Aug 2023 – Nov 2024 · 1 yr 3 mos

• Direct Technology Governance, Risk and Compliance in a dynamic and highly regulated fintech environment, build trust and security for Stripe Users and enable compliance across Stripe's Products including Global Payments, Issuing, Billing, Connect, and Terminal while working cross functionally with Infrastructure, Product, Partnerships, Legal and GTM orgs. Led functions: Audit Management, Controls Management, Risk Management, Security Compliance Strategy and Programs, Policy Management and Product Compliance.
• Build and scale Technology Policies, Technology Controls Library and Technology Risk for all Stripe Products and Eng teams such as Infrastructure, Data Platform and Security.
• Manage GRC professionals rooted in customer first, system design and product focused mindset to drive critical compliance domains such as Configuration Management, Change Management, Network Security, Reliability, Operational Resilience, Identity and Access Management to enhance regulatory and compliance posture globally.
• Drive the product roadmap and scale adoption across a suite of integrated GRC products in partnership with GRC Engineering teams to improve control quality, efficiency and coverage via high impact feature build out such as evidence automation, continuous monitoring and asset management. This serves multiple global audits and regional regulations including framework based audits (SOC, ISO, NIST, PCI, SWIFT), regional regulations (EU DORA, UK Cyber Essentials, Money Transmitter Licenses, Data Locality), fintech partners (card networks and banks), Stripe User onboarding and business enablement.

Mar 2021 – Aug 2023 · 2 yrs 5 mos

• Tech Lead for Stripe's GRC team, set and drive compliance foundations for the Tech org
• Owned Stripe's PCI Compliance Programs, Member of the PCI Board of Advisors
• Launched and managed Stripe's Technology Controls Program to enable fast moving audits, security business enablement and to inform enterprise risk
• Implemented Global Technology Risk Management Program to inform and prioritize planning across Infrastructure, Data and Product orgs.
• Built Compliance M&A function to assess risk and integrate compliance obligations; onboarded over 7 acquisitions
• Enabled Stripe's regulatory and partner audit needs for North America, EMEA, APAC and LATAM regions (Money Transmitter Licenses, Visa, Mastercard, Interac, Wells Fargo, Reserve Bank of India, Central Bank of Ireland, etc.)
• As Product Manager for integrated GRC Platform and Compliance Product Enablement built evidence automation and continuous control monitoring: define product roadmap, champion vision, prioritize high impact features, drive compliance products from innovation to large scale adoption

Jan 2020 – Mar 2021 · 1 yr 2 mos

• Lead Stripe's PCI-DSS Compliance Program overseeing 8 Stripe Products and simplify compliance for millions of merchants and enable payment processing for Elements, Checkout, Terminal, Issuing and more. Implemented PCI Compliance Program in a GRC Platform.
• GRC: PCI Compliance, Regulatory Audits, Financial Partner Audits, NIST CSF, NACHA, SWIFT
• Security: Product Security Enablement, Data Security, M&A

Oct 2022 – Sep 2024 · 1 yr 11 mos

Jan 2018 – Jan 2020 · 2 yrs · Bellevue, Washington

• Security Compliance:
• Managed Security Compliance Programs and owned report delivery for PCI-DSS and SWIFT for multiple Expedia brands including Expedia, Hotels.com, Hotwire.com, Orbitz, CarRentals and CruiseShipCenters, balancing multiple tech stacks and compliance postures.
• Led SOC2 Readiness
• Onboarded external compliance and internal control frameworks into GRC Platform
• Developed long term scaling strategies with the Policy and Risk Management teams
• Partnered with Product teams and Business Units (Expedia Brands) that created efficiencies with design of common controls
• Supported new external audit and regulatory requirements
• Security TPM:
• Led Vulnerability Management Program
• Managed Security Design Reviews
• Identity and Access Management
• Implemented ServiceNow GRC to manage risk and control activities
• Designed Asset Inventory and Data Management across all Expedia Brands
• Skills:
• Data Security, PCI DSS, Third Party Risk, IT Risk Management, Network Security, SWIFT, GDPR, SOC2, ServiceNow GRC, Security Policies and Standards

Jan 2015 – Apr 2015 · 3 mos · Greater Seattle Area

Sep 2014 – Dec 2014 · 3 mos · Greater Seattle Area

Oct 2014 – Jan 2018 · 3 yrs 3 mos · Greater Seattle Area

• Led Cyber Risk Management Program including informing engineering roadmaps, performing risk assessments, remediation and leading the GRC Steering Committee with cross-functional teams from Security, Infrastructure, Legal and Finance
• PCI-DSS protecting cardholder data for 40 million+ customers
• CPNI and SOX ITGC Compliance
• Led Key Management Program across 2500 T-Mobile stores
• Launched RSA Archer GRC Platform to unify audits, controls, third party risk for centralized visibility and improving efficiencies across 40+ teams
• Security Risk Management, Third Party Risk, Policies and Standards, PCI, CPNI, SOX, RSA Archer, Security Awareness

Jun 2014 – Sep 2014 · 3 mos · Greater Seattle Area

Dec 2013 – Mar 2014 · 3 mos · Greater Seattle Area

Jun 2010 – Jun 2012 · 2 yrs · Greater Hyderabad Area

• Built Oracle and SAP customer relationship management tools for customers.
• Configured business components such as Account, Contact, Service Request, Activities and Orders.
• Improved customer turnaround time and reduced SLA by automating the SR routing process using Assignment Manager for a large technology client in Europe.
• Managed a team of six for a QA effort including scope planning and resource management.
• Created proof of concepts for a Healthcare client to analyze feasibility of the system using HTML and CSS.
• Proactively reported risks and initiated change management processes.
• Created specifications for testing the integration of different systems such as Siebel, MDM and Oracle Web Center.
• Built test cases, user acceptance scripts and performed iterative testing to avoid regression.
• Worked closely with Process Consultants to enhance quality and improve business processes.
• Worked cross functionally on a Human Capital project as a training material developer for end users of SAP systems of a retail customer in the USA.