Staff Program Manager, Security GRC

Who we areAbout Stripe

Stripe is a financial infrastructure platform for businesses. Millions of companies—from the world’s largest enterprises to the most ambitious startups—use Stripe to accept payments, grow their revenue, and accelerate new business opportunities. Our mission is to increase the GDP of the internet, and we have a staggering amount of work ahead. That means you have an unprecedented opportunity to put the global economy within everyone’s reach while doing the most important work of your career.

About the team

The Stripe Security team is dedicated to improving the security of Stripe and its users. Our users trust us with some of their most sensitive information, and we make security a first-class consideration in everything we do. Security concerns are ever-evolving, creating an extremely dynamic environment for the Security team.

The Security Governance, Risk, and Compliance (GRC) team's mission is to develop and maintain a comprehensive security framework that aligns with industry standards and regulatory requirements. We establish clear policies, identify and mitigate risks, and ensure security compliance across the organization. Our team plays a crucial role in demonstrating our robust security posture to auditors and regulators, maintaining compliance, and assessing and managing security risks.. 

About the role

We are seeking an experienced Staff Program Manager to join our Security GRC team. This role will serve as a technical lead and key advisor to the Head of Security GRC, playing a crucial part in shaping and implementing Stripe's security governance, risk, and compliance strategies.

The ideal candidate will be a strategic thinker, a collaborative leader, and an expert in translating complex security concepts into practical, business-aligned solutions.

Key Responsibilities:

• Act as a senior technical lead and advisor on Security GRC specific challenges, providing expert guidance to team members and stakeholders.
• Lead and execute complex, cross-functional security GRC projects, ensuring alignment with Stripe's overall security objectives.
• Drive the evolution and implementation of Stripe's security frameworks, policies, and standards.
• Oversee the assessment and remediation of security control gaps across the organization.
• Develop and implement scalable and efficient processes for the security GRC program.
• Collaborate with cross functional stakeholders to ensure compliance with local regulatory security requirements and regulations.
• Provide strategic input on board-level reporting for security matters across Stripe's global entities.
• Support the Security GRC Manager in high-visibility, low-maturity projects that require senior-level expertise.
• Operate autonomously leading large-scale efforts across multiple teams and functions, with stakeholders in different disciplines across time zones
• Develop, define, and report on the team’s program health and success metrics to provide insights to management to help drive strategic direction
• Mentor and guide junior team members, fostering a culture of continuous improvement and knowledge sharing.

Minimum requirements

• Strong background and deep knowledge in information security governance, risk and compliance domains
• Subject matter expert in information security frameworks, practices, policies, standards and procedures (e.g. NIST CSF, ISO 27001/2 or equivalent) 
• Experience designing, implementing and operating programs for Security Governance, Compliance, and Risk Management
• You have experience driving mid to large-scale projects and programs from start to finish within highly complex operating environments
• You have strong written and verbal communication skills, building strong relationships at all levels of the organization from executives to project teams
• Knowledge of how to use data to influence program strategy and tell compelling stories about organizational effectiveness and impact