Stripe is hiring a

Security Policy Relations

San Francisco, United States
Help Stripe drive security policy forward, for our users and the internet.
Security and payment card industry compliance have always been core to Stripe [0]. As we scale, we're looking to ensure that our users' burden remains minimal, while also improving the state of online security standards. The right person for this role will enjoy dealing with that puzzle, seeking creative solutions and moving quickly to implement, often in the face of ambiguity. This means advocating on behalf of Stripe and its users with industry and regulatory bodies and global federal and state regulators and policy makers. This person will ensure that we implement and develop the right product and experiences that keep Stripe and our users safe.
[0] Stripe.js, Stripe's founding product, was specifically created to help ease the burden of PCI-compliance (and was the first implementation of PCI driven tokenization).
You will:
  • Be an expert in the security practices of the payment industry and in general data security. 
  • Be responsible for staying abreast of upcoming security policy changes that may impact Stripe and advocate for changes that align with the interests of Stripe and our broad set of users. 
  • Build relationships and drive policy change with payment networks, regulators and industry regulatory bodies.
  • Work with our Product team to advance the "state of the art" in online payments security and related user experiences.
  • Coordinate day-to-day security policy compliance, working with Security, Legal, Risk, Product and our user-facing teams to ensure that our services and users remain compliant and ahead of applicable security standards.
  • Partner with our Communications, Legal, Marketing and Security teams to develop and solidify Stripe's reputation as an industry leader in payment security.
  • Work across the company to develop Stripe's communication strategy on Security.
Our ideal candidate:  
  • Has a technical security-specific background, and a deep understanding of the digital economy.
  • Is great at building relationships and working with people externally and from all parts of the organization to achieve the right business results in a security-conscious way.
  • Has experience interacting with one or more regulatory bodies around information security issues.
  • Has (or can acquire) a deep knowledge about the Stripe product and our users.
  • Will be someone who can challenge industry norms, with out-of-the-box thinking, and a solid grounding in creating great and safe experiences. 
  • Will have expert level understanding of card industry security and requirements. 
  • Is a terrific communicator and writer, adept at working with lawyers, regulators, engineers, business teams, and colleagues to make complex concepts clear and understandable to different audiences.
Nice to haves:
  • Experience interacting with the Payments Security Council (PCI).
  • Security engineering background.
To apply:
  • Please include resume and LinkedIn profile.