Security Regulatory Lead San Francisco Seattle

Stripe makes it easy for any developer to access and manage the capabilities of the financial system including global payments while maintaining the least regulatory friction. Our ultimate goal is to maintain the strategy, partnerships, and overall execution required to offer these capabilities globally.

We’re looking for someone to own our technical security and regulatory audits (e.g., PCI DSS, PCI P2PE, ISO 27001), ensure Stripe products enable compliance for our users, and create training and educational materials both internally, for Sales and Account Managers, and externally for our customers.

The right person for this role will enjoy puzzle solving, seeking creative solutions, and moving quickly to implement, often in the face of ambiguity. This means understanding multiple technical regulations in order to reduce the regulatory impact on Stripe, our products, and our users. This person will ensure that we implement and develop the right product and experiences that keep Stripe and our users safe.

Guide to the onsite interview (PDF)


  • Be an expert in the security practices of the payment industry and in general data security regulations.
  • Serve as a leader on the team, and build the foundation for our security and regulatory functions to scale globally (NA/EU/APAC).
  • Be responsible for staying abreast of upcoming security policy changes that may impact Stripe and advocate for changes that align with the interests of Stripe and our broad set of users.
  • Build relationships and drive policy change with payment networks, regulators and industry regulatory bodies.
  • Coordinate day-to-day security regulatory compliance, working with Security, Legal, Risk, Product and our user-facing teams to ensure that our services and users remain compliant and ahead of applicable security standards.
  • Be a force multiplier for our customers— helping us devise ways of minimizing the burden of compliance on their engineering organizations.
  • Partner with our Communications, Legal, Marketing and Security teams to develop and solidify.
  • Stripe’s reputation as an industry leader in payment security.
  • Work across the company to develop Stripe’s communication strategy on Security.

We’re looking for someone who:

  • Has at least 10 years of experience working int he security audit or regulatory field, with an additional 5+ years working in PCI.
  • Has a technical security-specific background, and a deep understanding of the digital economy.
  • Has a solid understanding of security risks and threats, and experience in developing effective and measurable programs in an international setting.
  • Is great at building and managing relationships with internal stakeholders and external partners, driving all parties towards an optimal outcome.
  • Is experienced interacting with one or more regulatory bodies around information security issues, with a track record of influencing and changing policies and standards.
  • Can challenge industry norms, with out-of-the-box thinking, and a solid grounding in creating great and safe experiences.
  • Is a great communicator and solid project manager, able to effectively prioritize and advance a large number of projects happening simultaneously, often on tight deadlines.
  • Is resourceful, action-oriented with strong organization skills and attention to detail.
  • Is able to prioritize competing demands while working on complex problems.
  • Builds relationships across the industry from which we can up-level Stripe as an industry expert and thought leader.

You should include these in your application:

  • A link to relevant online profiles (e.g. LinkedIn) and your resume.

It’s not expected that any single candidate would have expertise across all of these areas—we’re looking for candidates that are particularly strong in a few areas, and have some interest and capabilities in others.


We look forward to hearing from you.

Apply now