Manager, Corporate Security & GRC

About Toast

Toast is driven by building the restaurant platform that helps restaurants adapt, take control, and get back to what they do best: building the businesses they love. Because our technology is purpose-built for restaurants, our customers trust that we will deliver on their needs today while investing in innovative experiences that will power the future of the industry.

About this roll*:

We are looking for a strategic and experienced leader to join our team as the Manager of Corporate Security and GRC (Governance, Risk, and Compliance). This critical role will oversee both our Corporate Security and GRC teams in India, leading efforts to strengthen our security posture, ensure compliance with regulatory frameworks, and support risk management activities across the organization.

You will play a pivotal role in building and growing our Corporate Security and GRC presence in India, collaborating closely with global stakeholders to align on strategic initiatives. If you are passionate about security, compliance, and empowering teams to succeed in a fast-paced, mission-driven environment, we encourage you to apply.

What you will do:

Corporate Security:

• Oversee and evolve Toast’s corporate security strategy, focusing on protecting internal systems, services, and sensitive data across business functions.
• Partner with Legal, Procurement, and IT to assess and monitor third-party vendors and partners for security posture and risk.
• Review vendor SOC 2 Type II, ISO 27001, and other security attestations to ensure compliance with Toast’s security standards.
• Coordinate periodic vendor risk reviews and ensure remediation plans are tracked and completed for any identified issues.
• Collaborate with internal teams to ensure corporate environments (e.g., SaaS platforms, productivity tools, and internal services) meet security and compliance requirements.
• Develop and maintain internal policies, standards, and procedures aligned with industry best practices for corporate security.
• Mentor and guide team members on information security principles and best practices to foster a culture of security awareness and compliance.

Governance, Risk, and Compliance (GRC):

• Develop, implement, and maintain GRC frameworks to ensure alignment with industry standards and regulatory requirements.​
• Oversee the development and implementation of automated compliance monitoring and reporting systems.
• Lead initiatives to automate compliance checks and reporting, reducing manual effort and improving accuracy.
• Ensure compliance with relevant regulations, standards, and frameworks, such as PCI DSS, related to information security operations.​
• Prepare and present reports on security incidents, trends, and metrics to senior management and stakeholders.​
• Coordinate with internal audit teams and external auditors to facilitate security assessments and audits.​Ensure compliance with relevant regulations, standards, and frameworks, such as PCI DSS, related to application security and SOC operations.

Team Leadership and Development:

• Provide leadership and mentorship to the Information Security and GRC teams in India, fostering a collaborative and innovative work environment.​
• Recruit, train, and develop security professionals to build a high-performing and resilient security organization.​
• Conduct performance evaluations, set goals, and provide feedback to team members to support their professional growth.

Do you have the right ingredients*?

• Bachelor's degree in Computer Science, Information Security, or a related field; Master's degree preferred.
• Industry certifications such as CISSP, CISM, or CEH are highly desirable.
• Extensive experience (5+ years) in application security, including vulnerability management and secure coding practices.
• Strong understanding of security operations, incident response procedures, and SOC operations.
• Hands-on experience with security tools such as SIEM, IDS/IPS, and web application firewalls (WAF).
• Excellent leadership, communication, and interpersonal skills, with the ability to collaborate effectively with diverse teams.
• Proven track record of managing and leading security teams in a fast-paced environment.
• Knowledge of regulatory requirements and compliance frameworks relevant to information security.
• Experience in building and motivating high-performing security teams, with a focus on developing talent and fostering a collaborative environment.
• Extensive experience (5+ years) in CorpSec, including experience with compliance automation and GRC tools.