• Own enterprise deals end-to-end: Source, develop, and close ARR through new logo acquisition and strategic expansion • Navigate complex buying centers: Build and execute multi-stakeholder strategies across security, data platform, compliance, legal, and procurement organizations • Run disciplined proof of concept: Lead technical evaluations with clear success criteria, tight timelines, and executive alignment to accelerate deals • Master security reviews: Guide customers through vendor risk assessments, architecture reviews, penetration tests, and compliance validation (SOC2, ISO, PCI-DSS, HIPAA) • Build compelling business cases: Quantify value across risk reduction (PCI scope reduction, breach prevention) and enablement outcomes (faster analytics, safe AI access, compliant data sharing) • Negotiate complex contracts: Navigate DPAs, security exhibits, BAAs, indemnities, and enterprise licensing terms to mutually beneficial close • Drive expansion: Develop land-and-expand strategies that grow initial deployments across lines of business, environments, and use cases • Partner strategically: Leverage cloud ecosystem relationships (AWS, Snowflake, Databricks, etc.) and GSI partnerships to accelerate deals

• You will be the operating second to the CISO and own the bank-entity scope of Mercury's 2LOD Information Security program. • Keep the program examiner-ready by maintaining coherent policy architecture and evidenced controls • Own the examiner-ready narrative and coordinate the evidence for OCC, FFIEC, FDIC, and FRB examiner inquiries. • Lead remediation of identified FFIEC IT control deficiencies to ensure charter readiness. • Manage relationships with internal audit and external assessors. • Coach and grow the GRC sub-team while running a recurring training cadence. • Ensure third-party risk evidence holds up to bank-grade scrutiny.

• Own the security configuration of our identity and collaboration stack: identity and access policies, third-party app governance, DLP, context-aware access, and admin audit. • Build, tune, and maintain detections. Design response playbooks for high-signal alerts. • Harden our cloud footprint, Kubernetes clusters, and CI/CD pipelines. • Own the security posture of the endpoint estate, including MDM configuration and endpoint telemetry. • Lead and participate in security incident investigations end-to-end. • Run threat models and architecture reviews for new internal systems and infrastructure changes. • Work alongside Protocol Security, DevOps, IT Ops, and Product Engineering to raise risks constructively.

• Develop and work with supporting secure AI and LLM usage/integration both in products and within Security; • Develop building blocks to accept payments and move funds; • Stripes Core Products including Connect, Subscriptions, Checkout, RADAR, and Issuing; • Build/Enhance automated threat modeling tooling; • Identify and help reduce security debt across our product portfolio; • Work closely with product engineering teams to design solutions that are secure by default; • Tailor answers to security questions from non-engineers and engineers; • Lead threat modeling discussions and help teams strike the right balance between security, user experience and product advancement; • Scale security effort by empowering engineering teams with automation, security guidance, tooling, patterns and training; • Drive high impact, cross-team security initiatives; • Mentor teammates and others across the organization.