[Hiring] Lead Technical Governance Analyst @Toast

Role Description

The Lead Technical Governance Analyst is a high-impact, autonomous role responsible for designing and driving the foundational architecture of our world-class GRC program.

A day in the life (Responsibilities):

• Play an integral part in building the frameworks, systems, and transformation programs that enable scale and efficiency across all security and compliance and risk domains.
• Support the ongoing oversight of certain workforce-related security initiatives and policies.
• Collaborate closely with our Security and Business Technology and Transformation teams to ensure the security of Toast’s sensitive data and critical infrastructure.
• Proactively identify and mitigate risks with a deep understanding of the evolving cybersecurity landscape.

• Drive Security and Technical Governance Risk and Compliance Initiatives:
• GRC Platform Ownership: Serve as the primary admin and product owner for the GRC platform (AuditBoard), designing advanced workflows, automation, and metrics that centralize risk and compliance data.
• Common Controls Framework (CCF) Stewardship: Own and evolve the Common Controls Framework, mapping and maintaining complex regulations (NIST CSF, SOC 2, PCI DSS, ISO 27001) to a single source of truth.
• Lead Strategic Initiatives: Independently lead complex, cross-functional "zero-to-one" security programs from concept to operational maturity.
• Customer Trust Optimization: Drive the strategy for our Trust Center, operationalizing our ability to address customer and partner security questionnaires efficiently.
• Develop and implement governance policies, controls, and best practices to enhance the security posture across corporate IT and workforce systems.
• "Compliance by Design" Advisory: Champion the "Shift Left" strategy by co-developing standards that embed GRC checkpoints into the SDLC and Product innovation pipelines.
• Change Events Governance: Define and standardize the process for assessing GRC impacts during major system changes.
• Track and report on security governance KPIs and risk metrics, driving continuous improvement.

• Collaborate with IT and Security:
• Partner closely with the IT team to ensure corporate systems are managed appropriately and meet security objectives.
• Work with the Security team to implement monitoring and detection capabilities that support workforce security objectives.

• Promote Security Culture:
• Foster a strong security culture within the organization through training, awareness programs, and ongoing communication.

Qualifications

• 8+ years of progressive experience in Information Security GRC, Audit, or Technical Program Management.
• Hands-on experience designing and operationalizing a Common Controls Framework (CCF).
• Proven experience serving as an Administrator, Architect, or primary owner of a modern GRC tool (e.g., AuditBoard, ServiceNow GRC, Workiva).
• Expert ability to define, manage, and enforce a clear hierarchy of governance documentation (Policy, Standard, Procedure).
• Demonstrated ability to drive the lifecycle of complex security initiatives.
• Strong understanding of cybersecurity controls across cloud security, corporate IT security, and identity and access management (IAM).
• Proven ability to lead and manage security initiatives and drive complex, cross-functional collaboration efforts.
• Exceptional written and verbal communication skills.
• A proactive and strategic approach to identifying, mitigating, and documenting risks.

Requirements

• Experience with scripting (e.g., Python, SQL) or building APIs/integrations to automate evidence collection.
• Relevant security certifications such as CISSP, CISM, or CISA.
• Experience designing or facilitating training programs (e.g., Compliance Champions) or leading Cyber Tabletop Exercises.
• Experience supporting security governance in a remote or hybrid workforce environment.

Benefits

Learn more about our benefits at https://careers.toasttab.com/toast-benefits .

Company Description

At Toast, one of our company values is that we're hungry to build and learn. We believe learning new AI tools empowers us to build for our customers faster, more independently, and with higher quality.

• We strive to provide competitive compensation and benefits programs that help to attract, retain, and motivate the best and brightest people in our industry.
• Our total rewards package goes beyond great earnings potential and provides the means to a healthy lifestyle with the flexibility to meet Toasters’ changing needs.