Principal IT Compliance Analyst, Technical Access and Data Privacy
تفاصيل الوظيفة
The Technical Governance, Risk and Compliance (Technical GRC) team enables the growth of Toast as we build secure products and enter new markets, while meeting industry and regulatory requirements. We are seeking a seasoned professional to lead our Data Privacy and Identity and Access Management (IAM) oversight programs, as part of our 2nd line of defense. This role will partner closely with many leaders across the organization, especially within the Compliance, Security, Legal, IT and Engineering Leadership. The successful candidate will report directly to the Vice President of Technical GRC, who is responsible for maintaining Toast’s Governance, Risk and Compliance programs across the privacy and IT security domains. These programs span the entire organization and result in the successful completion of the following audits and certifications, SOC 1 Type 1 & 2, SOC 2 Type 1 & 2, Payment Card Industry (PCI) Data Security Standard, and SOX IT compliance. This role is responsible for ensuring that Toast has strong governance over access to our systems, and the data that they contain. About this roll* (Responsibilities)
- Be a Privacy and IT Security GRC domain expert in partnership with Compliance, Security, Legal, IT and Engineering Leadership, with a main focus on our data privacy and IAM oversight programs
- Play a leading role in our Identity and Access Management Governance program, ensuring that Toast consistently adheres to the principle of least privilege without causing unnecessary friction to the business
- Establish and maintain a governance structure over our IAM processes to ensure effectiveness and efficiency in meeting our internal policy and regulatory compliance, including SOX 404 IT requirements
- Lead the 2nd line Technical Data Privacy program, owning the related policies, working closely with legal and the 1st line teams as part of the broader Data Governance program
- Help Toast automate governance and compliance functions to scale visibility into policy compliance and drive technical solutions that enable Toast teams to be compliant in a highly competitive industry
- Participate in technical design discussions, evaluate security properties of systems and services, drive risk decisions, and influence technical architecture
- Develop, implement and promote security standards and frameworks
- Interpret and communicate security and compliance constraints to key stakeholders
- Monitor changes to applicable security and privacy related laws, regulations and industry standards
- 3+ years in a security and or privacy leadership role
- 7+ years in a security and or privacy focused role in a technology heavy industry
- Experience maintaining and maturing a data governance program
- A proven track record of impactful involvement in Identity and Access Management programs
- A strong understanding of cloud computing architectures and security patterns
- Ability to drive change in a complex environment with minimal supervision
- High levels of curiosity, persistence, and a grounded approach to getting things done
- Experience designing controls and stewarding implementation/maintenance with IT and business owners in alignment with industry privacy and security standards (e.g. NIST 800-53, ISO 27001, GDPR, CCPA/CPRA)
- Working knowledge of one or more relevant compliance regulations such as PCI DSS, SOX, SSAE18
- Experience in using automation and data analytics to enable effectiveness and efficiencies in GRC programs
- AWS and GCP or Azure IAM
- Terraform, Docker, Java, Kotlin, Python
- JSON, gRPC, and Protocol Buffers
- PostgreSQL, DynamoDB
- Event-driven architecture
- Hex, Looker, Snowflake, Jupyter notebooks
- Salesforce, ServiceNow
- Agile software development and change management tools such as GitHub
- IAM tools such as Okta, Sailpoint
Apply safely
To stay safe in your job search, information on common scams and to get free expert advice, we recommend that you visit SAFERjobs, a non-profit, joint industry and law enforcement organization working to combat job scams.