.svg)
Toast
Lead Technical Governance Analyst
Lead Technical Governance Analyst at Toast. Design GRC architecture with 8+ years experience. ServiceNow GRC platform expertise required. CCF, SOX, PCI DSS, ISO 27001 knowledge essential. Competitive benefits, flexible work.
Direct Hire
Senior
ServiceNow Role Type:
ServiceNow Modules:
Governance, Risk, and Compliance
Incident Management
Third-Party Risk Management
Hardware Asset Management
ServiceNow Certifications (nice to have):
Certified Implementation Specialist - Third-Party Risk Management
Job description
Posted on:
December 9, 2025
Lead Technical Governance Analyst responsible for designing and driving the foundational architecture of Toast's world-class GRC program. Must have 8+ years of experience in Information Security GRC, Audit, or Technical Program Management.
Requirements
- 8+ Years of progressive experience in Information Security GRC, Audit, or Technical Program Management.
- CCF & Framework Expertise: Hands-on experience designing and operationalizing a Common Controls Framework (CCF) to map and consolidate controls across multiple regulatory frameworks (SOX, PCI DSS, SOC 2, NIST CSF, ISO 27001).
- GRC Platform Mastery: Proven experience serving as an Administrator, Architect, or primary owner of a modern GRC tool (e.g., AuditBoard, ServiceNow GRC, Workiva), including advanced workflow design, configuration, and maintenance.
- Policy Architecture: Expert ability to define, manage, and enforce a clear hierarchy of governance documentation (Policy, Standard, Procedure) and maintain security baselines for corporate IT and workforce tools.
- Program Ownership: Demonstrated ability to drive the lifecycle of complex security initiatives, such as Data Governance Oversight, SaaS Posture Management, End Protection/Hardware Inventory, and Third-Party Risk Management.
- Technical Acumen: Strong understanding of cybersecurity controls across cloud security, corporate IT security, and identity and access management (IAM).
- Leadership & Collaboration: Proven ability to lead and manage security initiatives and drive complex, cross-functional collaboration efforts without direct authority.
- Exceptional written and verbal communication skills, with the ability to translate complex security architecture into clear business risks for non-technical audiences.
- A proactive and strategic approach to identifying, mitigating, and documenting risks in a high-growth, fast-paced technology environment.
Benefits
- Competitive compensation and benefits programs
- Flexible work environment
- Professional development opportunities
- Diversity, Equity, and Inclusion initiatives
Requirements Summary
8+ years of experience in Information Security GRC, Audit, or Technical Program Management. Strong understanding of cybersecurity controls across cloud security, corporate IT security, and identity and access management (IAM)
