Toast is seeking an experienced PCI compliance professional to assist with the day-to-day general compliance needs of Toast’s Core POS line of business PCI program. In this highly visible role, the PCI Analyst will help lead Toast’s annual PCI assessment, advise and consult with internal teams on PCI related initiatives and programs, development of a continuous monitoring program and provide general PCI-related support to Toast’s internal technical teams.
About this roll* (Responsibilities)
- Lead the facilitation and monitoring of Toast’s PCI DSS Compliance program in conjunction with Toast’s QSA firm.
- Ensure that all PCI DSS controls are documented, operating effectively and monitored through the course of the year; recommend, draft and review compensating controls
- Ensure PCI requirements have been appropriately incorporated into current processes as required.
- Provide consultative guidance and oversight to project teams to design, develop, deploy and sustain solutions that meet PCI DSS requirements, including but not limited to a set of technical deliverables, cost, schedule, quality, and status reporting
- Configure and/or administer PCI program via cloud managed GRC tool
- Prepare, update and maintain customer-facing PCI documentation
- Participate in customer related due diligence exercises and investigations as needed
Do you have the right ingredients*? (Requirements)
- 5-7 years’ prior experience managing a QSA-led PCI DSS Level 1 Service Provider’s assessment or serving as a QSA in an AWS hosted technology/fintech start-up.
- CISSP and CCSP or AWS Certified Security - Specialty certifications (required)
- ISO27001 Lead Auditor a plus
- Knowledge and demonstrable experience with all current PCI DSS requirements, PA DSS requirements, P2PE standards and PCI SSC guidance (required)
- Experience working with and interpreting Visa, Mastercard and American Express Operating Regulations and Security Operating Policies; NACHA (required_
- Knowledge and experience reviewing and advising internal partners on network segmentation, encryption and key management, tokenization, antivirus and malware, secure software development lifecycle (SSDLC), identity and access management, vulnerability management, penetration testing, file integrity monitoring and logging.
- Advanced ability in analyzing risk and designing efficient controls to minimize risk
- Strong writing skills and the ability to communicate information about complex issues to stakeholders in a clear and easy to understand way
- Ability to develop creative and adaptive solutions to unique and complex product design inquiries
- Unwavered by a rapid-paced working environment and meeting deadlines
- Self-disciplined and able to work on individual tasks, sometimes without clear requirements, works well in a team environment, positive attitude and good sense of humor
- Ability to collaborate effectively with a wide range of people in a diverse and accepting environment