high-velocity engineering and product teams toward sustainable compliance.
• Effective communication and writing skills, with the ability to clearly and concisely articulate complex ideas and concepts in both verbal and written form.

Bonus ingredients:

• Working knowledge and familiarity with SOX, SOC, NIST CSF.
• Experience working with Jira, Confluence, Asana, Slack, and Google Workspace ecosystem.
• Experience in privacy, data classification, and data subject rights protection.
• Experience working in fintech, payment facilitation / marketplace, merchant processing and/or fraud/risk.
• Relevant industry certifications such as CISSP (Certified Information Systems Security Professional), CISA (Certified Information Systems Auditor), CISM (Certified Information Security Manager), PCI QSA / ISA (Qualified or Internal Security Assessor), or equivalent expertise. 

**This role requires a minimum of two days per week in our Dublin office**

AI at Toast

At Toast, one of our company values is that we're hungry to build and learn. We believe learning new AI tools empowers us to build for our customers faster, more independently, and with higher quality. We provide these tools across all disciplines, from Engineering and Product to Sales and Support, and are inspired by how our Toasters are already driving real value with them. The people who thrive here are those who embrace changes that let us build more for our customers; it’s a core part of our culture.

Our Total Rewards Philosophy 
We strive to provide competitive compensation and benefits programs that help to attract, retain, and motivate the best and brightest people in our industry. Our total rewards package goes beyond great earnings potential and provides the means to a healthy lifestyle with the flexibility to meet Toasters’ changing needs. Learn more about our benefits at https://careers.toasttab.com/toast-benefits.