Senior Technical Compliance Analyst

About this roll* (Responsibilities) 

• Direct and support the planning and execution of PCI assessments of Toast payment solutions and environments, which includes interpreting and assessing controls using compliance frameworks with a focus on payment card compliance and security (e.g. PCI DSS, PCI SSF, PTS, MPoC, PIN, P2PE).
• Coordinate with external assessors (QSA, QPA, other), process/control owners, and other key internal / external stakeholders to streamline the assessment process for gained efficiencies, including activities related to collecting and reviewing evidence and refining the relevant runbooks. 
• Support the monitoring of the implementation and validation of any recommended remediations from internal or external assessments. 

• Actively support ongoing PCI program health and maturity.
• Document and maintain cardholder data environment scope narratives, controls and supporting evidence.
• Monitor business activities by collaborating with cross-functional team leaders to ensure the organization maintains compliance with external certifications.
• Evaluate current and evolving processes and technical controls to identify compliance gaps against  one or more security frameworks, and produce actionable feedback for stakeholder review and remediation.
• Advise and consult with internal teams on PCI-related initiatives and programs, development of a continuous monitoring program and provide general PCI-related support to technical teams.
• Perform ongoing design and operating effectiveness reviews to identity changes impacting relevant products and infrastructure and work with teams on compliance readiness roadmaps. 
• Manage and respond to customer requests regarding PCI compliance.
• Create and maintain documentation to support the PCI Management Program.
• Develop and deliver training on PCI topics to relevant stakeholders.
• Collaborate with other members of the GRC team on team-wide initiatives.

Do you have the right ingredients*? (Requirements)

• Experience (5-7+ years) in Security GRC, IT security, or a related field, with in-depth working knowledge of PCI standards including PCI DSS, preferably inside fast growing companies.
• Understanding of cloud computing architectures and security patterns, including assessing and implementing PCI controls in such environments. 
• High levels of curiosity, persistence, and a grounded approach to getting things done
• Familiarity with GRC (Governance, Risk, and Compliance) solutions, tools, platforms, and Enterprise Risk Management (ERM) processes
• Knowledge of industry security, audit, and privacy standards, frameworks, and regulations, such as PCI DSS (and other PCI standards), ISO27001, etc. 
• Relevant industry certifications such as CISSP (Certified Information Systems Security Professional), CISA (Certified Information Systems Auditor), CISM (Certified Information Security Manager) OR equivalent expertise. QSA / ISA certification / experience preferred.

Bonus ingredients:

• Experience working with GRC tools such as AuditBoard
• Experience working with Atlassian tools, including Jira, Confluence, and Atlas
• Working knowledge and familiarity with enterprise risk management, GDPR, EBA ICT, DORA, SOX, COBIT, SOC/SSAE18
• Experience working in fintech, payment facilitation / marketplace, merchant processing and/or fraud/risk

Our Spread* of Total Rewards

We are Toasters

Bready* to make a change? Apply today!