Who we are

About Stripe

Stripe is a financial infrastructure platform for businesses. Millions of companies—from the world’s largest enterprises to the most ambitious startups—use Stripe to accept payments, grow their revenue, and accelerate new business opportunities. Our mission is to increase the GDP of the internet, and we have a staggering amount of work ahead. That means you have an unprecedented opportunity to put the global economy within everyone’s reach while doing the most important work of your career.

About the team

The Stripe Security team is dedicated to improving the security of Stripe and its users. Our users trust us with some of their most sensitive information, and we make security a first-class consideration in everything we do. Security concerns are ever-evolving, creating an extremely dynamic environment for the Security team.

The Security Governance, Risk, and Compliance (SGRC) team at Stripe provides security governance, risk management, and compliance capabilities to allow Stripe to make strategic security decisions, measure our risk and control posture, and represent Stripe Security to internal & external entities. The successful operation of our organization accelerates Stripe by optimizing the communication and expectations of our security program.

What you’ll do

We’re looking for an individual who has a diverse background in GRC with an emphasis on Security Compliance activities who can help Stripe manage and mature their security compliance initiatives and governance programs. The ideal candidate will be adaptable and can find structure in an evolving and maturing organization.

In this role, you will act as a bridge between external entities like regulators and auditors, and our internal security teams, ensuring consistency in compliance responses and helping maintain a lean and effective compliance program.

Responsibilities:

• Create and manage evidence requests to document the effectiveness of Stripe's security controls.
  
• Participate and support audit walkthrough meetings on behalf of the Security team.
  
• Serve as an internal liaison between Technology Compliance and the Security organization to ensure audits are managed effectively.
  
• Create and maintain a central repository of audit evidence artifacts needed for compliance with SOC 2, PCI DSS, SOX, and other global regulatory standards.
  
• Refine and standardize quarterly audit activities related to key security processes and procedures.
  
• Act as an information security subject matter expert during cross-functional audit engagements.
  
• Support control owners and advise on security control redesign to ensure continued compliance and effectiveness.
  
• Facilitate support for Stripe’s legal entities with regulatory compliance obligations on behalf of the Security team.
  
• Collaborate with and support conversations with key stakeholders to track and report on control remediation efforts.
  
• Maintain strong relationships across executive teams and technical collaborators.
  
• Support the overall GRC team program initiatives, including policy writing, security awareness training, and third-party security risk assessments.
  

Who you are

We’re looking for someone who meets the minimum requirements to be considered for the role. If you meet these requirements, you are encouraged to apply. The preferred qualifications are a bonus, not a requirement.

Minimum requirements

• 4+ years of experience in Security Governance, Risk, and Compliance (GRC) or Technology Compliance roles with a robust understanding of audit processes
  
• Strong understanding and demonstrated experience in implementing security controls programs for frameworks like SOC 2, PCI DSS, and ISO 27001.
  
• Exposure to global regulatory requirements (e.g., DORA, FFIEC, EBA, NYDFS) and their integration into compliance programs.
  
• Experience in conducting security audits and ensuring compliance with regulations.
  
• Strong project management skills with proficiency in coordinating security assessments and managing multiple stakeholder engagements.
  
• Excellent communication skills, capable of building strong relationships at all levels, from executive discussions to technical team collaboration