Program Manager, Security GRC

Stripe Logo

Stripe

๐Ÿ“Remote - Worldwide

Summary

Join Stripe's Security team as a Security Governance, Risk, and Compliance (GRC) Program Manager. Lead the development and implementation of security GRC initiatives, ensuring robust processes to protect company assets and data. Collaborate with cross-functional teams to enhance security posture and drive strategic initiatives aligned with industry best practices and regulatory requirements. Act as a liaison between external entities (regulators, auditors) and internal security teams, ensuring consistent compliance responses. Manage security risk & control assessments, maintain a central repository of audit evidence, and facilitate security support for Stripe's legal entities. Support acquisitions with security GRC programs and contribute to overall GRC team initiatives.

Requirements

  • You are a subject matter expert in information security frameworks, practices, policies, standards and procedures (e.g. NIST CSF, SOC 2, PCI DSS, ISO 27001/2 or equivalent)
  • 6+ years of experience in Security Governance, Risk, and Compliance (GRC) or Technology Compliance roles with a robust understanding of audit processes
  • Exposure to global regulatory requirements (e.g., DORA, FFIEC, EBA, NYDFS) and their integration into compliance programs
  • Proven track record in leading GRC initiatives and managing large-scale security programs
  • Experience in conducting security audits and ensuring compliance with regulations
  • Strong project management skills with proficiency in coordinating security assessments and managing multiple stakeholder engagements
  • Excellent communication skills, capable of building strong relationships at all levels, from executive discussions to technical team collaboration

Responsibilities

  • Act as an information security subject matter expert during cross-functional audit engagements
  • Participate and support audit walkthrough meetings on behalf of the Security team
  • Serve as an internal liaison (proxy) between Technology GRC and the Security organization to ensure audits are managed effectively
  • Perform various security risk & control assessments against common security frameworks to ensure compliance with Stripeโ€™s Information Security Policy & Standards
  • Create and maintain a central repository of audit evidence artifacts needed for compliance with SOC 2, PCI DSS, SOX, and other global regulatory standards
  • Facilitate security support for Stripeโ€™s legal entities with regulatory compliance obligations
  • Collaborate with and support conversations with key stakeholders to track and report on control remediation efforts
  • Maintain strong relationships across executive teams and technical collaborators
  • Support acquisitions with security GRC related programs
  • Support the overall GRC team program initiatives, including policy writing, security awareness training, and third-party security risk assessments

Share this job:

Disclaimer: Please check that the job is real before you apply. Applying might take you to another website that we don't own. Please be aware that any actions taken during the application process are solely your responsibility, and we bear no responsibility for any outcomes.

Similar Remote Jobs