PCI Manager

Boston, MA, US

Job Description / Skills Required

Toast is driven by building the restaurant platform that helps restaurants adapt, take control, and get back to what they do best: building the businesses they love. 

Toast is seeking a PCI compliance leader to provide technical assistance in leading and managing Toast’s PCI compliance program to ensure Toast products and services are built, maintained and matured in compliance with the Payment Card Industry Data Security Standards (PCI DSS). In this highly visible role, the Senior PCI Engineer will collaborate as a program lead for Toast’s annual PCI assessments and SSF conversion as well as through partnering with the R&D, Product and FinTech organizations to strengthen and scale Toast’s solutions for long-term growth. 

 

About this roll* (Responsibilities) 

  • Assist in leading and monitoring Toast’s PCI DSS compliance program
  • Verify that all PCI DSS controls are documented, operating effectively and monitored through the course of the year; recommend, draft and review compensating controls as necessary
  • Collaborate in the development of cross functional products and services with key stakeholders; perform design and operational effectiveness validation of all technical remediation plans
  • Perform gap assessments and reviews as needed and identify, consult on, and track remediation of all  PCI compliance-related observations/findings
  • Oversee and sample periodic monitoring and review of audit logging records for appropriateness, timeliness and completeness
  • Assist Toast’s Security team with the review and/or remediation of areas such as penetration testing, vulnerability scans, external assessments or other activities
  • Support PCI-related business, customer and partner requests
  • Collaborate with technical operation teams to develop and maintain current, external facing PCI-related program documentation for sub-merchants in a central location
  • Participate in customer related due diligence exercises and investigations as needed
  • Assist in implementation and management of cloud-based GRC tool

Do you have the right ingredients*? (Requirements)

  • 6-10 years recent experience leading assessments for large Level 1 Service Providers ( FinTech / Visa TPA’s such as PayFacs) and managed service providers (MSP’s) in an AWS hosted environment.
  • CISSP, current or recent QSA and CCSP or AWS security certifications
  • Previous  experience in an internal Product Security, DevOps and Network Operations  or Administrator role 
  • Demonstrable knowledge and experience with varying technical implementations of all current PCI DSS requirements, PCI SSC guidance , SSF requirements and PayFac obligations 
  • Deep understanding of fast paced product-based SaaS organizations 
  • Cloud security knowledge 
  • Strong writing skills and the ability to communicate information about complex issues to stakeholders in a clear and easy to understand way.
  • Ability to develop creative and adaptive solutions to unique and complex inquiries

 

Special Sauce* (Nonessential Skills/Nice to Haves)

  • P2PE Experience

 

Our Spread* of Total Rewards:

  • Unlimited Vacation
  • Sabbatical opportunity after five years
  • Professional Development Reimbursement Program
  • Commitment to Employee Wellness through resources such as a quarterly Wellness Stipend
  • Various peer and company recognition programs 
  • 401(k) and matching
  • Medical, Dental, & Vision Coverage
  • Mental Health Benefits
  • Subsidized backup childcare

#LI-REMOTE

We are Toasters

Diversity, Equity, and Inclusion is Baked into our Recipe for Success.

At Toast our employees are our secret ingredient. When they are powered to succeed, Toast succeeds.

The restaurant industry is one of the most diverse industries. We embrace and are excited by this diversity, believing that only through authenticity, inclusivity, high standards of respect and trust, and leading with humility will we be able to achieve our goals.

Baking inclusive principles into our company and diversity into our design provides equitable opportunities for all and enhances our ability to be first in class in all aspects of our industry.

Bready* to make a change? Apply today!

Toast is committed to creating an accessible and inclusive hiring process. As part of this commitment, we strive to provide reasonable accommodations for persons with disabilities to enable them to access the hiring process. If you need an accommodation to access the job application or interview process, please contact [email protected].

For roles based in the United States:  As part of our commitment to the health and safety of our employees and their families, all individuals entering our US workspaces are required to provide proof of full vaccination against COVID-19 unless they have an approved medical or religious accommodation.