Key skills
Technical complianceAudit certification programsISO standardsSOC standardsPCI standardsUK Cyber EssentialsPrivacy auditsControl implementationEvidence collection automationToolingautomationInfrastructure engineering collaborationRisk prioritizationCISA certificationCISSP certificationISO Lead Auditor certificationPCI-related certificationsCloud technologiesAWSGCPAzureContainerizationPlatform engineeringFintech industry knowledgePayment platformsFinancial services risk modelsAcquisition integrationAnalytical skillsProgram leadershipMentorshipLeadershipProject ManagementCommunicationCollaboration
About this role
Stripe is a financial infrastructure platform for businesses, seeking an Engineering Program Manager for their Technology Compliance team. The role focuses on bridging compliance requirements with engineering, implementing technology controls, and collaborating with cross-functional teams to ensure audit readiness and operational resilience.
Responsibilities:
- Deep technical compliance experience: demonstrable experience implementing and operating controls and audit programs (ISO, SOC, PCI, UK Cyber Essentials, privacy audits, or similar) in complex, distributed environments
- Design and implement baseline technology controls, ensuring they are practical, scalable, and aligned with compliance and security requirements
- Strong engineering collaboration: proven track record working with infrastructure, platform, SRE, and product engineering teams to deliver technical controls and automation
- Tooling and automation mindset: experience building scalable tools, frameworks, or platforms that reduce manual evidence collection and audit testing overhead
- Acquisition integration experience (preferred): experience assessing and integrating acquired products/systems into an enterprise compliance environment
- Fintech or regulated industry background preferred: experience with financial reporting, payment platforms, or similarly regulated systems is strongly desired
- Program leadership at scale: ability to lead cross‑organizational programs, influence senior engineers and executives, and drive consensus across competing priorities
- Data‑driven communicator: strong analytical skills to prioritize risk and remediation, and the ability to present complex technical compliance concepts to auditors and executives
- People leadership and mentorship: experience coaching peers and engineering partners on program delivery and compliance‑oriented engineering practices
Requirements:
- 12+ years of experience in technical compliance, security, or risk roles with direct responsibility for audit or certification delivery (ISO, SOC, PCI, UK Cyber Essentials, privacy audits, or similar)
- Demonstrated experience leading end-to-end technical audit certification programs, including scoping, control mapping, evidence collection, remediation, and auditor engagement
- Proven track record working closely with infrastructure, platform, SRE, and product engineering teams to implement and operationalize controls
- Hands-on experience building or driving tooling/automation for evidence collection, testing, or compliance reporting
- Strong program and project management skills with experience coordinating cross-functional work streams and delivering on time against competing priorities
- Excellent verbal and written communication skills, with experience presenting technical compliance status to auditors, engineers, and senior leadership
- Solid analytical and risk‑prioritization skills to sequence remediation activities and make data‑driven decisions
- Relevant education/certifications: degree in Computer Science, Information Security, Engineering, or equivalent experience
- Acquisition integration experience (preferred): experience assessing and integrating acquired products/systems into an enterprise compliance environment
- Fintech or regulated industry background preferred: experience with financial reporting, payment platforms, or similarly regulated systems is strongly desired
- Experience integrating acquired products or systems into an enterprise compliance posture
- Relevant certifications such as CISA, CISSP, ISO Lead Auditor, PCI-related certifications, or equivalent
- Fintech or payments industry experience (preferred), including familiarity with regulatory expectations, payment platform architectures, and financial services risk models
- Proven ability to leverage a variety of tools to develop key metrics and broadcast program efficacy through data-driven dashboards
- Strong background in cloud and infrastructure technologies (AWS, GCP, Azure), containerization, and modern platform engineering practices