Engineering Program Manager, Tech GRC

Stripe is a financial infrastructure platform for businesses, aiming to increase the GDP of the internet. The Engineering Program Manager for Tech GRC will focus on bridging compliance requirements with engineering, owning the implementation of technology controls and collaborating with cross-functional teams to ensure compliance and operational resilience.

Responsibilities:

• Deep technical compliance experience: demonstrable experience implementing and operating controls and audit programs (ISO, SOC, PCI, UK Cyber Essentials, privacy audits, or similar) in complex, distributed environments
• Design and implement baseline technology controls, ensuring they are practical, scalable, and aligned with compliance and security requirements
• Strong engineering collaboration: proven track record working with infrastructure, platform, SRE, and product engineering teams to deliver technical controls and automation
• Tooling and automation mindset: experience building scalable tools, frameworks, or platforms that reduce manual evidence collection and audit testing overhead
• Acquisition integration experience (preferred): experience assessing and integrating acquired products/systems into an enterprise compliance environment
• Fintech or regulated industry background preferred: experience with financial reporting, payment platforms, or similarly regulated systems is strongly desired
• Program leadership at scale: ability to lead cross‑organizational programs, influence senior engineers and executives, and drive consensus across competing priorities
• Data‑driven communicator: strong analytical skills to prioritize risk and remediation, and the ability to present complex technical compliance concepts to auditors and executives
• People leadership and mentorship: experience coaching peers and engineering partners on program delivery and compliance‑oriented engineering practices

Requirements:

• 12+ years of experience in technical compliance, security, or risk roles with direct responsibility for audit or certification delivery (ISO, SOC, PCI, UK Cyber Essentials, privacy audits, or similar)
• Demonstrated experience leading end-to-end technical audit certification programs, including scoping, control mapping, evidence collection, remediation, and auditor engagement
• Proven track record working closely with infrastructure, platform, SRE, and product engineering teams to implement and operationalize controls
• Hands-on experience building or driving tooling/automation for evidence collection, testing, or compliance reporting
• Strong program and project management skills with experience coordinating cross-functional work streams and delivering on time against competing priorities
• Excellent verbal and written communication skills, with experience presenting technical compliance status to auditors, engineers, and senior leadership
• Solid analytical and risk‑prioritization skills to sequence remediation activities and make data‑driven decisions
• Relevant education/certifications: degree in Computer Science, Information Security, Engineering, or equivalent experience. Certifications such as CISA, CISSP, PCI-related, ISO lead auditor, or other relevant credentials are a plus
• Acquisition integration experience (preferred): experience assessing and integrating acquired products/systems into an enterprise compliance environment
• Fintech or regulated industry background preferred: experience with financial reporting, payment platforms, or similarly regulated systems is strongly desired
• Fintech or payments industry experience (preferred), including familiarity with regulatory expectations, payment platform architectures, and financial services risk models
• Experience integrating acquired products or systems into an enterprise compliance posture
• Proven ability to leverage a variety of tools to develop key metrics and broadcast program efficacy through data-driven dashboards
• Strong background in cloud and infrastructure technologies (AWS, GCP, Azure), containerization, and modern platform engineering practices