Internal Audit - Security & Technology

Who we are

About Stripe

Stripe is a financial infrastructure platform for businesses. Millions of companies - from the world’s largest enterprises to the most ambitious startups - use Stripe to accept payments, grow their revenue, and accelerate new business opportunities.

Our mission is to increase the GDP of the internet, and we have a staggering amount of work ahead. That means you have an unprecedented opportunity to put the global economy within everyone's reach while doing the most important work of your career.

About the team

Stripe builds the most powerful and flexible tools for running an internet business. We handle hundreds of billions of dollars each year and enable millions of users around the world to scale faster and more efficiently by building their businesses on Stripe.

To further this important mission, Stripe has built a world class Internal Audit (IA) team. Our mission is to make the business better as it grows.

We are consumed with the goal of being agile with the business, powered by technology and seamlessly accelerating the speed of controls integration and compliance adoption.

Our IA team is responsible for providing objective assurance of Stripe’s products and processes, its compliance with laws and regulations, its risk management framework and other governance processes.

We also assist as an advisory partner in preparing targeted analyses, product / infrastructure / security evaluations, systems design assessments, and policy implementation reviews.

We’re looking for an experienced program manager with audit experience to help us deliver and expand a global audit program, who will serve as a key member of the IA technology audit pillar reporting to the Head of Technology Audit Pillar, and drive demonstrable business impact.

What you’ll do

As a Technology Lead within the IA Tech team, you will be an active contributor to the overall strategy of IT audit at stripe, shape technical design of audits, drive decision making, and ensure seamless execution through all the audit phases from planning to delivery.

The ideal candidate will deliver exceptional results through building and implementing audit programs that help protect our users and serve the business.

Responsibilities

• Develop a risk-based technology audit plan across product, infrastructure, business systems and corporate technology.
• Plan and execute technical complex audits, consulting engagements, and other influencing activities of supporting operations, and processes.
• Serve as IA’s SME on technology related considerations across IA audit projects and within the organization.
• Manage co-sourced service providers while delivering our audit plan.
• Support the development of the annual and longer-term strategy for a risk-based audit plan shaped for Stripe’s expanding global operations and regulatory requirements.
• Collaborate with IA functional leads for analytics, technology and finance / operations to form integrated approaches.
• Support the growth of a team of skilled and experienced auditors.
• Seamlessly liaise with external auditors and regulators in connection with technology audit work.
• Lead ad-hoc programs and initiatives to provide advisory insights.
• Work seamlessly with key global partners within the second lines of defense to build efficiencies into the audit plan and avoid duplication of activities.
• Present findings and recommendations to stakeholders and leadership teams.
• Secure management action plans for remediation, and monitor remediation progress and timeliness.
• Perform outreach and maintain collaborative working relationships with partners across product, engineering, security, corporate technology, finance systems and business systems..
• Invest in understanding the business to better identify areas of need and opportunities to advise.
• Research and stay current on new technical literature applicable, emerging trends and best practices.
• Act as the independent voice of the user as part of the audit process in security designs, gather direct feedback, identify security challenges and incorporate them into our planning
• Play a key part in shaping the technical design and operating effectiveness testing of audits by collaborating with engineers, and identifying control gaps and weaknesses.
• Leverage data and insights to drive strategic decisions and prioritization at the leadership level when presenting the audit report(s).
• Help influence peers / stakeholders and build consensus while dealing with ambiguity
• Evaluate key cross-functional security initiatives and programs that require security domain, systems and engineering level knowledge

Who you are

We're looking for someone who meets the minimum requirements to be considered for the role. If you meet these requirements, you are encouraged to apply.

The preferred qualifications are a bonus, not a requirement.

Minimum requirements

• 7+ years of technology audit and or technical product / program management experience ideally within an Internal Audit, IT Security or engineering function.
• Experience in payment services, banking and / or financial services and associated regulatory compliance.
• Experience in auditing security infrastructure technology and cloud native infrastructure services
• Technical auditing skills and knowledge of relevant professional and auditing standards.
• Strong understanding of concepts related to information systems audit, information security, general IT controls, application controls and technology risks
• Familiarity with industry standards and regulations related to security, privacy, and compliance
• Excellent communication and interpersonal skills, with the ability to effectively collaborate with technical and non-technical stakeholders
• Strong analytical and problem-solving skills, with the ability to think critically, challenge the norms and make data-driven decisions
• Experience operating autonomously and leading large-scale efforts across multiple teams and functions, with stakeholders in different disciplines across time zones.
• Experienced in the use of auditing and assessment frameworks and the application of professional standards
• Attention to detail, including ability to issue-spot, identify patterns, flag incongruencies
• Ability to apply critical thinking and analysis, and exercise professional judgment
• Ability to discuss complex issues with any level of management and influence perspectives
• Exceptional written and verbal communication skills, including report positioning and clarity
• Knowledge of external leading risk and controls frameworks such as COBIT (Control Objectives for Information and related Technology), NIST Cybersecurity, ISO27000, ISO27001, ISO27002, and IT related internal controls
• Professional certification such as CISSP, CISA, or CIA, and
• A BS / BA degree, preferably in Information systems, computer science, engineering or other related IT field.

Preferred qualifications

• Background in program management, in the field of IT Audit or IT security.
• Proficient knowledge in security architecture, threat modeling and privacy principles.
• SQL and python scripting and / or programming skills would be an advantage.
• Cybersecutiy skill set and experience auditing cloud environments
• In-house operational exposure
• Big 4 consulting experience

Hybrid work at Stripe

Office-assigned Stripes spend at least 50% of the time in a given month in their local office or with users. This hits a balance between bringing people together for in-person collaboration and learning from each other, while supporting flexibility about how to do this in a way that makes sense for individuals and their teams.

Pay and benefits

The annual US base salary range for this role is $141,000 - $211,600. For sales roles, the range provided is the role’s On Target Earnings ("OTE") range, meaning that the range includes both the sales commissions / sales bonuses target and annual base salary for the role.

This salary range may be inclusive of several career levels at Stripe and will be narrowed during the interview process based on a number of factors, including the candidate’s experience, qualifications, and location.

Applicants interested in this role and who are not located in the US may request the annual salary range for their location during the interview process.

Additional benefits for this role may include : equity, company bonus or sales commissions / bonuses; 401(k) plan; medical, dental, and vision benefits; and wellness stipends.