IT Compliance Lead at Toast
Now more than ever, restaurants are seeking creative financial solutions to assist them and their employees with their dynamic and unique financial needs. Through its rapidly-growing FinTech business line, Toast is able to help its constantly expanding base of restaurant customers adapt, grow, and thrive by designing, marketing, and providing operational support for innovative financial products and services that offer facilitated access to revenue, capital, Toast POS hardware and software financing, employee benefits, payment processing solutions, and more.
Toast is seeking an experienced IT compliance professional to assist with the day-to-day general IT compliance needs of its Core POS business line. In this highly visible role, the IT Compliance Lead will help create and maintain corporate policies and procedures, manage internal testing programs, advise and consult with internal teams and customers on areas of IT risk and provide general support to Toast’s IT Compliance, Security and Legal teams.
About this roll* (Responsibilities)
- Assist in the development and monitoring of a robust compliance program to scale with the company’s growth and ensure that Toast products and services comply with all applicable regulatory requirements and industry best practices.
- Experience working directly with internal Security, TechOps, IT, Product, Hardware and Operations teams (required)
- Become an enterprise-wide subject matter expert for IT compliance-related matters, which includes responding to daily compliance related inquiries and referrals, participating in special projects, providing technical support to other departments and assisting sales with RFP’s and escalated customer inquiries
- Serve as a point person for, and coordinate responses to, regulatory inquiries, due diligence requests and external audit requests (e.g., card brand reviews, SOC 1/2 , PCI, SOX and partner due diligence)
- Assist in leading in the development and implementation of a continuous monitoring program for IT compliance and automation of manual processes.
- Develop and perform control testing to meet Toast’s regulatory obligations.
- Monitor regulatory and industry trends to ensure required changes in compliance policies, procedures and testing are integrated in a timely manner while ensuring all lines of business are adequately prepared for impending regulatory changes.
- Deliver enterprise-wide targeted training for customers in compliance with relevant card brand and regulatory requirements
- Configure and/or administer cloud-based governance, risk and compliance (GRC) tool.
Do you have the right ingredients*? (Requirements)
- CISA, CISM or CRISC and CISSP certification (required)
- At least 5-7 years of experience in a compliance or audit role in a start-up environment; both pre and post-IPO (required)
- At least 4 years of experience in technology, payment processing services or working knowledge and interest of technology infrastructure principles and practices
- Demonstrable experience interacting with regulators, auditors and strategic partners in cloud-based environments similar to Toast, relating to assurance frameworks such as SOX, PCI DSS, PA DSS, P2PE, ISO27001, SOC 2 Trust Principles, as well as Card Brand Merchant Operating Rules & Programs, Visa / Mastercard Payment Facilitator obligations, Integrated POS Provider and Payment Aggregator obligations for American Express, Business Continuity and Disaster Recovery and Third-Party Risk Management. NACHA experience, is a plus
- Experience working on large cross functional teams, representing IT compliance initiatives such as change management, identity and access management, policy management and data retention.
- Advanced ability in analyzing risk and designing efficient controls to minimize risk
- Strong writing skills and the ability to communicate information about complex issues to stakeholders in a clear and easy to understand way
- Ability to develop creative and adaptive solutions to unique and complex product design inquiries
- Unwavered by a rapid-paced working environment and meeting deadlines
- Team-focused, positive attitude, and good sense of humor
- Ability to collaborate effectively with a wide range of people in a diverse and accepting environment
*Bread puns encouraged but not required