Technical Compliance Analyst

The Technical Governance, Risk, and Compliance (Technical GRC) team enables the growth of Toast as we build secure products and enter new markets while meeting industry and regulatory requirements. Our team is a second-line function, providing oversight and leadership to a first-line team designed for high-velocity product innovation and development.

We are currently seeking a Technical Compliance Monitoring Analyst who will work closely with our IT control owners to ensure controls are executed as expected within agreed timelines. The successful candidate will play a key role in managing and monitoring controls, leveraging a GRC tool to ensure compliance with requirements and support audit activities. This position involves collaborating with cross-functional teams (including Engineering, IT, HR, and Internal Audit), analyzing control performance, and maintaining effective documentation and reporting processes. You will initially focus on Sarbanes-Oxley (SOX) IT, but the scope will evolve to include other compliance frameworks such as SOC, PCI, and additional frameworks that may become relevant as Toast expands its product offerings and geographic presence. 

The Compliance Monitoring function centers on the systematic evaluation of control execution and audit oversight. This includes managing recurring control execution schedules, overseeing the collection and submission of evidence, reviewing control activity evidence, tracking high-risk controls, coordinating audit walkthroughs, and assisting in addressing issues reported by control owners. By ensuring the effectiveness of our control environment, this role is critical in maintaining Toast's compliance posture and supporting the organization's growth objectives.

About this roll* (Responsibilities) 

• Execution Monitoring: Assist in developing and executing a recurring schedule for monitoring control activities, including evidence submission, collection, and review. Ensure completeness and accuracy of control evidence.
• Survey Administration: Conduct periodic surveys to gather control owner attestations and identify changes in controls.
• Walkthroughs and Reviews: Schedule and participate in walkthroughs with control owners to ensure controls are understood and effectively executed.
• GRC Tool Stewardship: Manage workflows, configurations, and updates within the GRC tool to support SOX control processes. And monitor the accuracy and completeness of data within the GRC tool, ensuring data integrity.
• Process and Controls Improvements: Through insights gathered through monitoring activities, identify and recommend improvements to control processes and GRC tool functionalities, including supporting the development and implementation of control automation opportunities.
• Miscellaneous Compliance & Audit Support: Support various functions within the compliance team related to controls advisory, audit organization and coordination, etc. 

Do you have the right ingredients*? (Requirements)

• 5+ years of experience supporting IT compliance activities across programs such as SOX IT, SOC, PCI, etc. 
• Experience with compliance programs in fast changing and evolving environments 
• Knowledge of SOX 404, SOC, and IT General Control requirements, scoping, control design, control implementation.
• Effective communication and writing skills, with the ability to clearly and concisely articulate complex ideas and concepts in both verbal and written form.
• Experience with other IT-related audits (PCI, ISO27001,etc) is a plus.
• Proficiency in using GRC tools for control monitoring and reporting is a plus.
• Advanced Excel skills and familiarity with data visualization tools is a plus.

Work Mode: This role follows a hybrid work model, requiring a minimum of 2 days per week in the office.