Manager, Corporate Security & GRC

About Toast

Toast is driven by building the restaurant platform that helps restaurants adapt, take control, and get back to what they do best: building the businesses they love. Because our technology is purpose-built for restaurants, our customers trust that we will deliver on their needs today while investing in innovative experiences that will power the future of the industry.

About this roll*:

We are seeking a strategic and experienced leader to manage our Corporate Security and Governance, Risk, and Compliance functions in India. You will lead and grow both teams, strengthen our security posture, drive compliance with industry frameworks, and support enterprise risk efforts, while partnering closely with global stakeholders on key initiatives.

What you will do:

Corporate Security:

• Provide leadership and oversight to the CorpSec team, ensuring the implementation of best practices across endpoint protection, vulnerability management, and threat mitigation.
• Guide the design and management of a secure enterprise endpoint strategy, ensuring the CorpSec team aligns with policy and compliance requirements.
• Supervise the CorpSec team in conducting vendor risk assessments and coordinate with global stakeholders to drive remediation activities.
• Oversee the management of secure email gateway and Data Loss Prevention (DLP) systems, ensuring the CorpSec team enforces data protection and policy compliance across all endpoints (Windows, macOS, Linux).
• Manage endpoint investigations and root cause analysis, directing the CorpSec team to collaborate with the SOC for integrating telemetry into SIEM platforms (e.g., Splunk, Datadog).
• Ensure the CorpSec team maintains documentation, SOPs, and training resources, and oversees the delivery of awareness sessions to improve endpoint hygiene.
• Stay informed on emerging threats to provide strategic guidance to the CorpSec team for enhancing threat detection and response capabilities.

Governance, Risk, and Compliance (GRC):

• Oversee the development and maintenance of GRC frameworks (SOC 2, PCI DSS, ISO 27001), ensuring the Technical GRC team aligns with global standards and maintains ongoing compliance.
• Manage the review process for third-party security attestations (e.g., SOC 2, ISO 27001) and guide the Technical GRC team in assessing vendors in collaboration with Legal, Procurement, and IT.
• Supervise periodic vendor risk reviews, ensuring the Technical GRC team identifies gaps and drives remediation plans effectively.
• Partner with internal audit and external assessors to support security evaluations and regulatory alignment.
• Provide oversight for regular reporting on compliance posture, risk trends, and incident metrics to senior stakeholders, ensuring the Technical GRC team delivers accurate and timely updates.

Team Leadership and Development:

• Provide leadership and mentorship to the Corporate Security and GRC teams in India, fostering a high-trust, collaborative environment.
• Recruit, train, and grow security talent to build a resilient, high-performing organization.
• Set performance goals, conduct evaluations, and support team members' ongoing development.

Do you have the right ingredients*?

• Bachelor’s in Computer Science, InfoSec, or related field (Master’s preferred).
• Industry certifications like CISSP, CISM, or CEH are strongly preferred.
• 10+ years in cybersecurity, with hands-on experience in vulnerability management, compliance automation, and GRC.
• Strong understanding of SOC operations, incident response, and security tooling (SIEM, IDS/IPS, WAF).
• Proven leadership experience managing distributed security teams in dynamic environments.
• Skilled in communication, collaboration, and team development.
• Deep knowledge of compliance frameworks (e.g., SOC 2, PCI DSS, ISO 27001) and regulatory expectations.