
Program Manager, Security GRC

Stripe
Summary
Join Stripe's Security team as a Security Governance, Risk, and Compliance (GRC) Program Manager. Lead the development and implementation of security GRC initiatives, ensuring robust processes to protect company assets and data. Collaborate with cross-functional teams to enhance security posture and drive strategic initiatives aligned with industry best practices and regulatory requirements. Act as a liaison between external entities (regulators, auditors) and internal security teams, ensuring consistent compliance responses. Manage security risk & control assessments, maintain a central repository of audit evidence, and facilitate security support for Stripe's legal entities. Support acquisitions with security GRC programs and contribute to overall GRC team initiatives.
Requirements
- You are a subject matter expert in information security frameworks, practices, policies, standards and procedures (e.g. NIST CSF, SOC 2, PCI DSS, ISO 27001/2 or equivalent)
- 6+ years of experience in Security Governance, Risk, and Compliance (GRC) or Technology Compliance roles with a robust understanding of audit processes
- Exposure to global regulatory requirements (e.g., DORA, FFIEC, EBA, NYDFS) and their integration into compliance programs
- Proven track record in leading GRC initiatives and managing large-scale security programs
- Experience in conducting security audits and ensuring compliance with regulations
- Strong project management skills with proficiency in coordinating security assessments and managing multiple stakeholder engagements
- Excellent communication skills, capable of building strong relationships at all levels, from executive discussions to technical team collaboration
Responsibilities
- Act as an information security subject matter expert during cross-functional audit engagements
- Participate and support audit walkthrough meetings on behalf of the Security team
- Serve as an internal liaison (proxy) between Technology GRC and the Security organization to ensure audits are managed effectively
- Perform various security risk & control assessments against common security frameworks to ensure compliance with Stripeโs Information Security Policy & Standards
- Create and maintain a central repository of audit evidence artifacts needed for compliance with SOC 2, PCI DSS, SOX, and other global regulatory standards
- Facilitate security support for Stripeโs legal entities with regulatory compliance obligations
- Collaborate with and support conversations with key stakeholders to track and report on control remediation efforts
- Maintain strong relationships across executive teams and technical collaborators
- Support acquisitions with security GRC related programs
- Support the overall GRC team program initiatives, including policy writing, security awareness training, and third-party security risk assessments
Share this job:
Similar Remote Jobs

