Senior Corporate Security Analyst

<p><strong>About the Role:</strong></p> <p>We are seeking a highly motivated Senior Corporate Security Analyst to join Toast’s Corporate Security team in Bangalore. This role is focused on hands-on corporate security execution and risk reduction across endpoints, identities, SaaS platforms, vendors, and data — not SOC monitoring or shift-based operations.</p> <p>The ideal candidate has strong experience working in enterprise corporate security environments, understands how to balance security controls with business needs, and is comfortable partnering with IT, GRC, Procurement, Legal, and Engineering teams. You will own multiple CorpSec programs end-to-end and act as a senior individual contributor, while mentoring junior analysts and helping scale security practices across the organization.</p> <p><strong>A Day in Life </strong><em>(Responsibilities)</em></p> <h3><strong>1. Corporate Security Execution Risk Management</strong></h3> <ul> <li>Own and operate key corporate security controls across endpoint, SaaS, identity, vendor, and data security.</li> <li>Perform security risk assessments for business initiatives and translate findings into actionable remediation plans.</li> <li>Act as a security advisor to internal stakeholders, focusing on practical risk reduction.</li> </ul> <h3><strong>2. Endpoint SaaS Security</strong></h3> <ul> <li>Lead day-to-day security oversight for corporate endpoints and SaaS applications, including:</li> <li>EDR/XDR, device hardening, encryption, MDM/UEM</li> <li>Shadow IT discovery and SaaS risk reviews</li> <li>Partner with IT Operations and Governance teams to resolve alerts, misconfigurations, and policy gaps.</li> <li>Conduct periodic reviews of high-risk applications, browser extensions, and endpoint findings.</li> </ul> <h3><strong>3. Vulnerability Management (Corporate Scope)</strong></h3> <ul> <li>Drive vulnerability management for corporate endpoints and internal business systems.</li> <li>Triage and prioritize vulnerabilities based on business impact and exploitability.</li> <li>Track remediation with IT teams and validate closure.</li> </ul> <h3><strong>4. Identity Access Management (IAM)</strong></h3> <ul> <li>Support enterprise IAM governance, including:</li> <li>Joiner / mover / leaver processes</li> <li>Access reviews and least-privilege enforcement</li> <li>MFA, SSO, device trust, and privileged access (PAM)</li> <li>Assist in access investigations and high-risk access exception reviews.</li> </ul> <h3><strong>5. Vendor Third-Party Security</strong></h3> <ul> <li>Conduct vendor security assessments for onboarding and periodic reviews.</li> <li>Review SOC 2 reports, security questionnaires, and supporting evidence.</li> <li>Track vendor risks, remediation actions, and re-assessments.</li> <li>Partner with Procurement, Legal, and GRC teams to ensure security requirements are met.</li> </ul> <h3><strong>6. Data Protection DLP</strong></h3> <ul> <li>Support data protection initiatives across Google Workspace, Slack, and other collaboration platforms.</li> <li>Assist with the design, tuning, and enforcement of DLP controls.</li> <li>Participate in investigations related to data exposure or misuse.</li> </ul> <h3><strong>7. Security Awareness Process Improvement</strong></h3> <ul> <li>Support security awareness training and phishing simulation programs.</li> <li>Maintain CorpSec policies, SOPs, and runbooks.</li> <li>Identify opportunities to improve efficiency through automation and tooling.</li> </ul> <h3><strong>8. Mentorship Ownership</strong></h3> <ul> <li>Mentor P2-level security analysts and provide technical guidance.</li> <li>Take ownership of CorpSec initiatives and deliver them end-to-end with minimal supervision.</li> </ul> <h3><strong>9. Contractor Security Oversight</strong></h3> <ul> <li>Establish and enforce contractor access standards, ensuring strict security controls during onboarding and offboarding.</li> <li>Conduct periodic contractor access and activity audits, i ... (truncated, view full listing at source)