Security Ecosystem Analyst

  • Stripe
  • San Francisco, CA, USA
  • Feb 14, 2020
Full time Engineering

Job Description

The Stripe security team is dedicated to improving the security of Stripe and its users. Our users trust us with some of their most sensitive information, and we make security a first-class consideration in everything we do. The security concerns are ever-evolving, creating an extremely dynamic environment for the security team.

The Security Ecosystem team is responsible for providing security support across the organization both internally and externally.  The Security Ecosystem Analyst role will be part of Stripe’s CISO staff and will have the ability to influence the continuous buildout of the security program. 

You Will

  • Coordinate across internal and external stakeholders to ensure compliance with formal security standards (PCI, SOC, etc,) and timelines.
  • Identify, monitor and research new compliance requirements. Prepare for, conduct, and report on external and internal audits, ensuring overall adherence to policy standards.
  • Identify and evaluate control gaps and oversee remediation efforts, in partnership with controls owners.
  • Assess third-party vendors as part of Stripe’s Security Risk Assessment Program (e.g. Inherent and Residual Risk Scoring).
  • Function as a consultant on security matters as a recognized expert and lead cross-functional teams in making sound risk-based decisions.
  • Prepare, maintain and improve documentation to support compliance and regulatory efforts (e.g. Policies, Standards, Regulatory Reports).
  • Respond to Security Questionnaires and RFPs on behalf of Stripe and prepare/maintain supporting documentation (e.g. SIG, CAIQ).
  • Report on program performance via dashboards, OKRs and perform basic data analysis (e.g. SQL, Redshift, Tableau).
  • Oversee Stripe’s security awareness program including Security assessment and ongoing education.

What You’ll Need

  • Experience implementing and operating programs for Security Compliance, IT Compliance, Information/Cybersecurity or Security Risk Management.
  • Experience implementing some of the following frameworks and standards: ISO 27001, 27002, 27005; NIST, COBIT, ITIL, GDPR, CCPA.
  • Experience with PCI and SOC compliance programs as well as their technical and security requirements.
  • Experience managing and conducting audit readiness assessments within AWS (or similar) cloud security and infrastructure.
  • Strong program management background and excellent organizational/communications skills. 

Bonus Points

  • One or more technical certifications in IT Audit or Security: CISA, CISSP, CRISC, CISM or other relevant certifications a plus.
  • Working technical knowledge of security, as well as industry trends.
  • Experience working with engineers for the automation of security controls.
  • Experience implementing a GRC Tool.