Security Ecosystem Analyst

Security Ecosystem Analyst

San Francisco

Our goal is to make Stripe secure for our users. The Stripe security team is dedicated to improving the security of Stripe and its users. Our users trust us with some of their most sensitive information, and we make security a first-class consideration in everything we do. The security concerns are ever-evolving, creating an extremely dynamic environment for the security team.

You may be a fit for this role if you have:

  • Have hands-on experience evaluating, implementing, and managing, information management, asset management, data classification, and vulnerability resolution tooling

  • Experience managing and conducting audit readiness assessments within AWS (or similar) cloud security and infrastructure

  • Expert with assessing the configuration and implementation of security tools, related to network security, endpoint security, encryption technology, vulnerability scans, access controls, etc.

  • Experience with PCI and SOC compliance programs as well as their technical and security requirements

  • Experience in security standards such as ISO 27001, 27002, 27005; NIST, COBIT, ITIL

You Will:

  • Prepare for, conduct, and report on external and internal audits, ensuring overall adherence to policy standards

  • Conduct technical and information security activities i.e security education; document and material classification and control and records management.

  • Maintain and enhance compliance to customer security requirements

  • Conduct and lead internal assessment for the contact center, covering all aspects of customer requirements and at the expected periodicity.

  • Coordinate and support internal and external stakeholders with closures of corrective action plan with in the customer defined timelines

  • Gather customer requirements/contractual obligations and ensure compliance

  • Oversee Stripe’s security awareness program including Security assessment and ongoing education

  • Coordinate across internal and external stakeholders to ensure compliance with formal security standards (PCI, SOC, etc,) and timelines