Director, Information Security

Overview:

Toast is a leading restaurant management platform that empowers restaurants to streamline operations, improve efficiency, and enhance customer experiences. As we continue expanding globally, we are seeking a highly experienced and motivated Director of Information Security to lead and expand our security team in India. This role will drive the development and strategy for our Security team operations based in Bangalore, while ensuring alignment with our global security program. The Director will oversee cybersecurity programs, security compliance and cybersecurity risk management, while collaborating with teams in the US and Ireland for a unified approach.

By joining Toast, you will have the opportunity to make a significant impact on the security posture of a rapidly growing global company. You will be part of a dynamic and supportive team that is passionate about protecting our customers, employees, and data.

Key Responsibilities:

• Leadership and Team Building: Build and lead skilled Information Security, Governance, Risk and Compliance teams in India, fostering collaboration, innovation, and continuous improvement.
• Strategic Planning and Implementation: Develop and execute a comprehensive information security strategy aligned with Toast's business objectives and global security framework.
• Security Operations: Manage daily security operations, including incident response, vulnerability management, and threat intelligence. Lead security awareness initiatives to enhance the organization's defense posture.
• Compliance and Risk Management: Ensure compliance with relevant industry standards / regulatory requirements (e.g. SOX, PCI, SOC, etc)  and internal policies. Proactively identify, assess, and mitigate compliance and security risks.
• Collaboration and Communication: Work closely with cross-functional teams, including Engineering, IT, Operations, Enterprise Risk, and Legal, to integrate security into all aspects of the business. Communicate effectively with senior leadership and stakeholders on security risks and initiatives.
• Innovation and Adaptation: Stay abreast of emerging security threats and technologies, and adapt security strategies and controls accordingly. Support security as a "culture of yes", unblocking engineering and product innovation wherever possible.

Qualifications:

• Extensive Experience: Over 16 years of industry experience, including at least 10 years in information security, compliance, and risk management. Proven track record of successfully leading security teams and initiatives.

• Strong Leadership Skills: 2–3 years in leadership or equivalent roles, with the ability to inspire and motivate teams, build strong relationships, and influence stakeholders at all levels of the organization.
• Technical Expertise: Expertise in cybersecurity technologies, risks and controls processes, best practices, and emerging threats.
• Strategic Thinking: Ability to develop and implement strategic security initiatives aligned with business goals. Creative and open to interpretation in security architecture and design. Not rigid in implementation of security standards.
• Problem Solving and Decision Making: Ability to analyze complex security issues, identify root causes, and develop effective solutions.
• Excellent Communication Skills: Ability to communicate technical concepts clearly and concisely to both technical and non-technical audiences.
• Industry Knowledge: Strong knowledge of security frameworks and regulations such as: PCI DSS, SOC, SOX, NIST CSF, and ISO 27001.

Additional Considerations:

• Experience in the technology, payment card or financial services industry is a plus.
• CISSP, CISM, or other relevant security certifications are highly desirable.
• Strong understanding of cloud security and data protection principles.
• Experience with security incident response and forensic investigations.
• Experience with supporting security in cutting-edge software or hardware development organization