Affirm is hiring a
IT Security Risk Management Lead

Summary

Join our Security Risk Management team at Affirm to cultivate a culture of security and enable the company to succeed in building honest financial products.

Requirements

• Excellent project management and collaboration skills—setting goals and priorities, taking into account dependencies, and handling execution from start to finish
• A drive to solve difficult problems and evolve the status quo with technical and non-technical solutions—you’re never satisfied by just ticking a box
• Crystal clear verbal and written communication—people love how your emails and documentation tell them exactly what they need to know
• 3-5 years of risk management, information security, or other relevant experience working with technical teams and balancing risk against business need
• Passion for working with diverse teams and taking into account each perspective, e.g. as an auditor, engineer, business person, and more
• Knowledge of risk and control frameworks (e.g. NIST Cyber Security Framework, ISO 2700x, SOC1 & 2 (SSAE18), PCI DSS, NIST-800-53, FFIEC Cybersecurity Assessment Tool, SANS Top 20, etc.) and experience with security practices and solutions

Responsibilities

• Develop complementary control frameworks that define the security responsibilities of Affirm and its third parties, including vendors, merchants, and partners
• Mature our third-party security risk processes by working with a broad range of technical and non-technical stakeholders
• Own the end-to-end execution of third-party due diligence and issues management, ensuring alignment with stakeholders throughout
• Design and generate metrics and reports on risk indicators, issues, and the efficiency of our operations
• Support Legal in our contract reviews and negotiations to ensure appropriate security terms are in place
• Provide best-in-class support for our client-facing teams and security assurance to our business partners as well as find opportunities to enhance this program and build internal and external relationships
• Fluently communicate security risks to non-experts to empower our business with valuable, actionable information
• Develop, curate, and disseminate security governance documentation, ensuring awareness amongst stakeholders and employees
• Partner with engineering and IT to define and document policies and technical procedures for secure and compliant treatment of sensitive data

Benefits

• 100% subsidized medical coverage
• Dental and vision for you and your dependents
• Flexible Spending Wallets - generous stipends for spending on Technology, Food, various Lifestyle needs, and family forming expenses
• Time off - competitive vacation and holiday schedules allowing you to take time off to rest and recharge
• ESPP - An employee stock purchase plan enabling you to buy shares of Affirm at a discount