San Francisco. Remote in North America only

Full time

Foundation

Program Manager, Compliance

San Francisco. Remote in North America only

Full time

Foundation

Stripe makes it easy for any developer to access and manage the capabilities of the financial system including global payments while maintaining the least regulatory friction. Our ultimate goal is to maintain the strategy, product attestations, and overall execution required to offer these capabilities globally.

We’re looking for someone to support our controls management program and security assessments (e.g. PCI-DSS, SOC 1&2, HIPAA, GLBA etc.), create a strong control ownership culture internally, and ensure Stripe products enable compliance for our users.

The right person for this role will enjoy puzzle solving, seeking creative solutions, and moving quickly to implement, often in the face of ambiguity. This means understanding multiple technical regulations in order to reduce the regulatory impact on Stripe, our products, and our users. This person will ensure that we implement and develop the right product and experiences that keep Stripe and our users safe.

You will:

  • Build a library of security controls that will help Stripe not only achieve, but monitor compliance on an ongoing basis
  • Normalize testing and control requirements to reduce engineering toil while supporting audits
  • Assess and advise on relevant compliance risks to internal and external stakeholders 
  • Conduct and lead security regulatory assessments, working closely with our Product and Engineering teams to ensure that our services and users remain compliant and ahead of applicable security standards
  • Partner with Engineering teams to decompose ambiguous technical regulatory requirements into clear actionable deliverables
  • Maintain and enhance compliance to product security requirements 
  • Stay abreast of upcoming security regulatory changes that may impact Stripe or our users, and collaborate with engineering teams to make them seamless and transparent
  • Be a force multiplier for our customers—helping us devise ways of minimizing the burden of compliance so they can better grow their business
  • Partner with teams across Stripe to develop our communication strategy on Security
  • Identify inefficiencies in processes and products and driving improvements

We’re looking for someone who has/is: 

  • 4+ years of experience working in the security regulatory field, with at least 2 years working directly with security controls and internal control management
  • Expertise in the security practices of the payment industry and in other security regulations  (AICPA trust principles, NIST, ISO 2700x, PCI-DSS)
  • A growth mindset to help scale security compliance initiatives for the future of Stripe
  • Technical security-specific background and an understanding of the digital economy
  • Solid understanding of security risks and threats, and in developing effective and measurable mitigation programs
  • Experience building and managing relationships with internal stakeholders and driving all parties towards an optimal outcome
  • Out-of-the-box thinking that challenges industry norms with a solid grounding in creating great and safe experiences
  • Great communicator and able to effectively prioritize and advance a large number of projects happening simultaneously, often on tight deadlines
  • Resourceful, action-oriented with strong organization skills and attention to detail
  • Able to prioritize competing demands while working on complex problems

At Stripe, we're looking for people with passion, grit, and integrity. You're encouraged to apply even if your experience doesn't precisely match the job description. Your skills and passion will stand out—and set you apart—especially if your career has taken some extraordinary twists and turns. At Stripe, we welcome diverse perspectives and people who think rigorously and aren't afraid to challenge assumptions. Join us.

#LI-AY2