Security GRC Program Manager (Compliance)

Who we are

About Stripe

Stripe is a financial infrastructure platform for businesses. Millions of companies—from the world’s largest enterprises to the most ambitious startups—use Stripe to accept payments, grow their revenue, and accelerate new business opportunities. Our mission is to increase the GDP of the internet, and we have a staggering amount of work ahead. That means you have an unprecedented opportunity to put the global economy within everyone’s reach while doing the most important work of your career.

About the team

The Stripe Security team is dedicated to improving the security of Stripe and its users. Our users trust us with some of their most sensitive information, and we make security a first-class consideration in everything we do. Security concerns are ever-evolving, creating an extremely dynamic environment for the Security team.

The Security Governance, Risk, and Compliance (SGRC) team at Stripe provides security governance, risk management, and compliance capabilities to allow Stripe to make strategic security decisions, measure our risk and control posture, and represent Stripe Security to internal & external entities. The successful operation of our organization accelerates Stripe by optimizing the communication and expectations of our security program. 

What you’ll do

We’re looking for an individual who has a diverse background in GRC with an emphasis on Security Compliance activities who can help Stripe manage and mature their security compliance initiatives and governance programs. The ideal candidate will be adaptable and can find structure in an evolving and maturing organization. 

In this role, you will act as a bridge between external entities like regulators and auditors, and our internal security teams, ensuring consistency in compliance responses and helping maintain a lean and effective compliance program.

Responsibilities:

• Create and manage evidence requests to document the effectiveness of Stripe's security controls.
• Participate and support audit walkthrough meetings on behalf of the Security team.
• Serve as an internal liaison between Technology Compliance and the Security organization to ensure audits are managed effectively.
• Create and maintain a central repository of audit evidence artifacts needed for compliance with SOC 2, PCI DSS, SOX, and other global regulatory standards.
• Refine and standardize quarterly audit activities related to key security processes and procedures.
• Act as an information security subject matter expert during cross-functional audit engagements.
• Support control owners and advise on security control redesign to ensure continued compliance and effectiveness.
• Facilitate support for Stripe’s legal entities with regulatory compliance obligations on behalf of the Security team.
• Collaborate with and support conversations with key stakeholders to track and report on control remediation efforts.
• Maintain strong relationships across executive teams and technical collaborators.
• Support the overall GRC team program initiatives, including policy writing, security awareness training, and third-party security risk assessments.

Who you are

We’re looking for someone who meets the minimum requirements to be considered for the role. If you meet these requirements, you are encouraged to apply. The preferred qualifications are a bonus, not a requirement.

Minimum requirements

• 4+ years of experience in Security Governance, Risk, and Compliance (GRC) or Technology Compliance roles with a robust understanding of audit processes
• Strong understanding and demonstrated experience in implementing security controls programs for frameworks like SOC 2, PCI DSS, and ISO 27001.
• Exposure to global regulatory requirements (e.g., DORA, FFIEC, EBA, NYDFS) and their integration into compliance programs.
• Experience in conducting security audits and ensuring compliance with regulations.
• Strong project management skills with proficiency in coordinating security assessments and managing multiple stakeholder engagements.
• Excellent communication skills, capable of building strong relationships at all levels, from executive discussions to technical team collaboration

Hybrid work at Stripe

Office-assigned Stripes spend at least 50% of the time in a given month in their local office or with users. This hits a balance between bringing people together for in-person collaboration and learning from each other, while supporting flexibility about how to do this in a way that makes sense for individuals and their teams.

Pay and benefits

The annual salary range for this role in the primary location is €77,600 - €116,400. This range may change if you are hired in another location. For sales roles, the range provided is the role’s On Target Earnings (“OTE”) range, meaning that the range includes both the sales commissions/sales bonuses target and annual base salary for the role. This salary range may be inclusive of several career levels at Stripe and will be narrowed during the interview process based on a number of factors, including the candidate’s experience, qualifications, and specific location. Applicants interested in this role and who are not located in the primary location may request the annual salary range for their location during the interview process.

Specific benefits and details about what compensation is included in the salary range listed above will vary depending on the applicant’s location and can be discussed in more detail during the interview process. Benefits/additional compensation for this role may include: equity, company bonus or sales commissions/bonuses; retirement plans; health benefits; and wellness stipends.

We look forward to hearing from you

At Stripe, we're looking for people with passion, grit, and integrity. You're encouraged to apply even if your experience doesn't precisely match the job description. Your skills and passion will stand out—and set you apart—especially if your career has taken some extraordinary twists and turns. At Stripe, we welcome diverse perspectives and people who think rigorously and aren't afraid to challenge assumptions. Join us.