Internal Audit - Security & Technology
San Francisco, Seattle, Chicago, New York
Full Time Entry-level / Junior USD 128K - 192K
Stripe
Stripe powers online and in-person payment processing and financial solutions for businesses of all sizes. Accept payments, send payouts, and automate financial processes with a suite of APIs and no-code tools.Who we are
About Stripe
Stripe is a financial infrastructure platform for businesses. Millions of companies - from the world’s largest enterprises to the most ambitious startups - use Stripe to accept payments, grow their revenue, and accelerate new business opportunities. Our mission is to increase the GDP of the internet, and we have a staggering amount of work ahead. That means you have an unprecedented opportunity to put the global economy within everyone's reach while doing the most important work of your career.
About the team
Stripe builds the most powerful and flexible tools for running an internet business. We handle hundreds of billions of dollars each year and enable millions of users around the world to scale faster and more efficiently by building their businesses on Stripe. To further this important mission, Stripe has built a world class Internal Audit (IA) team. Our mission is to make the business better as it grows. We are consumed with the goal of being agile with the business, powered by technology and seamlessly accelerating the speed of controls integration and compliance adoption.
Our IA team is responsible for providing objective assurance of Stripe’s products and processes, its compliance with laws and regulations, its risk management framework and other governance processes. We also assist as an advisory partner in preparing targeted analyses, product/infrastructure/security evaluations, systems design assessments, and policy implementation reviews.
We’re looking for an experienced program manager with audit experience to help us deliver and expand a global audit program, who will serve as a key member of the IA technology audit pillar reporting to the Head of Technology Audit Pillar, and drive demonstrable business impact.
What you’ll do
As a Technology Lead within the IA Tech team, you will be an active contributor to the overall strategy of IT audit at stripe, shape technical design of audits, drive decision making, and ensure seamless execution through all the audit phases—from planning to delivery. The ideal candidate will deliver exceptional results through building and implementing audit programs that help protect our users and serve the business.
Responsibilities
- Develop a risk-based technology audit plan across product, infrastructure, business systems and corporate technology.
- Plan and execute technical complex audits, consulting engagements, and other influencing activities of supporting operations, and processes.
- Serve as IA’s SME on technology related considerations across IA audit projects and within the organization.
- Manage co-sourced service providers while delivering our audit plan.
- Support the development of the annual and longer-term strategy for a risk-based audit plan shaped for Stripe’s expanding global operations and regulatory requirements.
- Collaborate with IA functional leads for analytics, technology and finance/operations to form integrated approaches.
- Support the growth of a team of skilled and experienced auditors.
- Seamlessly liaise with external auditors and regulators in connection with technology audit work.
- Lead ad-hoc programs and initiatives to provide advisory insights.
- Work seamlessly with key global partners within the second lines of defense to build efficiencies into the audit plan and avoid duplication of activities.
- Present findings and recommendations to stakeholders and leadership teams.
- Secure management action plans for remediation, and monitor remediation progress and timeliness.
- Perform outreach and maintain collaborative working relationships with partners across product, engineering, security, corporate technology, finance systems and business systems..
- Invest in understanding the business to better identify areas of need and opportunities to advise.
- Research and stay current on new technical literature applicable, emerging trends and best practices.
- Act as the independent voice of the user as part of the audit process in security designs, gather direct feedback, identify security challenges and incorporate them into our planning
- Play a key part in shaping the technical design and operating effectiveness testing of audits by collaborating with engineers, and identifying control gaps and weaknesses.
- Leverage data and insights to drive strategic decisions and prioritization at the leadership level when presenting the audit report(s).
- Help influence peers / stakeholders and build consensus while dealing with ambiguity
- Evaluate key cross-functional security initiatives and programs that require security domain, systems and engineering level knowledge
Who you are
We're looking for someone who meets the minimum requirements to be considered for the role. If you meet these requirements, you are encouraged to apply. The preferred qualifications are a bonus, not a requirement.
Minimum requirements
- 7+ years of technology audit and or technical product/program management experience ideally within an Internal Audit, IT Security or engineering function.
- Experience in payment services, banking and/or financial services and associated regulatory compliance.
- Experience in auditing security infrastructure technology and cloud native infrastructure services
- Technical auditing skills and knowledge of relevant professional and auditing standards.
- Strong understanding of concepts related to information systems audit, information security, general IT controls, application controls and technology risks
- Familiarity with industry standards and regulations related to security, privacy, and compliance
- Excellent communication and interpersonal skills, with the ability to effectively collaborate with technical and non-technical stakeholders
- Strong analytical and problem-solving skills, with the ability to think critically, challenge the norms and make data-driven decisions
- Experience operating autonomously and leading large-scale efforts across multiple teams and functions, with stakeholders in different disciplines across time zones.
- Experienced in the use of auditing and assessment frameworks and the application of professional standards
- Attention to detail, including ability to issue-spot, identify patterns, flag incongruencies
- Ability to apply critical thinking and analysis, and exercise professional judgment
- Ability to discuss complex issues with any level of management and influence perspectives
- Exceptional written and verbal communication skills, including report positioning and clarity
- Knowledge of external leading risk and controls frameworks such as COBIT (Control Objectives for Information and related Technology), NIST Cybersecurity, ISO27000, ISO27001, ISO27002, and IT related internal controls
- Professional certification such as CISSP, CISA, or CIA, and
- A BS/BA degree, preferably in Information systems, computer science, engineering or other related IT field.
Preferred qualifications
- Background in program management, in the field of IT Audit or IT security.
- Proficient knowledge in security architecture, threat modeling and privacy principles.
- SQL and python scripting and/or programming skills would be an advantage.
- Cybersecutiy skill set and experience auditing cloud environments
- In-house operational exposure
- Big 4 consulting experience
Working remotely at Stripe
A remote location, in most cases, is defined as being 35 miles (56 kilometers) or more from one of our offices. While you would be welcome to come into the office for team/business meetings, on-sites, meet-ups, and events, our expectation is you would regularly work from home rather than a Stripe office. Stripe does not cover the cost of relocating to a remote location. We encourage you to apply for roles that match the location where you currently or plan to live.Pay and benefits
The annual US base salary range for this role is $128,200 - $192,300. For sales roles, the range provided is the role’s On Target Earnings ("OTE") range, meaning that the range includes both the sales commissions/sales bonuses target and annual base salary for the role. This salary range may be inclusive of several career levels at Stripe and will be narrowed during the interview process based on a number of factors, including the candidate’s experience, qualifications, and location. Applicants interested in this role and who are not located in the US may request the annual salary range for their location during the interview process.
Additional benefits for this role may include: equity, company bonus or sales commissions/bonuses; 401(k) plan; medical, dental, and vision benefits; and wellness stipends.
We look forward to hearing from you
At Stripe, we're looking for people with passion, grit, and integrity. You're encouraged to apply even if your experience doesn't precisely match the job description. Your skills and passion will stand out—and set you apart—especially if your career has taken some extraordinary twists and turns. At Stripe, we welcome diverse perspectives and people who think rigorously and aren't afraid to challenge assumptions. Join us.Tags: Agile Analytics Audits Banking CIA CISA CISSP Cloud COBIT Compliance Computer Science Finance Governance ISO 27000 ISO 27001 ISO 27002 NIST Privacy Python Risk management RMF Scripting SQL Strategy
Perks/benefits: 401(k) matching Career development Equity / stock options Flex hours Health care Salary bonus Team events Wellness
More jobs like this
Explore more InfoSec / Cybersecurity career opportunities
Find even more open roles in Ethical Hacking, Pen Testing, Security Engineering, Threat Research, Vulnerability Management, Cryptography, Digital Forensics and Cyber Security in general - ordered by popularity of job title or skills, toolset and products used - below.
- Open Senior Cybersecurity Engineer jobs
- Open Cloud Security Architect jobs
- Open Security Operations Engineer jobs
- Open Principal Security Engineer jobs
- Open Information Security Specialist jobs
- Open Information Security Officer jobs
- Open Senior Cyber Security Engineer jobs
- Open Senior Product Security Engineer jobs
- Open Chief Information Security Officer jobs
- Open IT Security Engineer jobs
- Open Cyber Security Architect jobs
- Open Senior Penetration Tester jobs
- Open Staff Security Engineer jobs
- Open Cyber Security Specialist jobs
- Open Security Specialist jobs
- Open Ethical hacker / Pentester H/F jobs
- Open Senior Network Security Engineer jobs
- Open Cybersecurity Consultant jobs
- Open Security Consultant jobs
- Open IT Security Analyst jobs
- Open Manager Pentest H/F jobs
- Open Senior Information Security Analyst jobs
- Open Security Operations Analyst jobs
- Open Information Security Architect jobs
- Open Information System Security Officer jobs
- Open Agile-related jobs
- Open Risk assessment-related jobs
- Open SOC-related jobs
- Open Analytics-related jobs
- Open Network security-related jobs
- Open CISA-related jobs
- Open ISO 27001-related jobs
- Open GCP-related jobs
- Open IAM-related jobs
- Open Application security-related jobs
- Open Pentesting-related jobs
- Open Threat intelligence-related jobs
- Open Vulnerability management-related jobs
- Open DevOps-related jobs
- Open DoD-related jobs
- Open Security Clearance-related jobs
- Open APIs-related jobs
- Open CEH-related jobs
- Open Security assessment-related jobs
- Open SaaS-related jobs
- Open Malware-related jobs
- Open Kubernetes-related jobs
- Open Java-related jobs
- Open EDR-related jobs
- Open TS/SCI-related jobs