Senior Manager, Programs

Summary

Join Affirm's Security Risk Management team as a Sr. Manager, Security Awareness Risk Manager and build a culture of security by providing cybersecurity training and guidance. Drive technical security awareness projects, partner with product and engineering teams on security content, and design and manage Affirm's security awareness program. Track progress, communicate status to management, and facilitate meetings. Fluently communicate security risks to non-experts and own all security communications. Create engaging security awareness materials and develop security documentation. Collaborate with the security team on remediation efforts and enhance the Security Champions program. Utilize a behaviorally-driven metrics framework to measure security awareness and human-related risks. This role requires a deep understanding of behavior science and excellent communication skills.

Requirements

• An understanding of behavior science and/or psychology – the ideal candidate will love thinking about how people think and behave
• Crystal clear verbal and written communication—people love how your materials and documentation tell them exactly what they need to know so they act in a secure manner, reducing risk to our organization
• Proven experience in a similar role developing and implementing security awareness programs
• At least 6 years of risk management, information security, or other relevant experience working with technical teams and balancing risk against business need
• Experience with e-learning platforms and creating engaging training materials
• Excellent project management and collaboration skills—setting goals and priorities, taking into account dependencies, and handling execution from start to finish
• A drive to solve difficult problems and evolve the status quo with technical and non-technical solutions—-you’re never satisfied by just ticking a box
• Passion for working with diverse teams and taking into account each perspective, e.g. as an auditor, engineer, business person, and more
• Knowledge of risk and control frameworks (e.g. NIST Cyber Security Framework, ISO 2700x, SOC1 & 2 (SSAE18), PCI DSS, NIST-800-53,, SANS Top 20, etc.) and experience with security practices and solutions

Responsibilities

• Build a culture of security within the organization by providing security training and guidance to staff on cybersecurity best practices
• Drive complex and highly visible technical security awareness projects in service of our team’s mission of securing Affirm’s product, services, and platform
• Partner with Product, & Eng teams on designing and building better consumer Security content within the Affirm App and website
• Design & manage Affirm’s Security awareness program, which aligns to industry regulations, standards, and compliance requirements
• Help track progress, resolve dependencies, evaluate risks, regularly communicate status to upper management and project stakeholders, and engage the project teams to achieve goals
• Facilitate Tech Org IT & Security Bi-Weekly meetings
• Ability to fluently communicate security risks to non-experts to empower business decisions with valuable, actionable information
• Own all security communications to internal stakeholders & Affirm customers
• Create and drive engaging and informative security awareness materials such as newsletters, emails, videos, webinars, and training modules
• Develop, curate, and disseminate security documentation, ensuring awareness amongst stakeholders and employees
• When needed, collaborate with the relevant Security team and cross functional stakeholders to coordinate necessary remediation including but not limited to risks, incidents, vulnerabilities, other security issues
• Partner with Product Security and enhance the current Security Champions program
• Utilize a behaviorally-driven metrics framework that can effectively measure Security Awareness and human-related risks

Benefits

• Health care coverage - Affirm covers all premiums for all levels of coverage for you and your dependents
• Flexible Spending Wallets - generous stipends for spending on Technology, Food, various Lifestyle needs, and family forming expenses
• Time off - competitive vacation and holiday schedules allowing you to take time off to rest and recharge
• ESPP - An employee stock purchase plan enabling you to buy shares of Affirm at a discount