Toast

Principal Technical Risk Analyst

otherfull-timeRemote, USA

SALARY

Not listed

WORK TYPE

hybrid

JOB TYPE

full-time

INDUSTRY

general

About the role

Own the end-to-end cyber risk lifecycle: risk identification, assessment, prioritization, mitigation tracking, and reporting
Establish and operationalize a scalable risk operating model (risk discovery → intake → assessment → reporting → monitoring)
Ensure the program operates with a predictable cadence, clear ownership, and strong execution rigor
Drive adoption of the program across Security, Product, Engineering, and Infrastructure teams

Lead the end-to-end technical risk management lifecycle through close partnership with cross-functional stakeholders
Establish and scale risk discovery mechanisms, including:

Stakeholder engagement across Engineering, Product, Infrastructure, and Security
Inputs from audits, incidents, assessments, and external signals

Ensure continuous identification and prioritization of emerging and high-impact risks
Translate technical issues into clear, business-relevant risk narratives
Act as a trusted partner and challenger, influencing stakeholders to drive timely risk mitigation and resolution

Lead the evolution of the technical risk program to support scale, consistency, and improved visibility In partnership with ERM, operate within, suggest enhancements to, and manage the following:

Risk taxonomy and classification models
Risk assessment and prioritization frameworks
Risk-to-control mapping (linking risks to the controls and a Common Controls Framework)

Own and evolve the use of Optro (fka AuditBoard) RiskOversight as the system of record
Improve data quality, reporting capabilities, and workflow scalability
Operationalize the program within AuditBoard RiskOversight (Optro) as the system of record
Build scalable processes that enable automation, reporting, and AI use cases