Now more than ever, restaurants are seeking creative financial solutions to assist them and their employees with their dynamic and unique financial needs. Through its rapidly-growing FinTech business line, Toast is able to help its constantly expanding base of restaurant customers adapt, grow, and thrive by designing, marketing, and providing operational support for innovative financial products and services that offer facilitated access to revenue, capital, Toast POS hardware and software financing, employee benefits, payment processing solutions, and more. 

Toast is seeking an experienced PCI compliance professional to assist with the day-to-day general compliance needs of Toast’s Core POS line of business PCI program. In this highly visible role, the PCI Analyst will help lead Toast’s annual PCI assessment, advise and consult with internal teams on PCI related initiatives and programs, development of a continuous monitoring program and provide general PCI-related support to Toast’s internal technical teams.

About this roll* (Responsibilities) 

• Lead the facilitation and monitoring of Toast’s PCI DSS Compliance program in conjunction with Toast’s QSA firm.
• Ensure that all PCI DSS controls are documented, operating effectively and monitored through the course of the year; recommend, draft and review compensating controls
• Ensure PCI requirements have been appropriately incorporated into current processes as required.
• Provide consultative guidance and oversight to project teams to design, develop, deploy and sustain solutions that meet PCI DSS requirements, including but not limited to a set of technical deliverables, cost, schedule, quality, and status reporting
• Configure and/or administer PCI program via cloud managed GRC tool
• Prepare, update and maintain customer-facing PCI documentation
• Participate in customer related due diligence exercises and investigations as needed

Do you have the right ingredients*? (Requirements)

• 5-7 years’ prior experience managing a QSA-led PCI DSS Level 1 Service Provider’s assessment or serving as a QSA in an AWS hosted technology/fintech start-up.
• CISSP and CCSP or AWS Certified Security - Specialty certifications (required)
• ISO27001 Lead Auditor a plus
• Knowledge and demonstrable experience with all current PCI DSS requirements, PA DSS requirements, P2PE standards and PCI SSC guidance (required)
• Experience working with and interpreting Visa, Mastercard and American Express Operating Regulations and Security Operating Policies; NACHA (required)
• Knowledge and experience reviewing and advising internal partners on network segmentation, encryption and key management, tokenization, antivirus and malware, secure software development lifecycle (SSDLC), identity and access management, vulnerability management, penetration testing, file integrity monitoring and logging.
• Advanced ability in analyzing risk and designing efficient controls to minimize risk
• Strong writing skills and the ability to communicate information about complex issues to stakeholders in a clear and easy to understand way
• Ability to develop creative and adaptive solutions to unique and complex product design inquiries
• Unwavered by a rapid-paced working environment and meeting deadlines
• Self-disciplined and able to work on individual tasks, sometimes without clear requirements, works well in a team environment, positive attitude and good sense of humor
• Ability to collaborate effectively with a wide range of people in a diverse and accepting environment

*Bread puns encouraged but not required