Senior Manager, Security Risk Management

AffirmFinTech

Remote CanadaFull-TimeManager

Salary198000 - 248000 CAD per year

Apply NowOpens the employer's application page

Job Details

Experience: 7+ years
Required Skills: OAuthJiraTableauCI/CDRESTful APIsLooker

Requirements

7+ years in information security, risk management, or GRC roles, with a minimum of 3 years managing teams (or equivalent leadership experience).
Demonstrated ownership of a TPRM program or security governance program in a regulated or high-growth technology environment (fintech preferred).
Strong knowledge of security frameworks (NIST, ISO), compliance standards (SOC2, PCI), and vendor risk processes (IRQ/DDQ/SME assessments).
Hands-on familiarity with TPRM/GRC tooling and observability: AuditBoard (or equivalent), Jira, BI tools (Sigma/Tableau/Looker), and experience with integrations/APIs.
Excellent stakeholder management across legal, procurement, engineering, product, and executive leadership.
Proven experience translating audit findings into operational remediation plans and measurable outcomes.
Strong communication skills — able to present risk to technical and non-technical audiences and to influence decisions.
Certifications such as CISSP, CISM, CRISC, or similar.
Practical experience with threat-modeling approaches and third-party integration security (API, SSO/OAuth/SAML, TLS).
Experience scaling automation for GRC/TPRM programs and integrating security checks into CI/CD pipelines.
Prior experience in fintech or highly regulated industries.

Responsibilities

Own Security Governance: maintain and evolve security policies, standards, and control frameworks (e.g., NIST CSF, ISO 27001), including mapping to controls and compliance requirements (SOC2, PCI, applicable regulations).
Lead program maturity planning, roadmaps, and cross-functional governance forums (e.g., security steering committee, risk council).
Define and enforce security risk appetite and decision criteria for third-party relationships and integrations.
Lead the Security TPRM function across vendor lifecycle: intake/onboarding, due diligence (IRQ/DDQ/SME reviews), contracting handoffs, ongoing monitoring, periodic reviews, and offboarding.
Ensure robust fourth-party oversight, including subprocessors, and manage remediation/QA cycles driven by Internal Audit and regulators.
Oversee high-risk vendor decisions and escalations; establish clear RACI for partnership contracts and security acceptance criteria.
Own program KPIs, dashboards, and reporting (Jira STPRM Ops, AuditBoard, Sigma/BI, MetricStream). Drive improvements in throughput, turnaround, backlog age, and remediation velocity.
Partner with Automation/TPRM Ops to operationalize threat-modeling outputs, integration inventories, pre-integration gates, and CI/CD checks; prioritize automations that reduce manual work and surface strategic escalations.
Build, coach, and scale the Governance and TPRM teams: hiring, performance management, career development, and team morale.
Represent Security in executive forums, audit meetings, and regulatory engagements; own remediation commitments and timelines.

View Full Description & ApplyYou'll be redirected to the employer's site