Toast · 1 month ago
Lead Technical Governance Analyst
United States
Full-time
Hybrid
Lead/Staff
$129K/yr - $206K/yr
8+ years expToast creates technology to help restaurants and local businesses succeed in a digital world. The Lead Technical Governance Analyst is responsible for designing and driving the foundational architecture of the GRC program, focusing on security and compliance initiatives while collaborating with IT and Security teams to ensure the protection of sensitive data.
DeliveryPoint of SaleSaaS
Responsibilities
Serve as the primary admin and product owner for the GRC platform (AuditBoard). You will move beyond administration to design advanced workflows, automation, and metrics that centralize risk and compliance data
Own and evolve the Common Controls Framework. You will map and maintain complex regulations (NIST CSF, SOC 2, PCI DSS, ISO 27001) to a single source of truth, directly driving compliance efficiencies
Independently lead complex, cross-functional "zero-to-one" security programs, taking them from concept to operational maturity
Drive the strategy for our Trust Center, operationalizing our ability to address customer and partner security questionnaires in a more efficient manner,reducing manual efforts and shortening lead times
Develop and implement governance policies, controls, and best practices to enhance the security posture across corporate IT and workforce systems
Champion the "Shift Left" strategy by co-developing standards that embed GRC checkpoints into the SDLC and Product innovation pipelines, ensuring security is baked in, not bolted on
Define and standardize the process for assessing GRC impacts during major system changes, ensuring consistent intake and triage across all compliance programs
Track and report on security governance KPIs and risk metrics, driving continuous improvement
Partner closely with the IT team to ensure corporate systems are managed appropriately and meet security objectives
Work with the Security team to implement monitoring and detection capabilities that support workforce security objectives
Foster a strong security culture within the organization through training, awareness programs, and ongoing communication
Qualification
Required
8+ Years of progressive experience in Information Security GRC, Audit, or Technical Program Management
Hands-on experience designing and operationalizing a Common Controls Framework (CCF) to map and consolidate controls across multiple regulatory frameworks (SOX, PCI DSS, SOC 2, NIST CSF, ISO 27001)
Proven experience serving as an Administrator, Architect, or primary owner of a modern GRC tool (e.g., AuditBoard, ServiceNow GRC, Workiva), including advanced workflow design, configuration, and maintenance
Expert ability to define, manage, and enforce a clear hierarchy of governance documentation (Policy, Standard, Procedure) and maintain security baselines for corporate IT and workforce tools
Demonstrated ability to drive the lifecycle of complex security initiatives, such as Data Governance Oversight, SaaS Posture Management, End Protection/Hardware Inventory, and Third-Party Risk Management
Strong understanding of cybersecurity controls across cloud security, corporate IT security, and identity and access management (IAM). Committed to staying ahead of the curve in the ever-evolving field of cybersecurity
Proven ability to lead and manage security initiatives and drive complex, cross-functional collaboration efforts without direct authority
Builds strong relationships with stakeholders across the organization and thrives in a dynamic and rapidly changing environment
Exceptional written and verbal communication skills, with the ability to translate complex security architecture into clear business risks for non-technical audiences
A proactive and strategic approach to identifying, mitigating, and documenting risks in a high-growth, fast-paced technology environment
Preferred
Controls Engineering Experience: Experience with scripting (e.g., Python, SQL) or building APIs/integrations to automate evidence collection
Advanced Certifications: Relevant security certifications such as CISSP, CISM, or CISA
Teaching/Enablement: Experience designing or facilitating training programs (e.g., Compliance Champions) or leading Cyber Tabletop Exercises
Experience supporting security governance in a remote or hybrid workforce environment
Benefits
Cash compensation (overtime, bonus/commissions, if eligible)
Benefits
Equity (if eligible)
Company
Toast
Toast is a point-of-sale and restaurant management platform designed for businesses in the food service and hospitality industry.
1001-5000 employees
H1B Sponsorship
Toast has a track record of offering H1B sponsorships. Please note that this does not
guarantee sponsorship for this specific role. Below presents additional info for your
reference. (Data Powered by US Department of Labor)
Distribution of Different Job Fields Receiving Sponsorship
Represents job field similar to this job
Trends of Total Sponsorships
2025 (26)
2024 (32)
2023 (39)
2022 (66)
2021 (29)
2020 (17)
Funding
Current Stage
Public CompanyTotal Funding
$961.95MKey Investors
12 West CapitalT. Rowe PriceBessemer Venture Partners
2021-09-22IPO
2020-11-23Secondary Market· $60M
2020-02-14Series F· $400M
Leadership Team
Aman Narang
CEO and Co-Founder
Steve Fredette
Co-founder and President
Recent News
2026-01-09
Company data provided by crunchbase