Who we are

About Stripe

Stripe is a financial infrastructure platform for businesses. Millions of companies—from the world’s largest enterprises to the most ambitious startups—use Stripe to accept payments, grow their revenue, and accelerate new business opportunities. Our mission is to increase the GDP of the internet, and we have a staggering amount of work ahead. That means you have an unprecedented opportunity to put the global economy within everyone’s reach while doing the most important work of your career.

About the team

The Stripe Security team is dedicated to improving the security of Stripe and its users. Our users trust us with some of their most sensitive information, and we make security a first-class consideration in everything we do. Security concerns are ever-evolving, creating an extremely dynamic environment for the Security team.

The Security Governance, Risk, and Compliance (SGRC) team at Stripe provides security governance, risk management, and compliance capabilities to allow Stripe to make strategic security decisions, measure our risk and control posture, and represent Stripe Security to internal & external entities. The successful operation of our organization accelerates Stripe by optimizing the communication and expectations of our security program.

What you’ll do

We are seeking an experienced Security Governance, Risk, and Compliance (GRC) Program Manager to join our team. In this role, you will lead the development and implementation of our security GRC initiatives, ensuring robust governance, risk management, and compliance processes are in place to protect company assets and data.

As a key player in our security team, you will work collaboratively to enhance our security posture and drive strategic initiatives in alignment with industry best practices and regulatory requirements. The ideal candidate will be adaptable and can find structure in an evolving and maturing organization.

In this role, you will act as a proxy between external entities like regulators and auditors, and our internal security teams, ensuring consistency in compliance responses and helping maintain a lean and effective compliance program.

Responsibilities:

• Act as an information security subject matter expert during cross-functional audit engagements.
  
• Participate and support audit walkthrough meetings on behalf of the Security team.
  
• Serve as an internal liaison (proxy) between Technology GRC and the Security organization to ensure audits are managed effectively.
  
• Perform various security risk & control assessments against common security frameworks to ensure compliance with Stripe’s Information Security Policy & Standards,
  
• Create and maintain a central repository of audit evidence artifacts needed for compliance with SOC 2, PCI DSS, SOX, and other global regulatory standards.
  
• Facilitate security support for Stripe’s legal entities with regulatory compliance obligations.
  
• Collaborate with and support conversations with key stakeholders to track and report on control remediation efforts.
  
• Maintain strong relationships across executive teams and technical collaborators.
  
• Support acquisitions with security GRC related programs
  
• Support the overall GRC team program initiatives, including policy writing, security awareness training, and third-party security risk assessments.
  

Who you are

We’re looking for someone who meets the minimum requirements to be considered for the role. If you meet these requirements, you are encouraged to apply. The preferred qualifications are a bonus, not a requirement.

Minimum requirements

• You are a subject matter expert in information security frameworks, practices, policies, standards and procedures (e.g. NIST CSF, SOC 2, PCI DSS, ISO 27001/2 or equivalent)
  
• 6+ years of experience in Security Governance, Risk, and Compliance (GRC) or Technology Compliance roles with a robust understanding of audit processes
  
• Exposure to global regulatory requirements (e.g., DORA, FFIEC, EBA, NYDFS) and their integration into compliance programs.
  
• Proven track record in leading GRC initiatives and managing large-scale security programs
  
• Experience in conducting security audits and ensuring compliance with regulations.
  
• Strong project management skills with proficiency in coordinating security assessments and managing multiple stakeholder engagements.
  
• Excellent communication skills, capable of building strong relationships at all levels, from executive discussions to technical team collaboration