🛠 Tech Stack

💼 About This Role

You'll design and drive the foundational architecture of Toast's world-class GRC program, owning the GRC platform and evolving the Common Controls Framework. Your core impact will be leading complex cross-functional security initiatives from concept to operational maturity. This role offers high autonomy and the chance to shape security governance at a fast-growing company.

🎯 What You'll Do

• Act as primary admin and product owner for the GRC platform (AuditBoard).
• Own and evolve the Common Controls Framework (CCF).
• Lead complex cross-functional "zero-to-one" security programs.
• Drive strategy for Trust Center and customer security questionnaires.

📋 Requirements

• 8+ years progressive experience in Information Security GRC, Audit, or Technical Program Management.
• Hands-on experience designing and operationalizing a Common Controls Framework (CCF).
• Proven experience as Administrator or primary owner of a modern GRC tool (e.g., AuditBoard, ServiceNow GRC).
• Expert ability to define and enforce a clear hierarchy of governance documentation (Policy, Standard, Procedure).

✨ Nice to Have

• Experience with scripting (e.g., Python, SQL) or building APIs/integrations.
• Relevant security certifications such as CISSP, CISM, or CISA.
• Experience designing or facilitating training programs or leading Cyber Tabletop Exercises.

🎁 Benefits & Perks

• 🏖️ Unlimited PTO
• 🏥 Health insurance
• 💰 Equity
• 📈 401k matching
• 🏠 Remote work flexibility