Who we are
About Stripe
Stripe is a financial infrastructure platform for businesses. Millions of companies—from the world’s largest enterprises to the most ambitious startups—use Stripe to accept payments, grow their revenue, and accelerate new business opportunities. Our mission is to increase the GDP of the Internet, and we have a staggering amount of work ahead. That means you have an unprecedented opportunity to put the global economy within everyone’s reach while doing the most important work of your career.
About the team
The Technology Audits team is responsible for Stripe's Technology and Compliance Audits. We have a team of technical program managers who focus on driving compliance within Stripe against industry/regulatory standards and helping us achieve compliance against them. Program managers in the team not only work on leading compliance and risk efforts to completion but also maintain strong relationships with internal stakeholders to support and answer compliance questions.
What you’ll do
Along with supporting multiple Technology and Compliance assessments (SOC 1, SOC 2, PCI, Regulatory audits) you will help with creating a centralized approach to manage audits. You will be responsible for designing processes, controls which are capable of meeting the demands of multiple compliance (existing and future) frameworks. The right person for this role will have deep technical discussions with our engineering teams to understand controls, processes and come up with creative ways to meet the intent of regulatory requirements. This means not only understanding multiple technical regulations but also having a technical understanding of common technologies and systems to have constructive discussions with our engineering teams. Also, this person should be someone who has experience formally managing multiple compliance programs and enjoys doing them.
Responsibilities
- Conduct and lead external audits, working closely with our Product and Engineering teams to ensure that our services and users remain compliant and ahead of applicable security standards
- Streamline and effectively manage multiple audits across the organization.
- Partner with control owners and team on automation of evidence collection.
- Partner with teams to design and implement control monitoring to build real-time insights into our compliance posture
- Integrate new products and services into current compliance audits. Perform scoping, assist with control implementation and control testing for new products and services
- Partner with Engineering teams to decompose ambiguous technical regulatory requirements into clear actionable deliverables
- Maintain and enhance compliance to product security requirements
- Stay abreast of upcoming security regulatory changes that may impact Stripe or our users, and collaborate with engineering teams to make them seamless and transparent
- Be a force multiplier for our customers—helping us devise ways of minimizing the burden of compliance so they can better grow their business
- Partner with teams across Stripe to develop our communication strategy on Security
- Identifying inefficiencies in processes and products and driving improvements
Who you are
We’re looking for someone who meets the minimum requirements to be considered for the role. If you meet these requirements, you are encouraged to apply.
Minimum requirements
- 4+ years of experience working in the security regulatory/compliance field and 2+ years particularly scoping, leading Technology and Compliance assessments (SOC 1, SOC 2, PCI, Regulatory audits)
- Experience managing multiple Technology and Compliance assessments.
- Expertise in the security practices of the payment industry and in other security regulations (AICPA trust principles, NIST, ISO)
- Technical security-specific background and an understanding of the digital economy
- Solid understanding of security risks and threats, and in developing effective and measurable mitigation programs
- A growth mind-set to help scale security compliance initiatives for the future of Stripe
- Great communicator and able to effectively prioritize and advance a large number of projects happening simultaneously, often on tight deadlines
- Experience building and managing relationships with internal stakeholders and driving all parties towards an optimal outcome
- Out-of-the-box thinking that challenges industry norms with a solid grounding in creating great and safe experiences
- Resourceful, action-oriented with strong organization skills and attention to detail
- Able to prioritize competing demands while working on complex problems.