Internal Audit Technology Lead

Who we are

About Stripe

Stripe is a financial infrastructure platform for businesses. Millions of companiesfrom the worlds largest enterprises to the most ambitious startupsuse Stripe to accept payments grow their revenue and accelerate new business opportunities. Our mission is to increase the GDP of the internet and we have a staggering amount of work ahead. That means you have an unprecedented opportunity to put the global economy within everyones reach while doing the most important work of your career.

About the team

Stripe builds the most powerful and flexible tools for running an internet business. We handle hundreds of billions of dollars each year and enable millions of users around the world to scale faster and more efficiently by building their businesses on Stripe. To further this important mission Stripe has built a world class Internal Audit (IA) team. Our mission is to make the business better as it grows. We are consumed with the goal of being agile with the business powered by technology and seamlessly accelerating the speed of controls integration and compliance adoption.

Our IA team is responsible for providing objective assurance of Stripes products processes and technology its compliance with laws and regulations its risk management framework and other governance processes. We also assist as an advisory partner in preparing targeted analyses product/infrastructure/security evaluations systems design assessments and policy implementation reviews.

Were looking for an experienced technology auditor with Fintech audit experience to help us deliver and expand a global audit program who will serve as a key member of the IA technology audit pillar reporting to the Head of Technology Audit Pillar and drive demonstrable business impact.

This position is based in the US preferably in the Seattle office.

What youll do

As a Technology Lead within the IA Tech team you will be an active contributor to the overall strategy of IT audit at stripe shape technical design of multiple technology audits drive decision making and ensure seamless through all the audit phasesfrom planning to delivery.

The ideal candidate will have deep technical discussions with our engineering operations and security teams to understand controls processes deliver exceptional results through building and implementing audit programs that help protect our users and serve the business. Also this person should be someone who has experience formally managing multiple audit and technical programs and enjoys them.

Responsibilities

• Develop a riskbased technology audit plan across product infrastructure business systems and corporate technology.
• Plan and execute technical complex audits consulting engagements and other influencing activities of supporting operations and processes.
• Serve as IAs SME on technology related considerations across IA audit projects and within the organization.
• Manage cosourced service providers while delivering our audit plan.
• Support the development of the annual and longerterm strategy for a riskbased audit plan shaped for Stripes expanding global operations and regulatory requirements.
• Collaborate with IA functional leads for analytics technology and finance/operations to form integrated approaches.
• Support the growth of a team of skilled and experienced auditors.
• Seamlessly liaise with external auditors and regulators in connection with technology audit work.
• Lead adhoc programs and initiatives to provide advisory insights.
• Work seamlessly with key global partners within the second lines of defense to build efficiencies into the audit plan and avoid duplication of activities.
• Present findings and recommendations to stakeholders and leadership teams.
• Secure management action plans for remediation and monitor remediation progress and timeliness.
• Perform outreach and maintain collaborative working relationships with partners across product engineering security corporate technology finance systems and business systems.
• Invest in understanding the business to better identify areas of need and opportunities to advise.
• Research and stay current on new technical literature applicable emerging trends and best practices.
• Act as the independent voice of the user as part of the audit process in security designs gather direct feedback identify security challenges and incorporate them into our planning
• Play a key part in shaping the technical design and operating effectiveness testing of audits by collaborating with engineers and identifying control gaps and weaknesses.
• Leverage data and insights to drive strategic decisions and prioritization at the leadership level when presenting the audit report(s).
• Help influence peers / stakeholders and build consensus while dealing with ambiguity
• Evaluate key crossfunctional security initiatives and programs that require security domain systems and engineering level knowledge

Who you are

Were looking for someone who meets the minimum requirements to be considered for the role. If you meet these requirements you are encouraged to apply. The preferred qualifications are a bonus not a requirement.

Minimum requirements

• 710 years of technology audit and or technical product/program management experience ideally within an Internal Audit IT Security or engineering function.
• Experience in payment services banking and/or financial services and Fintech IA Audit.
• Experience in auditing security infrastructure technology and cloud native infrastructure services
• Technical auditing skills and knowledge of relevant professional and auditing standards.
• Strong understanding of concepts related to information systems audit information security general IT controls application controls and technology risks
• Familiarity with industry standards and regulations related to security privacy and compliance
• Excellent communication and interpersonal skills with the ability to effectively collaborate with technical and nontechnical stakeholders
• Strong analytical and problemsolving skills with the ability to think critically challenge the norms and make datadriven decisions
• Experience operating autonomously and leading largescale efforts across multiple teams and functions with stakeholders in different disciplines across time zones.
• Experienced in the use of auditing and assessment frameworks and the application of professional standards
• Attention to detail including ability to issuespot identify patterns flag incongruencies
• Ability to apply critical thinking and analysis and exercise professional judgment
• Ability to discuss complex issues with any level of management and influence perspectives
• Exceptional written and verbal communication skills including report positioning and clarity
• Knowledge of external leading risk and controls frameworks such as COBIT (Control Objectives for Information and related Technology) NIST Cybersecurity ISO27000 ISO27001 ISO27002 and IT related internal controls
• Professional certification such as CISSP CISA or CISM
• A BS/BA degree preferably in Information systems computer science engineering or other related IT field.

Preferred qualifications

• Background in program management in the field of IT Audit or IT security.
• Proficient knowledge in security architecture threat modeling and privacy principles.
• SQL and python scripting and/or programming skills would be an advantage.
• Cybersecutiy skill set and experience auditing cloud environments.
• Inhouse operational exposure.
• Big 4 consulting experience and Engineering background a plus.