Security Risk Management Specialist Two

Summary

Join Affirm's Security Risk Management team as a Security Risk Management Specialist and contribute to a culture of security by identifying, assessing, and mitigating security risks across Affirm's infrastructure and applications. You will play a key role in maintaining and updating the security risk register, ensuring all risks are accurately documented, tracked, and managed. This role requires strong analytical skills, a deep understanding of security risk management principles, and an interest in data analysis. You will be responsible for data structuring and management, reporting and visualization, process improvement, metrics and KRI development, data analysis and reporting, automation and tools, security monitoring, and cross-functional collaboration.

Requirements

• Builder mentality with a passion for creating innovative solutions
• Strong problem-solving and data analysis skills
• Excellent communication and presentation skills
• 3+ years of experience in Security Risk Management, audit or compliance risk management, or a related role
• Familiarity with security risk management and compliance frameworks (e.g. NIST, ISO 27001, PCI)
• Bachelor's degree in Computer Science, Information Security, or a related field

Responsibilities

• Data Structuring & Management: Help develop and maintain data structures to support risk quantification, analysis, reporting, and decision-making. Ensure data accuracy and integrity
• Reporting & Visualization: Create dashboards and reports to communicate security risk metrics and insights to stakeholders. Visualize data to identify trends and patterns
• Process Improvement: Identify opportunities to improve security risk management processes and help implement solutions that enhance efficiency and effectiveness
• Metrics & KRI Development: Collaborate to define, develop, and maintain a suite of risk metrics and KRIs. Continuously monitor these indicators to track changes in risk exposure and trigger timely action when thresholds are breached
• Data Analysis & Reporting: Collect and analyze risk-related data from multiple sources to help identify trends and insights. Create clear, concise risk reports and dashboards for senior management, using data visualization tools and SQL queries to support evidence-based decision-making
• Automation & Tools: Leverage technical skills to streamline Security Risk Management processes. For example, build integrations and automation (such as AWS Lambda functions or custom scripts) that pull data via API calls from various systems to update risk dashboards or compliance reports in real-time
• Security Monitoring: Support activities of security and engineering teams, analyze risk and security controls assessments to determine their alignment with regulatory requirements, and actively participate in security audit and remediation activities
• Cross-Functional Collaboration: Work closely with departments such as IT, Information Security, Engineering, and Finance to establish controls and processes that align with Security Risk Management objectives. Provide guidance and training to process owners on risk management and compliance requirements

Preferred Qualifications

• Technical Proficiency: Experience with scripting or programming to automate tasks (e.g., Python or similar). Familiarity with building API calls to integrate different systems or data sources into risk management tools. Hands-on experience with Lambda functions or similar serverless technologies. Experience with cloud security (AWS, GCP, Azure). Experience with SQL and querying databases
• Experience with data visualization tools (e.g., Sigma, Tableau, Power BI)
• Certifications such as CISSP, CISA, or CRISC

Benefits

• Health care coverage - Affirm covers all premiums for all levels of coverage for you and your dependents
• Flexible Spending Wallets - generous stipends for spending on Technology, Food, various Lifestyle needs, and family forming expenses
• Time off - competitive vacation and holiday schedules allowing you to take time off to rest and recharge
• ESPP - An employee stock purchase plan enabling you to buy shares of Affirm at a discount