Senior PCI Program Manager

Boston, MA, United States


Senior PCI Program Manager

  • R6925
  • Remote
  • Remote, United States
  • Engineering

Toast is driven by building the restaurant platform that helps restaurants adapt, take control, and get back to what they do best: building the businesses they love. 

Toast is seeking an experienced Technical Compliance Program Manager who will play a crucial role in the technical compliance program of Toast’s Core POS business line. In this highly visible role, the Technical Compliance Program Manager will drive program deliverables and initiatives that efficiently support the team in meeting roadmap initiatives and compliance requirements for the PCI DSS, SSF, SOC 2 and ISO2700x frameworks throughout the year.

About this roll* (Responsibilities) 

  • Serve as the primary day-to-day program lead for Toast’s portfolio of third-party  technical compliance assessments, which include PCI DSS, SSF, SOC 2 and ISO 2700x.
  • Support the Technical Compliance team’s program roadmap and assist in the development and monitoring of a robust technical compliance program to scale with Toast’s growth.
  • Partner with the team to translate complex business and compliance requirements into clear, attainable and executable plans.
  • Identify and proactively drive high-quality deliverables and manage all phases of assessments and initiatives to resolution.
  • Ensure cross-team engagement, alignment and that all teams allocated to each assessment, project or initiative understand the priorities and are fully aligned with them. 
  • Ensure identified risks, decisions and blockers are documented and communicated across all workstreams.
  • Identify dependencies between projects that might affect the delivery date, and coordinate dependencies between teams. 
  • Facilitate recurring standups, status meetings, engagement discussions and retrospectives. 
  • Partner with the R&D PMO to develop and deliver highly visible and transparent reporting and proposal documentation to leadership and key stakeholders on an established frequency.
  • Assist in developing and maintaining team productivity metrics and reporting.
  • Manage team productivity tracking tool and assist in selecting and implementing cloud-based GRC tool.

Do you have the right ingredients*? (Requirements)

  • PMP or PMI certification, PCIP, CISSP preferred
  • 5-7+ years of experience managing complex technical compliance and security programs for a cloud based, agile technology or payment processing company.
  • At least 2-3 years of experience managing PCI DSS and SOC 2 programs. 
  • Experience working with and working knowledge of Security, DevOps, Engineering, IT, Product, and Hardware organizations.
  • Strong organizational skills, successful track record of coordinating between multiple project stakeholders, technical program managers, and technical teams.
  • Experience in creating and managing complex, cross-team project plans; prior success in driving the efficient execution of large-scale project plans across multiple teams in support of organizational goals.
  • Solid track record of providing high quality on-time, on-scope deliverables.
  • Demonstrable experience interacting with auditors and strategic partners
  • Strong verbal and technical communication 
  • Strong writing skills and the ability to communicate information about complex technical compliance issues to a variety of stakeholders in a clear and concise way.


Special Sauce* (Nonessential Skills/Nice to Haves)

  • Experience with P2PE programs
  • Experience with NIST CSF programs
  • Coda experience

Our Spread of Total Rewards

  • Unlimited Vacation
  • Sabbatical opportunity after five years
  • Professional Development Reimbursement Program
  • Commitment to Employee Wellness through resources such as a quarterly Wellness Stipend
  • Various peer and company recognition programs 
  • 401(k) and matching
  • Medical, Dental, & Vision Coverage
  • Mental Health Benefits
  • Subsidized backup childcare

*Bread puns encouraged but not required


We are Toasters

Diversity, Equity, and Inclusion is Baked into our Recipe for Success.

At Toast our employees are our secret ingredient. When they are powered to succeed, Toast succeeds.

The restaurant industry is one of the most diverse industries. We embrace and are excited by this diversity, believing that only through authenticity, inclusivity, high standards of respect and trust, and leading with humility will we be able to achieve our goals.

Baking inclusive principles into our company and diversity into our design provides equitable opportunities for all and enhances our ability to be first in class in all aspects of our industry.

Bready* to make a change? Apply today!

Toast is committed to creating an accessible and inclusive hiring process. As part of this commitment, we strive to provide reasonable accommodations for persons with disabilities to enable them to access the hiring process. If you need an accommodation to access the job application or interview process, please contact candidateaccommodations@toasttab.com.

Bready* for a change?

Apply now

Apply now

Sign in with LinkedIn
Autofill my information with LinkedIn

Not You?

Thank you

Notice on fraudulent jobs

We have been made aware of instances of fraudulent job postings and/or fraudulent recruiting activity by bad actors, purporting to represent Toast.  These fraudulent schemes often seek monetary contributions or payments from job seekers (such as for "start up costs" or "equipment"), or seek to collect sensitive personal or banking information from job seekers.  These job postings and offers are not authorized by Toast, and Toast is not responsible for fraudulent offers or requests for personal information or payments.  Toast will never ask for any financial commitment or contribution from a candidate at any stage of the recruitment process.  Candidates who have questions about the validity of Toast job postings or offers should consult the job postings on our careers.toasttab.com career site.

Check out other rolls*