Senior Privacy and Cybersecurity Risk Manager

Toast is driven by building the restaurant platform that helps restaurants adapt, take control, and get back to what they do best: building the businesses they love.

Senior Privacy and Cybersecurity Risk Manager

Job Description

The Technical Governance team plays a crucial role in supporting Toast's growth by ensuring the development of secure products and expansion into new markets while adhering to technical industry, partner, and regulatory requirements. We are currently seeking a Senior Privacy and Cybersecurity Risk Manager to lead Toast's Privacy and Cybersecurity Risk Governance program, which is a vital component of our second line of defense. In this role, you will collaborate with various teams throughout Toast, including Product, Engineering, IT, Legal, Privacy and Risk, contributing to the overall success of our Technical Governance function.

 

The successful candidate will report directly to the Vice President of Global Technical Governance, who is responsible for overseeing Toast's Technical Governance, Risk, and Compliance programs in the domains of Data Privacy and Information Technology Security.

 

About this roll* (Responsibilities) 

• Develop and implement a 2nd line Privacy and Cybersecurity Risk Governance program compliant with ISO 27001, NIST CSF, NIST PF and Europrivacy
• Risk owner of the Risk Register, linking controls to risks, regulatory compliance programs, and business requirements.
• Conduct maturity assessments and control validation for each line of business and across enterprise teams.
• Collaborate with stakeholders to develop security governance processes based on the outcomes of risk assessments exercises.
• Automate risk signal collection, enrichment, and translation from multiple sources across the organization.
• Provide privacy and security risk analysis and consultation to cross-functional teams for integrating risk treatment into the product lifecycle.
• Support the Enterprise Risk and Compliance Program teams in the improvement and optimization of risk assessment frameworks.
• Prepare Technology Risk metrics and reports that drive risk mitigation and control improvement actions.
• Embrace a "shifting left" approach, integrating privacy and cybersecurity considerations early in the development lifecycle, to proactively identify and mitigate risks

 

Qualifications

• Extensive experience (8+ years) in developing, managing, and supporting Privacy and or Cybersecurity Risk programs for technology/software-focused companies.
• Proven track record in setting up and leading the implementation of information systems governance standards and frameworks.
• Strong expertise in integrating privacy and cybersecurity risk management and control frameworks into organizational processes.
• Experience with proactive programs, such as “shifting left”, to create a virtuous cycle that instills risk into the design process, collaborating with cross-functional teams to implement secure design practices and ensure compliance with relevant regulations and standards.
• Familiarity with GRC (Governance, Risk, and Compliance) solutions, tools, platforms, and Enterprise Risk Management (ERM) processes.
• Proficiency in using data visualization tools to develop risk and control charts, dashboards, and reports.
• In-depth knowledge of industry security, audit, and privacy standards, frameworks, and regulations, including NIST RMF, ISO27001, PCI DSS, GDPR, COBIT, SSAE18, NIST CSF, NIST PF, Europrivacy, CCPA, SCF.
• Relevant industry certifications such as MoR (Management of Risk), CISSP (Certified Information Systems Security Professional), Europrivacy, CRISC (Certified in Risk and Information Systems Control), CISA (Certified Information Systems Auditor), CISM (Certified Information Security Manager) OR equivalent expertise

 

Our Spread* of Total Rewards
We strive to provide competitive compensation and benefits programs that help to attract, retain, and motivate the best and brightest people in our industry. Our total rewards package goes beyond great earnings potential and provides the means to a healthy lifestyle with the flexibility to meet Toasters’ changing needs. Learn more about our benefits at https://careers.toasttab.com/toast-benefits.

*Bread puns encouraged but not required

The base salary range for this role is listed below. The starting salary will be determined based on skills and experience. In addition to base salary, our total rewards components include cash compensation (overtime, bonus/commissions if eligible), equity, and benefits.Pay Range$142,000—$227,000 USD

 

We are Toasters

Diversity, Equity, and Inclusion is Baked into our Recipe for Success.

At Toast our employees are our secret ingredient. When they are powered to succeed, Toast succeeds.

The restaurant industry is one of the most diverse industries. We embrace and are excited by this diversity, believing that only through authenticity, inclusivity, high standards of respect and trust, and leading with humility will we be able to achieve our goals.

Baking inclusive principles into our company and diversity into our design provides equitable opportunities for all and enhances our ability to be first in class in all aspects of our industry.

Bready* to make a change? Apply today!

Toast is committed to creating an accessible and inclusive hiring process. As part of this commitment, we strive to provide reasonable accommodations for persons with disabilities to enable them to access the hiring process. If you need an accommodation to access the job application or interview process, please contact candidateaccommodations@toasttab.com.