Stripe Program Manager, Security Ecosystem

This job was found on Greenhouse

View original

The Stripe Security team is dedicated to improving the security of Stripe and its users. Our users trust us with some of their most sensitive information, and we make security a first-class consideration in everything we do. Security concerns are ever-evolving, creating an extremely dynamic environment for the Security team.

The goal of the Security Ecosystem team at Stripe is to provide support and operational structure to the Security team and its customers, both internal and external to Stripe. This is accomplished through a multifaceted approach, which includes programs (like our Third Party Security Risk Assessment Program, New Country Expansions, Security Training, and Internal Assessments) and support (for example, regulatory/audit support and assisting sales teams with security requests for proposals). The Security Ecosystem Program Manager position will be part of Stripe’s CISO staff and will have the ability to influence the continuous buildout of the security program. 

You Will:

  • Assess third-party vendors as part of Stripe’s Security Risk Assessment Program (e.g. Inherent and Residual Risk Scoring)
  • Function as a consultant on security matters as a recognized expert and lead cross-functional teams in making sound risk-based decisions
  • Identify and evaluate control gaps and oversee remediation efforts, in partnership with controls owners
  • Drive internal and external process improvements across multiple teams and functions
  • Operate autonomously leading large-scale efforts across multiple teams and functions, with stakeholders in different disciplines across time zones
  • Identify, monitor and research new compliance requirements. Prepare for, conduct, and report on external and internal audits, ensuring overall adherence to policy standards

What You'll Need:

  • Strong background in cyber security operations, risks and controls identification and assessment
  • Working technical knowledge of security, as well as industry trends
  • Subject matter expert in cyber and information security practices, policies, standards and procedures (e.g. NIST CSF or equivalent)
  • Experience implementing and operating programs for Security Compliance, IT Compliance, Information/Cybersecurity or Security Risk Management
  • You have experience driving mid to large-scale projects and programs from start to finish within highly complex operating environments
  • Proven track record of on time and high-quality project delivery
  • You have strong written and verbal communication skills, building strong relationships at all levels of the organization from executives to project teams
  • Knowledge of how to use data to influence program strategy and tell compelling stories about organizational effectiveness and impact

Bonus Points:

  • Report on program performance via dashboards, OKRs and perform basic data analysis (e.g. SQL, Redshift, Tableau)
  • Experience implementing a GRC Tool
  • Experience working with JIRA, Whistic, Bitsight
  • Experience working with engineers for the automation of security controls
  • Experience managing and conducting audit readiness assessments within AWS (or similar) cloud security and infrastructure


Apply for this position