What you'd actually do

Design, and implement Bridge’s security governance, risk and compliance roadmaps from first principles to production.

Identify and tackle Bridge’s most important security risks quickly and pragmatically.

Adopt Stripe’s programs, controls and processes where it makes sense, and find custom approaches where it doesn’t.

Lead risk assessment, control design and testing for all Security and Technology Oversight globally.

Ensure Bridge meets compliance and audit expectations as we scale to more regulated markets.

Skills

Required

8+ years of experience in Security GRC
experience building security practices from the ground up
proficient with NIST CSF, OCC’s Cybersecurity Supervision Work Program and/or FFIEC IT Examination Handbook or other similar global frameworks
Proven prior experience with regulatory audits from Global auditors across Security domains
communicate clearly across technical and non-technical partners
experience building or scaling security programs

Nice to have

time spent in fast-paced startup environments
startup mindset: scrappy, pragmatic, and move quickly
Thrive in ambiguity and know how to ruthlessly prioritize
excited about the potential of crypto and stablecoins

What the JD emphasized

build and scale Bridge’s security foundation

design the security governance, risk and compliance programs from the ground up

security governance, risk and compliance roadmaps from first principles to production

most important security risks

meets compliance and audit expectations

security rigor with speed

Who we are

Bridge is Stripe’s fintech innovation hub focused on building a modern, stablecoin-powered cross-border payments network. We operate like a startup within Stripe: fast-paced, entrepreneurial, and product-obsessed, but with the backing of one of the most trusted names in fintech.

We’re hiring a** Security Analyst / Program Manager** to build and scale Bridge’s security foundation. This is a rare opportunity to design the security governance, risk and compliance programs from the ground up, while also leveraging the infrastructure, best practices, and tooling of one of the most mature security organizations in the industry.

What you'll do

Design, and implement Bridge’s security governance, risk and compliance roadmaps from first principles to production.
Identify and tackle Bridge’s most important security risks quickly and pragmatically.
Adopt Stripe’s programs, controls and processes where it makes sense, and find custom approaches where it doesn’t.
Lead risk assessment, control design and testing for all Security and Technology Oversight globally.
Reinforce engineering best practices around secure development and infrastructure.
Ensure Bridge meets compliance and audit expectations as we scale to more regulated markets.
Collaborate cross-functionally with engineering, product, and Stripe’s security org to move fast without compromising safety.

About you

You might be a good fit if you:

Have 8+ years of experience in Security GRC, ideally with time spent in fast-paced startup environments where you’ve built security practices from the ground up.
Have a startup mindset: you’re scrappy, pragmatic, and move quickly to solve the most critical problems.
You’re proficient with NIST CSF, OCC’s Cybersecurity Supervision Work Program and/or FFIEC IT Examination Handbook or other similar global frameworks.
Proven prior experience with regulatory audits from Global auditors across Security domains.
Thrive in ambiguity and know how to ruthlessly prioritize.
Can balance security rigor with speed, especially in fast-moving environments.
Communicate clearly across technical and non-technical partners.
Have experience building or scaling security programs, either at a startup or in an embedded role.
Are excited about the potential of crypto and stablecoins to power global financial infrastructure (you don’t need deep prior knowledge—just curiosity and openness to learn).

Who we are

What you'll do

Design, and implement Bridge’s security governance, risk and compliance roadmaps from first principles to production.

Identify and tackle Bridge’s most important security risks quickly and pragmatically.

Adopt Stripe’s programs, controls and processes where it makes sense, and find custom approaches where it doesn’t.

Lead risk assessment, control design and testing for all Security and Technology Oversight globally.

Reinforce engineering best practices around secure development and infrastructure.

Ensure Bridge meets compliance and audit expectations as we scale to more regulated markets.

Collaborate cross-functionally with engineering, product, and Stripe’s security org to move fast without compromising safety.

About you

You might be a good fit if you:

Have 8+ years of experience in Security GRC, ideally with time spent in fast-paced startup environments where you’ve built security practices from the ground up.

Have a startup mindset: you’re scrappy, pragmatic, and move quickly to solve the most critical problems.

You’re proficient with NIST CSF, OCC’s Cybersecurity Supervision Work Program and/or FFIEC IT Examination Handbook or other similar global frameworks.

Proven prior experience with regulatory audits from Global auditors across Security domains.

Thrive in ambiguity and know how to ruthlessly prioritize.

Can balance security rigor with speed, especially in fast-moving environments.

Communicate clearly across technical and non-technical partners.

Have experience building or scaling security programs, either at a startup or in an embedded role.

Are excited about the potential of crypto and stablecoins to power global financial infrastructure (you don’t need deep prior knowledge—just curiosity and openness to learn).