Toast is driven by building the restaurant platform that helps restaurants adapt, take control, and get back to what they do best: building the businesses they love.
Toast is seeking a PCI compliance professional to assist with the facilitation and monitoring of Toast’s PCI DSS Compliance program. In this highly visible role, the PCI Program Manager will assist in managingToast’s
day-to-day PCI compliance program and will collaborate as a program lead for Toast’s annual PCI assessments and SSF conversion. This role will also manage the tracking and reporting of all PCI related program statuses and metrics as well as advising and consulting with internal teams on PCI related initiatives, programs and resources
About this roll* (Responsibilities)
- Assist in leading and monitoring Toast’s PCI DSS compliance program.
- Develop methodology to identify and track all applicable regulatory and program changes in a timely fashion and ensure all changes and associated risks are assessed appropriately.
- Collaborate with the PCI Manager to incorporate PCI-related compliance activities into R&D, Product and FinTech strategy, roadmaps, planning and budgeting activities
- Prepare reporting metrics that capture the current status and projected needs of Toast’s PCI compliance program and roadmap for audiences at multiple levels
- Prepare, update and maintain Toast’s PCI governance documentation and streamline storage of PCI artifacts for security and searchability.
- Participate in customer related due diligence requests exercises and ensure curated database is accurate and complete
- Monitor and review in-scope third party partner compliance and perform analysis of exceptions and trends.
- Assist in developing and maintaining program documentation for sub-merchants and customer care
- In collaboration with the IT Compliance Lead, select, configure and implement a cloud-based GRC tool
Do you have the right ingredients*? (Requirements)
- Bachelor's degree or equivalent work experience 4-5 years experience internally managing multiple large concurrent PCI DSS Level 1 service provider assessment programs in a fast-paced cloud hosted fintech, PayFac or MSP.
- Current or recent QSA
- Program Management experience
- Knowledge and demonstrable experience with all current PCI DSS requirements, general PCI SSC guidance, SAQ types and guidance, SSF requirements, P2PE standards and PayFac obligations.
- Experience developing and reporting on metrics to provide for different levels of an organization.
- Strong writing skills; the ability to frame messages for specific audiences and communicate information about complex issues to stakeholders in a clear and easy to understand way.
- Deep understanding of fast paced product-based SaaS organizations and demonstrable experience partnering effectively across the organization.
Special Sauce*: (Nonessential Skills/Nice to Haves)
- AWS Certifications
Our Spread of Total Rewards
- Unlimited Vacation
- Sabbatical opportunity after five years
- Professional Development Reimbursement Program
- Commitment to Employee Wellness through resources such as a quarterly Wellness Stipend
- Various peer and company recognition programs
- 401(k) and matching
- Medical, Dental, & Vision Coverage
- Mental Health Benefits
- Subsidized backup childcare
*Bread puns encouraged but not required
We are Toasters
Diversity, Equity, and Inclusion is Baked into our Recipe for Success.
At Toast our employees are our secret ingredient. When they are powered to succeed, Toast succeeds.
The restaurant industry is one of the most diverse industries. We embrace and are excited by this diversity, believing that only through authenticity, inclusivity, high standards of respect and trust, and leading with humility will we be able to achieve our goals.
Baking inclusive principles into our company and diversity into our design provides equitable opportunities for all and enhances our ability to be first in class in all aspects of our industry.
Bready* to make a change? Apply today!
Toast is committed to creating an accessible and inclusive hiring process. As part of this commitment, we strive to provide reasonable accommodations for persons with disabilities to enable them to access the hiring process. If you need an accommodation to access the job application or interview process, please contact [email protected].
For roles based in the United States: As part of our commitment to the health and safety of our employees and their families, all individuals entering our US workspaces are required to provide proof of full vaccination against COVID-19 unless they have an approved medical or religious accommodation.