We empower the restaurant community to delight guests, do what they love, and thrive.

Principal PCI Compliance Analyst

By clicking Apply Now you agree to share your profile information with the hiring company.
Employer Provided Salary: 147,000-235,000 Annually
Salary data is provided by the employer. Please note this is not a guarantee of compensation.

Toast is driven by building the restaurant platform that helps restaurants adapt, take control, and get back to what they do best: building the businesses they love.

The Technical Governance, Risk and Compliance (Technical GRC) team enables the growth of Toast as we build secure products and enter new markets while meeting industry and regulatory requirements. Our team is a second-line function, providing oversight and leadership to a first-line team designed for high-velocity product innovation and development.

We are currently seeking a Principal Analyst for Technical Compliance who will be responsible for overseeing all aspects of Toast's PCI Compliance Program. In this role, you will collaborate with various teams throughout Toast, including Product, Infrastructure Engineering, IT Security, Developers, Legal, and Risk to ensure our products and processes are following PCI standards.  The successful candidate will report directly to the Senior Director of Technical Compliance who is responsible for establishing and maintaining compliance programs across Toast globally. 

About this roll* (Responsibilities)

Audit / Assessment Management 

  • Lead the planning and execution of PCI assessments of the Toast payment solutions and environments, which includes interpreting and assessing controls using compliance frameworks with a focus on payment card compliance and security (e.g. PCI-DSS, PCI-SSF, PTS, PIN Security Requirements, and P2PE).
  • Coordinate with external assessors (QSA / other), process/control owners, and other key internal / external stakeholders to streamline the assessment process for gained efficiencies, including activities related to collecting evidence and refining the relevant runbooks. 
  • Own and manage the budget for external assessments including agreeing to fees and tracking. 
  • Lead the monitoring of the implementation and validation of any recommended remediations from internal or external assessments. 

Readiness and other compliance support activities 

  • Define and lead activities to support ongoing PCI program health and maturity.
  • Document and maintain cardholder data environment scope narratives and supporting evidence.
  • Monitor business activities by collaborating with cross-functional team leaders to ensure the organization maintains compliance with external certifications.
  • Advise and consult with internal teams on PCI related initiatives and programs, development of a continuous monitoring program and provide general PCI-related support to technical teams.
  • Perform ongoing design and operating effectiveness reviews to identity changes impacting relevant products and infrastructure and work with teams on compliance readiness roadmaps. 
  • Manage and respond to customer requests regarding PCI compliance.
  • Create and maintain documentation to support the PCI Management Program.
  • Develop and deliver training on PCI topics to relevant stakeholders.
  • Collaborate with other members of the GRC team on team-wide initiatives. 

Do you have the right ingredients*? (Requirements)

  • Experience (8+ years) in Security GRC, IT security, or a related field, with in-depth working knowledge of PCI standards including PCI DSS, preferably inside fast growing companies.
  • A strong understanding of cloud computing architectures and security patterns, including assessing and implementing PCI controls in such environments. 
  • High levels of curiosity, persistence, and a grounded approach to getting things done
  • Familiarity with GRC (Governance, Risk, and Compliance) solutions, tools, platforms, and Enterprise Risk Management (ERM) processes.
  • Knowledge of industry security, audit, and privacy standards, frameworks, and regulations, such as PCI DSS (and other PCI standards), ISO27001, COBIT, SSAE18, GDPR, EBA’s ICT, DORA. 
  • Relevant industry certifications such as CISSP (Certified Information Systems Security Professional), CISA (Certified Information Systems Auditor), CISM (Certified Information Security Manager) OR equivalent expertise. QSA certification / experience preferred.

Our Spread* of Total Rewards
We strive to provide competitive compensation and benefits programs that help to attract, retain, and motivate the best and brightest people in our industry. Our total rewards package goes beyond great earnings potential and provides the means to a healthy lifestyle with the flexibility to meet Toasters’ changing needs. Learn more about our benefits at

*Bread puns encouraged but not required


The base salary range for this role is listed below. The starting salary will be determined based on skills and experience. In addition to base salary, our total rewards components include cash compensation (overtime, bonus/commissions if eligible), equity, and benefits.

Pay Range

$147,000$235,000 USD

We are Toasters

Diversity, Equity, and Inclusion is Baked into our Recipe for Success.

At Toast our employees are our secret ingredient. When they are powered to succeed, Toast succeeds.

The restaurant industry is one of the most diverse industries. We embrace and are excited by this diversity, believing that only through authenticity, inclusivity, high standards of respect and trust, and leading with humility will we be able to achieve our goals.

Baking inclusive principles into our company and diversity into our design provides equitable opportunities for all and enhances our ability to be first in class in all aspects of our industry.

Bready* to make a change? Apply today!

Toast is committed to creating an accessible and inclusive hiring process. As part of this commitment, we strive to provide reasonable accommodations for persons with disabilities to enable them to access the hiring process. If you need an accommodation to access the job application or interview process, please contact [email protected].

See More
Apply Now
By clicking Apply Now you agree to share your profile information with the hiring company.

What are Toast Perks + Benefits

Toast Benefits Overview

Toast strives to provide competitive compensation and benefits programs that help to attract, retain and motivate the best and brightest people in our industry. Our total reward package goes beyond great earnings potential and provides the means to a healthy lifestyle with the flexibility to meet our employees’ changing needs.

Volunteer in local community
Partners with nonprofits
Open door policy
OKR operational model
Team based strategic planning
Open office floor plan
Flexible work schedule
Remote work program
Dedicated diversity and inclusion staff
Mandated unconscious bias training
Diversity employee resource groups
We have 14 employee resource groups, known as Toast Communities, dedicated to empowering employees.
Hiring practices that promote diversity
Health Insurance + Wellness
Flexible Spending Account (FSA)
Disability insurance
Dental insurance
Vision insurance
Health insurance
Life insurance
Pet insurance
Wellness programs
Team workouts
Mental health benefits
Financial & Retirement
401(K) matching
Company equity
Employee stock purchase plan
Performance bonus
Charitable contribution matching
Child Care & Parental Leave
Childcare benefits
Generous parental leave
Family medical leave
Adoption Assistance
Company sponsored family events
Vacation + Time Off
Unlimited vacation policy
Generous PTO
Paid volunteer time
Paid holidays
Paid sick days
Office Perks
Commuter benefits
Company-sponsored outings
Free snacks and drinks
Some meals provided
Company-sponsored happy hours
Onsite office parking
Recreational clubs
Relocation assistance
Fitness stipend
Home-office stipend for remote employees
Professional Development
Job training & conferences
Lunch and learns
Promote from within
Mentorship program
Continuing education stipend
Continuing education available during work hours
Online course subscriptions available
Customized development tracks
Paid industry certifications

Additional Perks + Benefits

At Toast, we're focused on empowering the entire person. We know that wellness looks a little different for everyone, which is why we offer an array of benefits outside of the traditional offerings, including mental health programs, financial wellness resources, care giver benefits, and so much more. By providing our employees with plentiful resources and benefits, we're setting them up to thrive.

More Jobs at Toast

Apply Now
By clicking Apply Now you agree to share your profile information with the hiring company.
Learn more about ToastFind similar jobs like this