Jobs

Internal Audit Security Program Lead


Job details
  • Stripe
  • 5 months ago

Who we are

About Stripe

Stripe is a financial infrastructure platform for businesses. Millions of companies - from the world’s largest enterprises to the most ambitious startups - use Stripe to accept payments, grow their revenue, and accelerate new business opportunities. Our mission is to increase the GDP of the internet, and we have a staggering amount of work ahead. That means you have an unprecedented opportunity to put the global economy within everyone's reach while doing the most important work of your career.

About the team

Stripe builds the most powerful and flexible tools for running an internet business. We handle hundreds of billions of dollars each year and enable millions of users around the world to scale faster and more efficiently by building their businesses on Stripe. To further this important mission, Stripe has built a world class Internal Audit (IA) team. Our mission is to make the business better as it grows. We are consumed with the goal of being agile with the business, powered by technology and seamlessly accelerating the speed of controls integration and compliance adoption.

Our IA team is responsible for providing objective assurance of Stripe’s products and processes, its compliance with laws and regulations, its risk management framework and other governance processes. We also assist as an advisory partner in preparing targeted analyses, product/infrastructure/security evaluations, systems design assessments, and policy implementation reviews. 

We’re looking for an experienced technology audit leader with regulatory compliance audit experience to help us deliver and expand a global audit program, who will serve as a key member of the IA technology audit pillar reporting to the Head of Technology Audit Pillar, and drive demonstrable business impact. 

This position is based in Dublin, Ireland or London, England.

What you’ll do

As a Technology Lead within the IA Tech team, you will be an active contributor to the overall strategy of IT audit at stripe, shape technical design of audits, drive decision making, and ensure seamless execution through all the audit phases—from planning to delivery. The ideal candidate will deliver exceptional results through building and implementing audit programs that help protect our users and serve the business.

Responsibilities

Develop a risk-based technology audit plan across product, infrastructure, business systems and corporate technology.
Plan and execute technical complex audits, consulting engagements, and other influencing activities of supporting operations, and processes.
Serve as IA’s SME on technology related considerations across IA audit projects and within the organization.
Manage co-sourced service providers while delivering our audit plan.
Support the development of the annual and longer-term strategy for a risk-based audit plan shaped for Stripe’s expanding global operations and regulatory requirements.
Collaborate with IA functional leads for analytics, technology and finance/operations to form integrated approaches.
Support the growth of a team of skilled and experienced auditors.
Seamlessly liaise with external auditors and regulators in connection with technology audit work.
Lead ad-hoc programs and initiatives to provide advisory insights.
Work seamlessly with key global partners within the second lines of defense to build efficiencies into the audit plan and avoid duplication of activities.
Present findings and recommendations to stakeholders and leadership teams.
Secure management action plans for remediation, and monitor remediation progress and timeliness.
Perform outreach and maintain collaborative working relationships with partners across product, engineering, security, corporate technology, finance systems and business systems..
Invest in understanding the business to better identify areas of need and opportunities to advise.
Research and stay current on new technical literature applicable, emerging trends and best practices. 
Act as the independent voice of the user as part of the audit process in security designs, gather direct feedback, identify security challenges and incorporate them into our planning
Play a key part in shaping the technical design and operating effectiveness testing of audits by collaborating with engineers, and identifying control gaps and weaknesses.
Leverage data and insights to drive strategic decisions and prioritization at the leadership level when presenting the audit report(s).
Help influence peers / stakeholders and build consensus while dealing with ambiguity
Evaluate key cross-functional security initiatives and programs that require security domain, systems and engineering level knowledge

Who you are

We're looking for someone who meets the minimum requirements to be considered for the role. If you meet these requirements, you are encouraged to apply. The preferred qualifications are a bonus, not a requirement.

Minimum requirements

8-10+ years of technology audit and or technical product/program management experience ideally within an Internal Audit, IT Security or engineering function.
Experience in payment services, banking and/or financial services and associated regulatory compliance.
Experience in auditing security infrastructure technology and cloud native infrastructure services
Technical auditing skills and knowledge of relevant professional and auditing standards.
Strong understanding of concepts related to information systems audit, information security, general IT controls, application controls and technology risks
Familiarity with industry standards and regulations related to security, privacy, and compliance
Excellent communication and interpersonal skills, with the ability to effectively collaborate with technical and non-technical stakeholders
Strong analytical and problem-solving skills, with the ability to think critically, challenge the norms and make data-driven decisions
Experience operating autonomously and leading large-scale efforts across multiple teams and functions, with stakeholders in different disciplines across time zones.
Experienced in the use of auditing and assessment frameworks and the application of professional standards
Attention to detail, including ability to issue-spot, identify patterns, flag incongruencies
Ability to apply critical thinking and analysis, and exercise professional judgment
Ability to discuss complex issues with any level of management and influence perspectives
Exceptional written and verbal communication skills, including report positioning and clarity
Knowledge of external leading risk and controls frameworks such as COBIT (Control Objectives for Information and related Technology), NIST Cybersecurity, ISO27000, ISO27001, ISO27002, and IT related internal controls
Professional certification such as CISSP, CISA, or CIA, and
A BS/BA degree, preferably in Information systems, computer science, engineering or other related IT field.

Preferred qualifications

Background in program management, in the field of IT Audit or IT security.
Proficient knowledge in security architecture, threat modeling and privacy principles.
SQL and python scripting and/or programming skills would be an advantage.
Cybersecutiy skill set and experience auditing cloud environments
In-house operational exposure
Big 4 consulting experience

Hybrid work at Stripe

This role is available either in an office or a remote location (typically, 35+ miles or 56+ km from a Stripe office).

Office-assigned Stripes spend at least 50% of the time in a given month in their local office or with users. This hits a balance between bringing people together for in-person collaboration and learning from each other, while supporting flexibility about how to do this in a way that makes sense for individuals and their teams.

A remote location, in most cases, is defined as being 35 miles (56 kilometers) or more from one of our offices. While you would be welcome to come into the office for team/business meetings, on-sites, meet-ups, and events, our expectation is you would regularly work from home rather than a Stripe office. Stripe does not cover the cost of relocating to a remote location. We encourage you to apply for roles that match the location where you currently or plan to live.

Pay and benefits

The annual salary range for this role in the primary location is €97,100 - €145,700. This range may change if you are hired in another location. For sales roles, the range provided is the role’s On Target Earnings (“OTE”) range, meaning that the range includes both the sales commissions/sales bonuses target and annual base salary for the role. This salary range may be inclusive of several career levels at Stripe and will be narrowed during the interview process based on a number of factors, including the candidate’s experience, qualifications, and specific location. Applicants interested in this role and who are not located in the primary location may request the annual salary range for their location during the interview process.

Specific benefits and details about what compensation is included in the salary range listed above will vary depending on the applicant’s location and can be discussed in more detail during the interview process. Benefits/additional compensation for this role may include: equity, company bonus or sales commissions/bonuses; retirement plans; health benefits; and wellness stipends.

Sign up for our newsletter

The latest news, articles, and resources, sent to your inbox weekly.

Similar Jobs

Security Engineer (Networks Focused).

Security Engineer (Networks Focused)The successful candidate will be a subject matter expert with hands-on experience in a wide range of Information security technologies, tools and methodologies. This role will help engineer, automate, implement, and operate new and emerging technologies across infrastructures supporting perimeter security, DMZs, firewalls, proxies, vulnerability scanning, and...

Millennium Management London

Information Security Analyst

 Cynergy Bank was established in 2018 by entrepreneurs to serve the needs of business owners, property entrepreneurs and family businesses. We have a strong track record supporting businesses that want to scale up and provide over £3bn lending to scaling businesses across the UK, we also offer retail deposits to...

Cynergy Bank London

Information Security Associate Director

The Associate Director, Information Security GRC will manage the people, processes, and technology related to the company's security GRC group overseeing governance, risk, and compliance activities, such as client audit support, RFP response, internal IT audit, and contract review. To carry out the GRC activities in line with business objectives,...

Belfast

Internal Audit Manager - Technology

About the team and roleWe are seeking a highly motivated and experienced IT Audit Manager to join our dynamic, innovative, and collaborative Internal Audit team (14 people across the UK and the US). We provide forward-looking assurance, insight, and advice to enable Pearson to achieve its strategic objectives. As IT...

Pearson Belfast

Internal Audit Manager - Technology

About the team and roleWe are seeking a highly motivated and experienced IT Audit Manager to join our dynamic, innovative, and collaborative Internal Audit team (14 people across the UK and the US). We provide forward-looking assurance, insight, and advice to enable Pearson to achieve its strategic objectives. As IT...

Pearson Milton Keynes

Internal Audit Manager - Technology

About the team and roleWe are seeking a highly motivated and experienced IT Audit Manager to join our dynamic, innovative, and collaborative Internal Audit team (14 people across the UK and the US). We provide forward-looking assurance, insight, and advice to enable Pearson to achieve its strategic objectives. As IT...

Pearson London