Toast is driven by building the restaurant platform that helps restaurants adapt, take control, and get back to what they do best: building the businesses they love. 

Toast is seeking a PCI compliance professional to provide technical assistance in leading and managing Toast’s PCI compliance program to ensure Toast products and services are built, maintained and matured in compliance with the Payment Card Industry Data Security Standards (PCI DSS). In this highly visible role, the Senior PCI Engineer will collaborate as a program lead for Toast’s annual PCI assessments and SSF conversion as well as through partnering with the R&D, Product and FinTech organizations to strengthen and scale Toast’s solutions for long-term growth. 

About this roll* (Responsibilities) 

• Assist in leading and monitoring Toast’s PCI DSS compliance program

• Verify that all PCI DSS controls are documented, operating effectively and monitored through the course of the year; recommend, draft and review compensating controls as necessary
• Collaborate in the development of cross functional products and services with key stakeholders; perform design and operational effectiveness validation of all technical remediation plans
• Perform gap assessments and reviews as needed and identify, consult on, and track remediation of all  PCI compliance-related observations/findings
• Oversee and sample periodic monitoring and review of audit logging records for appropriateness, timeliness and completeness
• Assist Toast’s Security team with the review and/or remediation of areas such as penetration testing, vulnerability scans, external assessments or other activities
• Support PCI-related business, customer and partner requests
• Collaborate with technical operation teams to develop and maintain current, external facing PCI-related program documentation for sub-merchants in a central location
• Participate in customer related due diligence exercises and investigations as needed
• Assist in implementation and management of cloud-based GRC tool

Do you have the right ingredients*? (Requirements)

• 6-10 years recent experience leading assessments for large Level 1 Service Providers ( FinTech / Visa TPA’s such as PayFacs) and managed service providers (MSP’s) in an AWS hosted environment.
• CISSP, current or recent QSA and CCSP or AWS security certifications
• Previous  experience in an internal Product Security, DevOps and Network Operations  or Administrator role 
• Demonstrable knowledge and experience with varying technical implementations of all current PCI DSS requirements, PCI SSC guidance , SSF requirements and PayFac obligations 
• Deep understanding of fast paced product-based SaaS organizations 
• Cloud security knowledge 
• Strong writing skills and the ability to communicate information about complex issues to stakeholders in a clear and easy to understand way.
• Ability to develop creative and adaptive solutions to unique and complex inquiries

Special Sauce* (Nonessential Skills/Nice to Haves)

• P2PE Experience

Our Spread* of Total Rewards:

• Unlimited Vacation
• Sabbatical opportunity after five years
• Professional Development Reimbursement Program
• Commitment to Employee Wellness through resources such as a quarterly Wellness Stipend
• Various peer and company recognition programs 
• 401(k) and matching
• Medical, Dental, & Vision Coverage
• Mental Health Benefits
• Subsidized backup childcare

#LI-REMOTE