Senior Technical Governance Analyst- Corpsec

Location: This role can either be based in Boston, MA as hybrid or Remote if you are not within a commutable distance from a Toast office.

Toast is driven by building the restaurant platform that helps restaurants adapt, take control, and get back to what they do best: building the businesses they love.

About this roll* (Responsibilities) 

In this role, you will play a critical part in ensuring the security of Toast’s sensitive data and critical infrastructure. You will be responsible for supporting the ongoing oversight of all workforce-related security initiatives and policies, and collaborating closely with our Security and Business Technology and Transformation teams. This role requires a proactive and strategic approach to identifying and mitigating risks, as well as a deep understanding of the evolving cybersecurity landscape.

Drive Security Initiatives:

• Support key initiatives such as Data Governance Oversight, End Protection/Hardware Inventory, BYOD controls, SaaS Posture Management/Software Inventory, Third Party Risk Management, and Identity Credential and Access Management. 
• Develop and implement governance policies, controls, and best practices to enhance security across corporate IT and workforce systems. 
• Define and maintain security baselines for corporate IT infrastructure and workforce tools, ensuring alignment with industry frameworks (e.g., NIST CSF, CIS, ISO 27001, SOC 2). 
• Partner with IT and Security teams to enhance the security posture of corporate systems, including endpoint management, email security, collaboration tools, and  SaaS solutions. 
• Work with business system and application owners to embed security principles into technology decisions and procurement processes. 
• Act as a liaison between business teams and security teams to ensure business, security and compliance objectives are met. 
• Support corporate security risk assessments, identifying and overseeing mitigation of security risks in alignment with business objectives. 
• Track and report on security governance KPIs and risk metrics, driving continuous improvement. 

• Collaborate with IT and Security:
• Partner closely with the IT team to ensure corporate systems are managed appropriately and meet security objectives. 
• Work with the Security team to implement monitoring and detection capabilities that support workforce security objectives. 
• Vendor Security & Third-Party Risk Management:
• Support vendor security review process, ensuring robust security assessments for third-party SaaS vendors and partners. 
• Collaborate with Legal, Procurement, and Security teams to assess vendor security postures and ensure contractual compliance with security requirements. 
• Monitor vendor risk exposure and recommend remediation strategies for high-risk vendors. 
• Promote Security Culture:
• Foster a strong security culture within the organization through training, awareness programs, and ongoing communication. 
• Key Attributes
  
• Proactive: Anticipates and addresses security risks before they become incidents. 
• Strategic: Develops and implements long-term security strategies that align with business objectives. 
• Collaborative: Builds strong relationships with stakeholders across the organization. 
• Adaptable: Thrives in a dynamic and rapidly changing environment. 
• Passionate: Committed to staying ahead of the curve in the ever-evolving field of cybersecurity.

Do you have the right ingredients*? (Requirements)

• Experience: 5+ years of experience in corporate security, security governance, risk management, IT security, or compliance. 
• Technical Skills: Strong understanding of cybersecurity controls, risk management, incident response, cloud security, corporate IT security, and SaaS governance best practices. 
• Leadership: Proven ability to lead and manage security initiatives and drive cross-functional collaboration. 
• Communication: Excellent written and verbal communication skills with the ability to explain complex security concepts to a non-technical audience. 
• Problem Solving: Ability to identify and solve complex security problems in a fast-paced environment. 
• Familiarity with industry security frameworks such as NIST CSF, ISO 27001, SOC 2, CIS Benchmarks.
• Knowledge of identity and access management (IAM), endpoint security, and corporate security tools.
• Strong ability to engage cross-functional teams and influence stakeholders at all levels.
• Excellent analytical, problem-solving, and communication skills.

Special Sauce* (Nice to Haves)

• Relevant security certifications (e.g., CISSP, CISM, CISA, CCSP). 
• Experience working with GRC tools (e.g., Audit Board, OneTrust, ServiceNow GRC, Vanta, Drata). 
• Understanding of regulatory requirements such as GDPR, CCPA, HIPAA, or SOX. 
• Experience supporting security governance in a remote or hybrid workforce environment.

Our Spread* of Total Rewards
We strive to provide competitive compensation and benefits programs that help to attract, retain, and motivate the best and brightest people in our industry. Our total rewards package goes beyond great earnings potential and provides the means to a healthy lifestyle with the flexibility to meet Toasters’ changing needs. Learn more about our benefits at https://careers.toasttab.com/toast-benefits.

*Bread puns encouraged but not required