Program Manager, Technology Compliance (PCI)

Who we are 

About Stripe

Stripe is a financial infrastructure platform for businesses. Millions of companies—from the world’s largest enterprises to the most ambitious startups—use Stripe to accept payments, grow their revenue, and accelerate new business opportunities. Our mission is to increase the GDP of the Internet, and we have a staggering amount of work ahead. That means you have an unprecedented opportunity to put the global economy within everyone’s reach while doing the most important work of your career.

About the team

The Technology Compliance team is responsible for managing Audits, Risk and Controls at Stripe. We have a team of technical Program Managers who focus on driving compliance within Stripe against industry/regulatory standards and helping us achieve compliance against them. Program managers in the team not only work on leading compliance and risk efforts to completion but also maintain strong relationships with internal stakeholders to support and answer compliance questions.

What you’ll do 

We’re looking for someone to support our security and technology assessments (e.g. PCI-DSS, 3DS, P2PE, PIN, etc.), create a strong control ownership culture internally, and ensure Stripe Pproducts enable compliance for our users. The right person for this role will have deep technical discussions with our engineering teams to understand controls, processes and come up with efficientcreative ways to meet the intent of security requirements. This means not only understanding multiple technical regulations but also having a technical understanding of common technologies and systems to have constructive discussions with our engineering teams. Also, this person should be someone who has experience formally managing compliance programs and enjoys doing them.

Responsibilities

• Conduct and lead assessments, working closely with our Product and Engineering teams to ensure that our services and users remain compliant and ahead of applicable security standards

• Partner with Engineering teams to decompose ambiguous technical regulatory requirements into clear actionable deliverables

• Maintain and enhance compliance to product security requirements 

• Establish and maintain relationships with financial partners for both acquiring and issuing needs

• Stay abreast of upcoming security regulatory changes that may impact Stripe or our users, and collaborate with engineering teams to make them seamless and transparent

• Be a force multiplier for our customers—helping us devise ways of minimizing the burden of compliance so they can better grow their business

• Partner with teams across Stripe to develop our communication strategy on Security

• Identifying inefficiencies in processes and products and driving improvements

Who you are

We’re looking for someone who meets the minimum requirements to be considered for the role. If you meet these requirements, you are encouraged to apply. 

Minimum requirements

• 5+ years of experience working in the security regulatory/compliance field, with at least 2+ years leading PCI compliance programs

• Expertise in the security practices of the payment industry and in other security regulations (PCI-DSS,NIST, ISO 2700x)

• Great communicator and able to effectively prioritize and advance a large number of projects happening simultaneously, often on tight deadlines

• Experience building and managing relationships with internal stakeholders and driving all parties towards an optimal outcome

• A growth mind-set to help scale security compliance initiatives for the future of Stripe

• Out-of-the-box thinking that challenges industry norms with a solid grounding in creating great and safe experiences

• Resourceful, action-oriented with strong organization skills and attention to detail

• Able to prioritize competing demands while working on complex problems

Preferred qualifications 

• Technical security-specific background and an understanding of the digital payments ecosystem

• Solid understanding of security risks and threats, and in developing effective and measurable mitigation programs

• PCI ISA or QSA Certification