We are seeking a Security Risk Management Lead to join our Security Risk Management team at Affirm. The Security Risk Management team builds and deploys common governance, risk, and compliance processes and controls, conducts audits, and ensures that technologies and business processes are built with data protection and compliance in mind! Affirm values security as being critical to the company’s continued success. Our mission is to cultivate a culture of security at Affirm, enabling the company to succeed in building honest financial products.

What You’ll Do

• Develop complementary control frameworks that define the security responsibilities of Affirm and its third parties, including vendors, merchants, and partners.
• Mature our third-party security risk processes by working with a broad range of technical and non-technical stakeholders.
• Own the end-to-end execution of third-party due diligence and issues management, ensuring alignment with stakeholders throughout.
• Design and generate metrics and reports on risk indicators, issues, and the efficiency of our operations.
• Support Legal in our contract reviews and negotiations to ensure appropriate security terms are in place.
• Provide best-in-class support for our client-facing teams and security assurance to our business partners as well as find opportunities to enhance this program and build internal and external relationships.
• Fluently communicate security risks to non-experts to empower our business with valuable, actionable information.
• Develop, curate, and disseminate security governance documentation, ensuring awareness amongst stakeholders and employees.
• Partner with engineering and IT to define and document policies and technical procedures for secure and compliant treatment of sensitive data.

What We Look For

• Excellent project management and collaboration skills—setting goals and priorities, taking into account dependencies, and handling execution from start to finish.
• A drive to solve difficult problems and evolve the status quo with technical and non-technical solutions—you’re never satisfied by just ticking a box.
• Crystal clear verbal and written communication—people love how your emails and documentation tell them exactly what they need to know.
• 3-5 years of risk management, information security, or other relevant experience working with technical teams and balancing risk against business need.
• Passion for working with diverse teams and taking into account each perspective, e.g. as an auditor, engineer, business person, and more.
• Knowledge of risk and control frameworks (e.g. NIST Cyber Security Framework, ISO 2700x, SOC1 & 2 (SSAE18), PCI DSS, NIST-800-53, FFIEC Cybersecurity Assessment Tool, SANS Top 20, etc.) and experience with security practices and solutions.

Pay Grade - L
Employees new to Affirm typically come in at the start of the pay range. Affirm focuses on providing a simple and transparent pay structure which is based on a variety of factors, including location, experience and job-related skills.

Base pay is part of a total compensation package that may include equity rewards, monthly stipends for health, wellness and tech spending, and benefits (including 100% subsidized medical coverage, dental and vision for you and your dependents.)

USA base pay range (CA, WA, NY, NJ, CT) per year: $160,000 - $210,000
USA base pay range (all other U.S. states) per year: $142,000 - $192,000

Please note that visa sponsorship is not available for this position.

#LI-Remote