Program Manager, Engineering

About Stripe

Stripe is a financial infrastructure platform for businesses. Millions of companies - from the worlds largest enterprises to the most ambitious startups - use Stripe to accept payments grow their revenue and accelerate new business opportunities. Our mission is to increase the GDP of the internet and we have a staggering amount of work ahead. That means you have an unprecedented opportunity to put the global economy within everyones reach while doing the most important work of your career.

About the team

The Technology Governance Risk and Compliance (GRC) team is dedicated to delivering excellence across Stripes compliance with global and industry-specific technology control regimes such as PCI-DSS SOC and other international technology certifications. We are a team of specialist program managers to lead external audits of Stripes technology environment design and improve technology controls and support our many engineering and business partners in maintaining compliance with controls requirements. We are consultants to company leaders partners to our external auditors builders of risk-reducing controls and internal products and effective executors of large programs that are integral to the trust our Users place in Stripe and that of our regulators and partners.

What youll do

In this role your daily focus centers on bridging the gap between compliance requirements and high-velocity engineering. You will be a subject matter expert in technology compliance standards to ensure that Stripes products and platform operate in accordance with the requirements they are subject to. You will apply critical thinking to define compliant workflows design effective controls and drive adoption of those workflows across engineering and operations teams. Youll advise peers on secure and compliant architecture drive decisions that maintain an always-on audit posture and ensure compliance is embedded in engineering roadmaps and delivery processes. Youll translate technology risk into practical controls track remediation progress and continuously improve controls and workflows to support audit readiness and operational resilience. On any given day you might be conducting a gap analysis for a new global compliance certification prioritizing remediation tasks based on a data-driven risk assessment or translating complex ISO/SOC 2 controls into actionable technical tickets for product will work with cross-functional teams to automate evidence collection define program milestones success metrics and operating cadences. As a program lead you will manage dependencies risks and escalations across teams and drive clear accountability to ensure timely closure of remediation items.

Responsibilities

• Deep technical compliance experience: demonstrable experience implementing and operating controls and audit programs (ISO SOC PCI UK Cyber Essentials privacy audits or similar) in complex distributed environments.
• Design and implement baseline technology controls ensuring they are practical scalable and aligned with compliance and security requirements.
• Strong engineering collaboration: proven track record working with infrastructure platform SRE and product engineering teams to deliver technical controls and automation.
• Tooling and automation mindset: experience building scalable tools frameworks or platforms that reduce manual evidence collection and audit testing overhead.
• Fintech or regulated industry background preferred: experience with financial reporting payment platforms or similarly regulated systems is strongly desired.
• Program leadership at scale: ability to lead crossorganizational programs influence senior engineers and executives and drive consensus across competing priorities.
• Datadriven communicator: strong analytical skills to prioritize risk and remediation and the ability to present complex technical compliance concepts to auditors and executives.
• Relevant education/certifications: degree in Computer Science Information Security Engineering or equivalent experience. Certifications such as CISA CISSP PCI-related ISO lead auditor or other relevant credentials are a plus.

Who you are

Were looking for someone who meets the minimum requirements to be considered for the role. If you meet these requirements you are encouraged to apply. The preferred qualifications are a bonus not a requirement.

Minimum requirements

• 7 years of experience in technical compliance security or risk roles with direct responsibility for audit or certification delivery (ISO SOC PCI UK Cyber Essentials privacy audits or similar).
• Demonstrated experience leading end-to-end technical audit certification programs including scoping control mapping evidence collection remediation and auditor engagement.
• Proven track record working closely with infrastructure platform SRE and product engineering teams to implement and operationalize controls.
• Hands-on experience building or driving tooling/automation for evidence collection testing or compliance reporting.
• Strong program and project management skills with experience coordinating cross-functional work streams and delivering on time against competing priorities.
• Excellent verbal and written communication skills with experience presenting technical compliance status to auditors engineers and senior leadership.
• Solid analytical and riskprioritization skills to sequence remediation activities and make datadriven decisions.
• Experience integrating acquired products or systems into an enterprise compliance posture (preferred).
• Relevant certifications such as CISA CISSP ISO Lead Auditor PCI-related certifications or equivalent.

Preferred qualifications

• Fintech or payments industry experience (preferred) including familiarity with regulatory expectations payment platform architectures and financial services risk models.
• Experience integrating acquired products or systems into an enterprise compliance posture.
• Proven ability to leverage a variety of tools to develop key metrics and broadcast program efficacy through data-driven dashboards.
• Strong background in cloud and infrastructure technologies (AWS GCP Azure) containerization and modern platform engineering practices.