Security Risk Management Lead

AffirmFinancial Technology

Remote USFull-TimeLead

Salary146,000 - 225,000 USD per year

Apply NowOpens the employer's application page

Job Details

5+ years of experience in Information Security, Risk Management, Engineering and/or relevant roles
Hands-on experience using agentic coding tools (Cursor, Claude Code, Copilot, etc.) and a working knowledge of Python
Familiarity with cloud environments (AWS, GCP, or Azure)
Experience with industry based information security & control frameworks (NIST CSF, ISO 2700x, SOC1&2, PCI DSS, NIST-800-53, FFIEC, SANS Top 20)
BA or BS degree in Information Security, Cyber Security, Computer Science or related field or commensurate experience
Excellent written and verbal communications skills
Ability to understand and communicate technical issues to non-technical teams

Lead and mature Affirm's Security Third Party Program, including the design, implementation, and continuous improvement of processes, controls, and operational workflows
Build and maintain automation that replaces manual GRC tasks: intake, triage, evidence collection, control validation, tracking, escalations, and reporting, using either Python, low code platforms, and agentic coding tools (Cursor, Claude, etc.)
Design and operate workflow orchestration and integrations across systems like ticketing, GRC platforms, vendor management tools, identity providers, and cloud control planes
Partner closely with Procurement, Legal, Engineering, IT, Compliance, Privacy, and business stakeholders to assess and manage security risk across third party relationships
Drive program operational excellence by establishing repeatable processes, service-level expectations, metrics, and reporting for third party security risk management
Evaluate third party security controls, cloud architectures (AWS/GCP), integration patterns, and risk posture, and provide clear recommendations to stakeholders and leadership

View Full Description & ApplyYou'll be redirected to the employer's site