Principal Technical Risk Analyst

Toast creates technology to help restaurants and local businesses succeed in a digital world, helping business owners operate, increase sales, engage customers, and keep employees happy.

We are seeking a

Principal Technical Risk Analyst to lead and mature Toast’s Technical Risk Program. This role will report to the Sr. Director of Technical Governance, Risk, & Compliance and is part of the Information Security Organization.  This is a high-impact, senior individual contributor role responsible for owning the end-to-end cyber risk management program, including risk identification, assessment, reporting, and integration into enterprise risk and leadership decision-making. This role is not about maintaining a process — it is about building, operationalizing, and leading a program that drives real business decisions and outcomes.

You Will Partner Closely With

Enterprise Risk Management (ERM)

Security Engineering, Infrastructure, and Product teams

Technical Compliance and Governance teams

Senior leadership and executive forums

You will play a key role in advancing and scaling our Technical Risk program, further strengthening our data-driven approach to risk management and enabling informed, timely decision-making across the business.

A day in the life (Responsibilities)

Own and Lead the Technical Risk Program

Own the end-to-end cyber risk lifecycle: risk identification, assessment, prioritization, mitigation tracking, and reporting

Establish and operationalize a scalable risk operating model (risk discovery → intake → assessment → reporting → monitoring)

Ensure the program operates with a predictable cadence, clear ownership, and strong execution rigor

Drive adoption of the program across Security, Product, Engineering, and Infrastructure teams

Lead Technical Risk Management Across the Lifecycle

Lead the end-to-end technical risk management lifecycle through close partnership with cross-functional stakeholders

Establish and scale risk discovery mechanisms, including:

Stakeholder engagement across Engineering, Product, Infrastructure, and Security

Inputs from audits, incidents, assessments, and external signals

Ensure continuous identification and prioritization of emerging and high-impact risks

Translate technical issues into clear, business-relevant risk narratives

Act as a trusted partner and challenger, influencing stakeholders to drive timely risk mitigation and resolution

Drive Risk Program Maturity and Transformation

Lead the evolution of the technical risk program to support scale, consistency, and improved visibility In partnership with ERM, operate within, suggest enhancements to, and manage the following:

Risk taxonomy and classification models

Risk assessment and prioritization frameworks

Risk-to-control mapping (linking risks to the controls and a Common Controls Framework)

Own and evolve the use of Optro (fka AuditBoard) RiskOversight as the system of record

Improve data quality, reporting capabilities, and workflow scalability

Operationalize the program within AuditBoard RiskOversight (Optro) as the system of record

Build scalable processes that enable automation, reporting, and  AI use cases

Enable Risk Governance and Decision Making Through Risk Insights

Develop and deliver clear, executive-ready risk reporting and dashboards

Manage And Lead The Technical Risk Subcommittee And Related Governance Forums

Prepare committee materials to ensure meetings are structured, actionable, and decision-oriented

Clearly articulate risks, impacts, and recommended actions

Provide Leadership With

Visibility into top risks, mitigation plan progress, and trends

Clear trade-offs and prioritization inputs

Partner with Enterprise Risk Management (ERM) to align on risk taxonomy, reporting, and governance

Communicate, report, and escalate upward to the Enterprise Risk and Compliance Committee (ERCC)

What you'll need to thrive (Requirements)

Core Experience

8–12+ years of experience in Technical Risk, Security GRC, ERM, or related fields

Proven experience owning and leading a technical/cyber risk program

Strong Understanding Of

Cybersecurity domains (cloud, infrastructure, IAM, application security)

Risk frameworks (NIST CSF, ISO 27001, etc.)

Experience Operating In High-growth, Complex, Cloud-based Environments

Program Leadership & Execution

Demonstrated Ability To

Build and operationalize programs from 0 → 1 and 1 → scale

Drive predictable execution cadence and rigor

Translate ambiguity into structured, executable plans

Strong program management discipline (planning, tracking, follow-through)

Risk & Analytical Thinking

Ability To

Translate technical issues into clear risk narratives and business impact

Prioritize risks based on impact and likelihood

Drive data-informed decision-making

Communication & Influence

Exceptional Communication Skills

Executive-ready written and verbal communication

Ability To Structure Updates

What / So What / Now What / Decision Needed

Proven Ability To Influence

Senior stakeholders

Cross-functional teams without direct authority

Tooling & Systems

Experience With Grc Tools Such As

Optro (fka AuditBoard-preferred), ServiceNow GRC, Workiva, etc.

Ability To

Drive tool adoption and configuration

Translate business processes into scalable system workflows

Special Sauce or Bonus Ingredients (Nice-to-Haves)

Experience Integrating Technical Risk Into Erm Programs

Experience Building Risk Dashboards, Metrics, And Reporting Frameworks

Familiarity with automation, AI, or data-driven GRC approaches

Relevant certifications (CISSP, CISM, CISA, CRISC)

AI at Toast

At Toast, one of our company values is that we're hungry to build and learn. We believe learning new AI tools empowers us to build for our customers faster, more independently, and with higher quality. We provide these tools across all disciplines, from Engineering and Product to Sales and Support, and are inspired by how our Toasters are already driving real value with them. The people who thrive here are those who embrace changes that let us build more for our customers; it’s a core part of our culture.

Our Total Rewards Philosophy

We strive to provide competitive compensation and benefits programs that help to attract, retain, and motivate the best and brightest people in our industry. Our total rewards package goes beyond great earnings potential and provides the means to a healthy lifestyle with the flexibility to meet Toasters’ changing needs. Learn more about our benefits at

https://careers.toasttab.com/toast-benefits

.

The base salary range for this role is listed below. The starting salary will be determined based on skills, experience, and geographic location. In addition to base salary, our total rewards components include cash compensation (overtime, bonus/commissions if eligible), equity, and benefits. You can learn more about how we align pay with local labor markets in our

Geographic Pay Zone Philosophy

.

Zone A

$159,000

—

$254,000 USD

Zone B

$138,000

—

$221,000 USD

Zone C

$125,000

—

$200,000 USD

How Toast Uses AI in its Hiring Process

Throughout the hiring process, our goal is to get to know you. We use AI tools to support our recruiters and interviewers with tasks like note-taking, summarization, and documentation of interviews to ensure they can be fully focused on your conversation. All hiring decisions are made by people. To learn more:

https://careers.toasttab.com/ai-in-hiring

Diversity, Equity, And Inclusion Is Baked Into Our Recipe For Success

At Toast, our employees are our secret ingredient—when they thrive, we thrive. The restaurant industry is one of the most diverse, and we embrace that diversity with authenticity, inclusivity, respect, and humility. By embedding these principles into our culture and design, we create equitable opportunities for all and raise the bar in delivering exceptional experiences.

We Thrive Together

We embrace a hybrid work model that fosters in-person collaboration while valuing individual needs. Our goal is to build a strong culture of connection as we work together to empower the restaurant community. To learn more about how we work globally and regionally, check out:

https://careers.toasttab.com/locations-toast

.

Apply today!

Toast is committed to creating an accessible and inclusive hiring process. As part of this commitment, we strive to provide reasonable accommodations for persons with disabilities to enable them to access the hiring process. If you need an accommodation to access the job application or interview process, please contact

candidateaccommodations@toasttab.com

.

------

For roles in the United States, it is unlawful in Massachusetts to require or administer a lie detector test as a condition of employment or continued employment. An employer who violates this law shall be subject to criminal penalties and civil liability.