Toast is driven by building the restaurant platform that helps restaurants adapt, take control, and get back to what they do best: building the businesses they love. 

Toast is seeking an experienced Technical Compliance Program Manager who will play a crucial role in the technical compliance program of Toast’s Core POS business line. In this highly visible role, the Technical Compliance Program Manager will drive program deliverables and initiatives that efficiently support the team in meeting roadmap initiatives and compliance requirements for the PCI DSS, SSF, SOC 2 and ISO2700x frameworks throughout the year.

About this roll* (Responsibilities) 

• Serve as the primary day-to-day program lead for Toast’s portfolio of third-party  technical compliance assessments, which include PCI DSS, SSF, SOC 2 and ISO 2700x.
• Support the Technical Compliance team’s program roadmap and assist in the development and monitoring of a robust technical compliance program to scale with Toast’s growth.
• Partner with the team to translate complex business and compliance requirements into clear, attainable and executable plans.
• Identify and proactively drive high-quality deliverables and manage all phases of assessments and initiatives to resolution.
• Ensure cross-team engagement, alignment and that all teams allocated to each assessment, project or initiative understand the priorities and are fully aligned with them. 
• Ensure identified risks, decisions and blockers are documented and communicated across all workstreams.
• Identify dependencies between projects that might affect the delivery date, and coordinate dependencies between teams. 
• Facilitate recurring standups, status meetings, engagement discussions and retrospectives. 
• Partner with the R&D PMO to develop and deliver highly visible and transparent reporting and proposal documentation to leadership and key stakeholders on an established frequency.
• Assist in developing and maintaining team productivity metrics and reporting.
• Manage team productivity tracking tool and assist in selecting and implementing cloud-based GRC tool.

Do you have the right ingredients*? (Requirements)

• PMP or PMI certification, PCIP, CISSP preferred
• 5-7+ years of experience managing complex technical compliance and security programs for a cloud based, agile technology or payment processing company.
• At least 2-3 years of experience managing PCI DSS and SOC 2 programs. 
• Experience working with and working knowledge of Security, DevOps, Engineering, IT, Product, and Hardware organizations.
• Strong organizational skills, successful track record of coordinating between multiple project stakeholders, technical program managers, and technical teams.
• Experience in creating and managing complex, cross-team project plans; prior success in driving the efficient execution of large-scale project plans across multiple teams in support of organizational goals.
• Solid track record of providing high quality on-time, on-scope deliverables.
• Demonstrable experience interacting with auditors and strategic partners
• Strong verbal and technical communication 
• Strong writing skills and the ability to communicate information about complex technical compliance issues to a variety of stakeholders in a clear and concise way.

Special Sauce* (Nonessential Skills/Nice to Haves)

• Experience with P2PE programs
• Experience with NIST CSF programs
• Coda experience

Our Spread of Total Rewards

• Unlimited Vacation
• Sabbatical opportunity after five years
• Professional Development Reimbursement Program
• Commitment to Employee Wellness through resources such as a quarterly Wellness Stipend
• Various peer and company recognition programs 
• 401(k) and matching
• Medical, Dental, & Vision Coverage
• Mental Health Benefits
• Subsidized backup childcare

*Bread puns encouraged but not required

#LI-remote