🛠 Tech Stack

💼 About This Role

You'll lead and mature Toast's Technical Risk Program, owning the end-to-end cyber risk lifecycle including identification, assessment, reporting, and integration into enterprise decision-making. You'll partner with Engineering, Product, Security, and leadership to drive data-driven risk management and enable informed decisions across the business. This high-impact role is about building and scaling a program that influences real business outcomes.

🎯 What You'll Do

• Lead end-to-end cyber risk lifecycle: identification, assessment, mitigation, reporting
• Establish and operationalize a scalable risk operating model
• Translate technical issues into clear, business-relevant risk narratives
• Develop and deliver executive-ready risk reporting and dashboards

📋 Requirements

• 8–12+ years of experience in Technical Risk, Security GRC, or ERM
• Proven experience owning and leading a technical/cyber risk program
• Strong understanding of cybersecurity domains (cloud, IAM, app security) and risk frameworks (NIST CSF, ISO 27001)
• Experience with GRC tools such as AuditBoard, ServiceNow GRC, or Workiva

✨ Nice to Have

• Experience integrating technical risk into ERM programs
• Familiarity with automation, AI, or data-driven GRC approaches
• Relevant certifications (CISSP, CISM, CISA, CRISC)

🎁 Benefits & Perks

• 🏖️ Remote-first culture
• 💰 Competitive compensation and equity
• 📚 Learning and development opportunities
• 🏥 Health, dental, and vision insurance

📨 Hiring Process

Estimated timeline: 3-5 weeks · AI estimate

1. 1Recruiter Screen· 30 min
2. 2Hiring Manager Interview· 45 min
3. 3Technical Interview· 60 min
4. 4Executive Interview· 45 min