IT SOX Compliance Lead/Manager
Now more than ever, restaurants are seeking creative financial solutions to assist them and their employees with their dynamic and unique financial needs. Through its rapidly-growing FinTech business line, Toast is able to help its constantly expanding base of restaurant customers adapt, grow, and thrive by designing, marketing, and providing operational support for innovative financial products and services that offer facilitated access to revenue, capital, Toast POS hardware and software financing, employee benefits, payment processing solutions, and more.
Toast is seeking an experienced IT SOX Compliance professional to ensure the compliant and operationally effective design and implementation of Toast’s IT SOX program. In this highly visible role, the IT SOX Compliance Lead / Manager will also be responsible for the day-to-day internal management of both Toast’s IT SOX and SOC 2 program, and as a liaison with Toast’s internal and external auditors.
About this roll* (Responsibilities)
- Assist in the scoping and planning process for SOX, which includes assessing financial statement risk and mapping key processes, systems and accounts to build Toast’s IT General Control (ITGC) environment and annual SOX plan
- Lead the design and internal assessment of operationally effective ITGC’s in Toast’s AWS cloud environment and partner with internal and external audit teams to ensure a timely and efficient approach is used for testing and resolution of deficiencies
- Develop and provide routine training to control owners and ensure a thorough understanding of Toast’s IT SOX program, control design, and the impact of their control(s) on Toast’s financial statements
- Serve as subject matter expert and advise on the implementation and monitoring of comprehensive plans for IT SOX oversight of relevant enterprise and IT initiatives
- Review and update IT process documentation for accuracy and completeness; manage and track remediation projects
- Coordinate quarterly user access reviews and annual SOC report reviews
- Coordinate and manage Toast’s annual SOC 2 audit program
- Configure and/or administer IT SOX modules of cloud-based governance, risk and compliance (GRC) tool.
Do you have the right ingredients*? (Requirements)
- CISA, CISM, or CRISC certification (required)
- Experience working directly with internal Engineering, IT and Security teams (required)
- 8-10 years of recent IT SOX program management experience in two or more cloud hosted Fintech, SaaS or Technology start-ups pre and post-IPO (required)
- ISO 27001 Lead Auditor (a plus)
- Extensive knowledge of internal control and compliance frameworks (specifically COSO, COBIT, SOX, SOC 2 and ISO 27001) and hands-on experience applying the frameworks to design controls that are operationally effective across multiple compliance programs in cloud-based IT environments similar to Toast (required)
- Advanced ability in analyzing IT risk and designing efficient controls to minimize risk
- Strong writing skills and the ability to communicate information about complex issues to stakeholders in a clear and easy to understand way
- Ability to develop creative and adaptive solutions to unique and complex product design inquiries
- Unwavered by a rapid-paced working environment and meeting deadlines
- Team-focused, positive attitude, and good sense of humor
- Ability to collaborate effectively with a wide range of people in a diverse and accepting environment
*Bread puns encouraged but not required