What you'd actually do

Own and operate key corporate security controls across endpoint, SaaS, identity, vendor, and data security.

Perform security risk assessments for business initiatives and translate findings into actionable remediation plans.

Lead day-to-day security oversight for corporate endpoints and SaaS applications, including: EDR/XDR, device hardening, encryption, MDM/UEM

Drive vulnerability management for corporate endpoints and internal business systems.

Support enterprise IAM governance, including: Joiner / mover / leaver processes

Skills

Required

6–10 years of experience in information security with strong corporate security exposure.
Endpoint security and EDR tools (e.g., CrowdStrike)
Vendor security assessments and SOC 2 reviews
IAM concepts (Okta, PAM, access reviews)
SaaS and Shadow IT security
Strong understanding of security frameworks (NIST CSF, ISO 27001, CIS Controls).
Experience working closely with IT and governance teams.
Strong written and verbal communication skills.

Nice to have

Experience with Google Workspace security and DLP.
Exposure to GRC processes or platforms (ServiceNow GRC, OneTrust).
Bachelor's degree in Computer Science, Information Security, or a related field; Master's degree preferred.
Proven experience in developing and implementing security policies, procedures, and frameworks.
Demonstrated experience in developing and delivering security awareness training and phishing exercises.
Possess excellent skills and experience in leveraging AI tools for threat detection, incident response, vulnerability management, and other security functions.
Familiarity with Google Workspace security features.
Proficiency with security tools such as Reco.AI, Torq, Splunk, DataDog, bug bounty platforms, Okta Device Trust, BeyondTrust, BeyondCorp, and other SIEM, SOAR and Security tools commonly used in the market.
Ability to work autonomously and prioritize multiple tasks in a fast-paced environment.
Excellent verbal and written communication skills, with the ability to effectively communicate technical information to both technical and non-technical audiences.
Proven ability to collaborate effectively with cross-functional teams.
Quick learner and adaptable to new security tools and technologies as they are procured and implemented.
Ability to adapt to environments, understand requirements, and actively collaborate within the team, with other teams, and with vendors.
Provide technical guidance and mentorship to P2 security analysts, fostering their professional growth and ensuring alignment with corporate security objectives.
Take initiative in leading security programs.

What the JD emphasized

strong experience working in enterprise corporate security environments

strong corporate security exposure

Hands-on experience with: Endpoint security and EDR tools

Hands-on experience with: Vendor security assessments and SOC 2 reviews

Hands-on experience with: IAM concepts (Okta, PAM, access reviews)

Hands-on experience with: SaaS and Shadow IT security

Strong understanding of security frameworks (NIST CSF, ISO 27001, CIS Controls)

Experience working closely with IT and governance teams

Possess excellent skills and experience in leveraging AI tools for threat detection, incident response, vulnerability management, and other security functions.

Toast creates technology to help restaurants and local businesses succeed in a digital world, helping business owners operate, increase sales, engage customers, and keep employees happy.

We are seeking a highly motivated Senior Corporate Security Analyst to join Toast’s Corporate Security team in Bangalore. This role is focused on hands-on corporate security execution and risk reduction across endpoints, identities, SaaS platforms, vendors, and data — not SOC monitoring or shift-based operations.

The ideal candidate has strong experience working in enterprise corporate security environments, understands how to balance security controls with business needs, and is comfortable partnering with IT, GRC, Procurement, Legal, and Engineering teams. You will own multiple CorpSec programs end-to-end and act as a senior individual contributor, while mentoring junior analysts and helping scale security practices across the organization.

**A Day in Life **_(Responsibilities)_

1. Corporate Security Execution & Risk Management

Own and operate key corporate security controls across endpoint, SaaS, identity, vendor, and data security.
Perform security risk assessments for business initiatives and translate findings into actionable remediation plans.
Act as a security advisor to internal stakeholders, focusing on practical risk reduction.

2. Endpoint & SaaS Security

Lead day-to-day security oversight for corporate endpoints and SaaS applications, including:
EDR/XDR, device hardening, encryption, MDM/UEM
Shadow IT discovery and SaaS risk reviews
Partner with IT Operations and Governance teams to resolve alerts, misconfigurations, and policy gaps.
Conduct periodic reviews of high-risk applications, browser extensions, and endpoint findings.

3. Vulnerability Management (Corporate Scope)

Drive vulnerability management for corporate endpoints and internal business systems.
Triage and prioritize vulnerabilities based on business impact and exploitability.
Track remediation with IT teams and validate closure.

4. Identity & Access Management (IAM)

Support enterprise IAM governance, including:
Joiner / mover / leaver processes
Access reviews and least-privilege enforcement
MFA, SSO, device trust, and privileged access (PAM)
Assist in access investigations and high-risk access exception reviews.

5. Vendor & Third-Party Security

Conduct vendor security assessments for onboarding and periodic reviews.
Review SOC 2 reports, security questionnaires, and supporting evidence.
Track vendor risks, remediation actions, and re-assessments.
Partner with Procurement, Legal, and GRC teams to ensure security requirements are met.

6. Data Protection & DLP

Support data protection initiatives across Google Workspace, Slack, and other collaboration platforms.
Assist with the design, tuning, and enforcement of DLP controls.
Participate in investigations related to data exposure or misuse.

7. Security Awareness & Process Improvement

Support security awareness training and phishing simulation programs.
Maintain CorpSec policies, SOPs, and runbooks.
Identify opportunities to improve efficiency through automation and tooling.

8. Mentorship & Ownership

Mentor P2-level security analysts and provide technical guidance.
Take ownership of CorpSec initiatives and deliver them end-to-end with minimal supervision.

9. Contractor Security Oversight

Establish and enforce contractor access standards, ensuring strict security controls during onboarding and offboarding.
Conduct periodic contractor access and activity audits, identifying and mitigating associated risks.

**Work Mode: **This role follows a hybrid work model, requiring a minimum of 2 days per week in the office.

What We’re Looking For

Required

6–10 years of experience in information security with strong corporate security exposure.
Hands-on experience with:
Endpoint security and EDR tools (e.g., CrowdStrike)
Vendor security assessments and SOC 2 reviews
IAM concepts (Okta, PAM, access reviews)
SaaS and Shadow IT security
Strong understanding of security frameworks (NIST CSF, ISO 27001, CIS Controls).
Experience working closely with IT and governance teams.
Strong written and verbal communication skills.

Preferred

Experience with Google Workspace security and DLP.
Exposure to GRC processes or platforms (ServiceNow GRC, OneTrust).
Bachelor's degree in Computer Science, Information Security, or a related field; Master's degree preferred.
Proven experience in developing and implementing security policies, procedures, and frameworks.Demonstrated experience in developing and delivering security awareness training and phishing exercises.
Possess excellent skills and experience in leveraging AI tools for threat detection, incident response, vulnerability management, and other security functions.
Familiarity with Google Workspace security features.
Proficiency with security tools such as Reco.AI, Torq, Splunk, DataDog, bug bounty platforms, Okta Device Trust, BeyondTrust, BeyondCorp, and other SIEM, SOAR and Security tools commonly used in the market.
Ability to work autonomously and prioritize multiple tasks in a fast-paced environment.
Excellent verbal and written communication skills, with the ability to effectively communicate technical information to both technical and non-technical audiences. Proven ability to collaborate effectively with cross-functional teams.
Quick learner and adaptable to new security tools and technologies as they are procured and implemented.
Ability to adapt to environments, understand requirements, and actively collaborate within the team, with other teams, and with vendors.
Provide technical guidance and mentorship to P2 security analysts, fostering their professional growth and ensuring alignment with corporate security objectives.
Take initiative in leading projects and driving security initiatives.
Relevant security certifications are a plus.

AI at Toast

At Toast, one of our company values is that we're hungry to build and learn. We believe learning new AI tools empowers us to build for our customers faster, more independently, and with higher quality. We provide these tools across all disciplines, from Engineering and Product to Sales and Support, and are inspired by how our Toasters are already driving real value with them. The people who thrive here are those who embrace changes that let us build more for our customers; it’s a core part of our culture.

**Our Total Rewards Philosophy **We strive to provide competitive compensation and benefits programs that help to attract, retain, and motivate the best and brightest people in our industry. Our total rewards package goes beyond great earnings potential and provides the means to a healthy lifestyle with the flexibility to meet Toasters’ changing needs. Learn more about our benefits at https://careers.toasttab.com/toast-benefits.

How Toast Uses AI in its Hiring Process

Throughout the hiring process, our goal is to get to know you. We use AI tools to support our recruiters and interviewers with tasks like note-taking, summarization, and documentation of interviews to ensure they can be fully focused on your conversation. All hiring decisions are made by people. To learn more: https://careers.toasttab.com/ai-in-hiring

Diversity, Equity, and Inclusion is Baked into our Recipe for Success

At Toast, our employees are our secret ingredient—when they thrive, we thrive. The restaurant industry is one of the most diverse, and we embrace that diversity with authenticity, inclusivity, respect, and humility. By embedding these principles into our culture and design, we create equitable opportunities for all and raise the bar in delivering exceptional experiences.

We Thrive Together

We embrace a hybrid work model that fosters in-person collaboration while valuing individual needs. Our goal is to build a strong culture of connection as we work together to empower the restaurant community. To learn more about how we work globally and regionally, check out: https://careers.toasttab.com/locations-toast.

Apply today!

Toast is committed to creating an accessible and inclusive hiring process. As part of this commitment, we strive to provide reasonable accommodations for persons with disabilities to enable them to access the hiring process. If you need an accommodation to access the job application or interview process, please contact candidateaccommodations@toasttab.com.

------

For roles in the United States, it is unlawful in Massachusetts to require or administer a lie detector test as a condition of employment or continued employment. An employer who violates this law shall be subject to criminal penalties and civil liability.