Program Manager, Product Certifications, Security

Employment Type

: Full-Time

Industry

: Miscellaneous



Stripe makes it easy for any developer to access and manage the capabilities of the financial system including global payments while maintaining the least regulatory friction. Our ultimate goal is to maintain the strategy, product attestations, and overall execution required to offer these capabilities globally. Payment System Interfaces sits at the intersection of payments engineering teams and payments industry partners; we're the human connections between multiple Stripe infrastructure systems - and the engineers and product managers who build them - and multiple partners, and we handle day-to-day complexity, monitoring, and maintenance where the edges of our software meets that of our partners.We're looking for someone to own our technical security and regulatory assessments (e.g., PCI DSS, PCI-P2PE, SOC 1&2), ensure Stripe products enable compliance for our users, and create training and educational materials both internally, for Sales and Account Managers, and externally for our customers.The right person for this role will enjoy puzzle solving, seeking creative solutions, and moving quickly to implement, often in the face of ambiguity. This means understanding multiple technical regulations in order to reduce the regulatory impact on Stripe, our products, and our users. This person will ensure that we implement and develop the right product and experiences that keep Stripe and our users safe.## You will:* Conduct and lead security regulatory assessments, working closely with our Product and Engineering teams to ensure that our services and users remain compliant and ahead of applicable security standards* Translate technical regulatory requirements into risk-based, actionable unit-tests for engineers* Build a library of security controls that will help Stripe not only achieve, but monitor compliance on a on-going basis* Maintain and enhance compliance to product security requirements* Stay abreast of upcoming security regulatory changes that may impact Stripe or our users, and collaborate with engineering teams to make them seamless and transparent* Be a force multiplier for our customers-helping us devise ways of minimizing the burden of compliance so they can better grow their business* Partner with teams across Stripe to develop our communication strategy on Security## We're looking for someone who has/is:* 2+ years of experience working in the security regulatory field, with at least 1 year working in PCI and SOC 1&2 audits.* Expertise in the security practices of the payment industry and in other security regulations (AICPA trust principles, NIST, ISO 2700x)* A growth mind-set to help scale security compliance initiatives for the future of Stripe* Technical security-specific background and an understanding of the digital economy* Solid understanding of security risks and threats, and in developing effective and measurable mitigation programs* Experience building and managing relationships with internal stakeholders and driving all parties towards an optimal outcome* Out-of-the-box thinking that challenges industry norms with a solid grounding in creating great and safe experiences* Great communicator and able to effectively prioritize and advance a large number of projects happening simultaneously, often on tight deadlines* Resourceful, action-oriented with strong organization skills and attention to detail* Able to prioritize competing demands while working on complex problems

Launch your career - Create your profile now!

Create your Profile