Security Analyst, Bridge

<h1>Who we are</h1> <p>Bridge is Stripe’s fintech innovation hub focused on building a modern, stablecoin-powered cross-border payments network. We operate like a startup within Stripe: fast-paced, entrepreneurial, and product-obsessed, but with the backing of one of the most trusted names in fintech.</p> <p>We’re hiring a<strong> Security Analyst / Program Manager</strong> to build and scale Bridge’s security foundation. This is a rare opportunity to design the security governance, risk and compliance programs from the ground up, while also leveraging the infrastructure, best practices, and tooling of one of the most mature security organizations in the industry.</p> <h1><strong>What you'll do</strong></h1> <ul> <li>Design, and implement Bridge’s security governance, risk and compliance roadmaps from first principles to production.</li> <li>Identify and tackle Bridge’s most important security risks quickly and pragmatically.</li> <li>Adopt Stripe’s programs, controls and processes where it makes sense, and find custom approaches where it doesn’t.</li> <li>Lead risk assessment, control design and testing for all Security and Technology Oversight globally.</li> <li>Reinforce engineering best practices around secure development and infrastructure.</li> <li>Ensure Bridge meets compliance and audit expectations as we scale to more regulated markets.</li> <li>Collaborate cross-functionally with engineering, product, and Stripe’s security org to move fast without compromising safety.</li> </ul> <h1><strong>About you</strong></h1> <p>You might be a good fit if you:</p> <ul> <li>Have 8+ years of experience in Security GRC, ideally with time spent in fast-paced startup environments where you’ve built security practices from the ground up.</li> <li>Have a startup mindset: you’re scrappy, pragmatic, and move quickly to solve the most critical problems.</li> <li>You’re proficient with NIST CSF, OCC’s Cybersecurity Supervision Work Program and/or FFIEC IT Examination Handbook or other similar global frameworks.&nbsp;</li> <li>Proven prior experience with regulatory audits from Global auditors across Security domains.</li> <li>Thrive in ambiguity and know how to ruthlessly prioritize.</li> <li>Can balance security rigor with speed, especially in fast-moving environments.</li> <li>Communicate clearly across technical and non-technical partners.</li> <li>Have experience building or scaling security programs, either at a startup or in an embedded role.</li> <li>Are excited about the potential of crypto and stablecoins to power global financial infrastructure (you don’t need deep prior knowledge—just curiosity and openness to learn).</li> </ul>