Program Manager, Technology Compliance (PCI)

Stripe
Financial Infrastructure for the Internet

Who we are

About Stripe

Stripe is a financial infrastructure platform for businesses. Millions of companies—from the world’s largest enterprises to the most ambitious startups—use Stripe to accept payments, grow their revenue, and accelerate new business opportunities. Our mission is to increase the GDP of the Internet, and we have a staggering amount of work ahead. That means you have an unprecedented opportunity to put the global economy within everyone’s reach while doing the most important work of your career.

About the team

The Technology Compliance team is responsible for managing Audits, Risk and Controls at Stripe. We have a team of technical program managers who focus on driving compliance within Stripe against industry/regulatory standards and helping us achieve compliance against them. Program managers in the team not only work on leading compliance and risk efforts to completion but also maintain strong relationships with internal stakeholders to support and answer compliance questions.

 

What you’ll do 

We’re looking for someone to support our security and technology assessments (e.g. PCI-DSS, 3DS, P2PE, PIN, etc.), create a strong control ownership culture internally, and ensure Stripe Pproducts enable compliance for our users. The right person for this role will have deep technical discussions with our engineering teams to understand controls, processes and come up with efficientcreative ways to meet the intent of security requirements. This means not only understanding multiple technical regulations but also having a technical understanding of common technologies and systems to have constructive discussions with our engineering teams. Also, this person should be someone who has experience formally managing compliance programs and enjoys doing them.

 

Responsibilities

  • Conduct and lead assessments, working closely with our Product and Engineering teams to ensure that our services and users remain compliant and ahead of applicable security standards
  • Partner with Engineering teams to decompose ambiguous technical regulatory requirements into clear actionable deliverables
  • Maintain and enhance compliance to product security requirements
  • Establish and maintain relationships with financial partners for both acquiring and issuing needs
  • Stay abreast of upcoming security regulatory changes that may impact Stripe or our users, and collaborate with engineering teams to make them seamless and transparent
  • Be a force multiplier for our customers—helping us devise ways of minimizing the burden of compliance so they can better grow their business
  • Partner with teams across Stripe to develop our communication strategy on Security
  • Identifying inefficiencies in processes and products and driving improvements

 

Who you are

We’re looking for someone who meets the minimum requirements to be considered for the role. If you meet these requirements, you are encouraged to apply.

 

Minimum requirements

  • 5+ years of experience working in the security regulatory/compliance field, with at least 2+ years leading PCI compliance programs
  • Expertise in the security practices of the payment industry and in other security regulations (PCI-DSS,NIST, ISO 2700x)
  • Great communicator and able to effectively prioritize and advance a large number of projects happening simultaneously, often on tight deadlines
  • Experience building and managing relationships with internal stakeholders and driving all parties towards an optimal outcome
  • A growth mind-set to help scale security compliance initiatives for the future of Stripe
  • Out-of-the-box thinking that challenges industry norms with a solid grounding in creating great and safe experiences
  • Resourceful, action-oriented with strong organization skills and attention to detail
  • Able to prioritize competing demands while working on complex problems

 

Preferred qualifications 

  • Technical security-specific background and an understanding of the digital payments ecosystem
  • Solid understanding of security risks and threats, and in developing effective and measurable mitigation programs
  • PCI ISA or QSA Certification

 

Hybrid work at Stripe

This role is available either in an office or a remote location (typically, 35+ miles or 56+ km from a Stripe office).

Office-assigned Stripes spend at least 50% of the time in a given month in their local office or with users. This hits a balance between bringing people together for in-person collaboration and learning from each other, while supporting flexibility about how to do this in a way that makes sense for individuals and their teams.

A remote location, in most cases, is defined as being 35 miles (56 kilometers) or more from one of our offices. While you would be welcome to come into the office for team/business meetings, on-sites, meet-ups, and events, our expectation is you would regularly work from home rather than a Stripe office. Stripe does not cover the cost of relocating to a remote location. We encourage you to apply for roles that match the location where you currently or plan to live.

Pay and benefits

The annual US base salary range for this role is $150,200 – $225,300. For sales roles, the range provided is the role’s On Target Earnings (“OTE”) range, meaning that the range includes both the sales commissions/sales bonuses target and annual base salary for the role. This salary range may be inclusive of several career levels at Stripe and will be narrowed during the interview process based on a number of factors, including the candidate’s experience, qualifications, and location. Applicants interested in this role and who are not located in the US may request the annual salary range for their location during the interview process.

Additional benefits for this role may include: equity, company bonus or sales commissions/bonuses; 401(k) plan; medical, dental, and vision benefits; and wellness stipends.

To apply for this job please visit stripe.com.