Stripe is hiring a
Program Manager

Summary

Join Stripe's Technology Audits team as a Technical Program Manager to drive compliance within the company against industry and regulatory standards, and help achieve compliance against them. You will be responsible for designing processes and controls that meet multiple compliance frameworks, and have deep technical discussions with engineering teams to understand controls and come up with creative ways to meet regulatory requirements.

Requirements

• 4+ years of experience working in the security regulatory/compliance field and 2+ years particularly scoping, leading Technology and Compliance assessments (SOC 1, SOC 2, PCI, Regulatory audits)
• Experience managing multiple Technology and Compliance assessments
• Expertise in the security practices of the payment industry and in other security regulations (AICPA trust principles, NIST, ISO)
• Technical security-specific background and an understanding of the digital economy
• Solid understanding of security risks and threats, and in developing effective and measurable mitigation programs
• A growth mind-set to help scale security compliance initiatives for the future of Stripe
• Great communicator and able to effectively prioritize and advance a large number of projects happening simultaneously, often on tight deadlines
• Experience building and managing relationships with internal stakeholders and driving all parties towards an optimal outcome
• Out-of-the-box thinking that challenges industry norms with a solid grounding in creating great and safe experiences
• Resourceful, action-oriented with strong organization skills and attention to detail
• Able to prioritize competing demands while working on complex problems

Responsibilities

• Conduct and lead external audits, working closely with our Product and Engineering teams to ensure that our services and users remain compliant and ahead of applicable security standards
• Streamline and effectively manage multiple audits across the organization
• Partner with control owners and team on automation of evidence collection
• Partner with teams to design and implement control monitoring to build real-time insights into our compliance posture
• Integrate new products and services into current compliance audits. Perform scoping, assist with control implementation and control testing for new products and services
• Partner with Engineering teams to decompose ambiguous technical regulatory requirements into clear actionable deliverables
• Maintain and enhance compliance to product security requirements
• Stay abreast of upcoming security regulatory changes that may impact Stripe or our users, and collaborate with engineering teams to make them seamless and transparent
• Be a force multiplier for our customers—helping us devise ways of minimizing the burden of compliance so they can better grow their business
• Partner with teams across Stripe to develop our communication strategy on Security
• Identifying inefficiencies in processes and products and driving improvements