Now more than ever, restaurants are seeking creative financial solutions to assist them and their employees with their dynamic and unique financial needs. Through its rapidly-growing FinTech business line, Toast is able to help its constantly expanding base of restaurant customers adapt, grow, and thrive by designing, marketing, and providing operational support for innovative financial products and services that offer facilitated access to revenue, capital, Toast POS hardware and software financing, employee benefits, payment processing solutions, and more.
Toast is seeking an experienced IT compliance professional to assist with the day-to-day general IT compliance needs of its Core POS business line. In this highly visible role, the Lead IT Compliance Analyst will help create and maintain corporate policies and procedures, manage internal testing programs, advise and consult with internal teams and customers on areas of IT risk and provide general support to Toast’s IT Compliance, Security and Legal teams.
About this roll* (Responsibilities)
- Assist in the development and maintenance of a robust compliance program to scale with the company’s growth and ensure that Toast products and services comply with all applicable regulatory requirements and industry best practices.
- Experience working directly with internal Security, TechOps, IT, Product, Hardware and Operations teams (required)
- Become a “go-to” contact on IT compliance-related matters, which includes responding to daily compliance related inquiries and referrals, participating in special projects, providing technical support to other departments and assisting sales with RFP’s and escalated customer inquiries
- Assist in documenting IT Compliance processes and procedures
- Serve as a point person for, and coordinate responses to, regulatory inquiries, due diligence requests and external audit requests (e.g., card brand reviews, SOC 1/2 , PCI, SOX and partner due diligence)
- Assist in the development and implementation of a continuous monitoring program for IT compliance and automation of manual processes.
- Perform tests of controls in accordance with compliance programs, including PCI and SOX.
- Monitor regulatory and industry trends to ensure required changes in compliance policies, procedures and testing are integrated in a timely manner.
- Assist with enterprise-wide targeted training for customers in compliance with relevant card brand and regulatory requirements
- Assist in the configuration and/or administration of a cloud-based (GRC) tool.
Do you have the right ingredients*? (Requirements)
- CISA, CISM or CRISC and CISSP certification (required)
- At least 3-5 years of IT compliance experience in a start-up environment; both pre and post-IPO (required)
- At least 1 year of experience in technology, payment processing services or working knowledge and interest of technology infrastructure principles and practices (required)
- ISO 27001 Lead Auditor (a plus)
- Demonstrable experience interacting with auditors and strategic partners in cloud-based environments similar to Toast, relating to assurance frameworks such as SOX, PCI DSS, PA DSS, P2PE, ISO27001, SOC 2 Trust Principles, as well as Card Brand Merchant Operating Rules & Programs, Visa / Mastercard Payment Facilitator obligations, Integrated POS Provider and Payment Aggregator obligations for American Express, Business Continuity and Disaster Recovery and Third-Party Risk Management. NACHA experience (experience with some of these areas is required)
- Experience working on large cross functional teams, representing IT compliance on initiatives such as change management, identity and access management, policy management and data retention.
- Strong writing skills and the ability to communicate information about complex issues to stakeholders in a clear and easy to understand way
- Ability to develop creative and adaptive solutions to unique and complex inquiries
- Unwavered by a rapid-paced working environment and meeting deadlines
- Team-focused, positive attitude, and good sense of humor
- Ability to collaborate effectively with a wide range of people in a diverse and accepting environment
*Bread puns encouraged but not required