Senior Manager, Security Risk Management at Affirm
Affirm is reinventing credit to make it more honest and friendly, giving consumers the flexibility to buy now and pay later without any hidden fees or compounding interest.
Affirm values security as being critical to the company’s continued success. Our mission is to cultivate a culture of security at Affirm, enabling the company to succeed in building honest financial products. The Security Risk Management team builds and deploys common governance, risk, and compliance processes and controls, conducts audits, and ensures that technologies and business processes are built with data protection and compliance in mind. The team fosters a measurable strategy to increase accountability, collaboration, and improve decision-making in Security across Affirm.
The Senior Manager of Security Risk Management will establish our security risk strategy and provide governance and risk management oversight; establish and manage our security policy framework and relevant standards; oversee applicable security, privacy, contractual and compliance requirements through strategy development, controls definition and assessment and process oversight. This role will report directly to the CISO as Affirm scales and grows the security team.
What you'll do
- Work with cross functional teams to drive toward a cohesive view of security risk and drive remediation items to closure
- Maintain accurate reporting of remediation activities to bring appropriate visibility to stakeholders
- Raise the information security posture/profile via compliance attestations for Affirm
- Manage and implement SOC2 audit program, PCI audit program, SOX ITGC audit program
- Manage information security risk at a tactical and strategic level.
- Proactively work with the business development and sales organization and deliver outstanding sales support in order to retain and grow the business.
- Develop Security Education and Awareness Program
- Oversee applicable security, privacy, contractual and compliance requirements through strategy development, controls definition and assessment and process oversight.
What we look for
- 10+ years experience in a security or compliance management
- Comprehensive knowledge of GRC Tools such as LogicGate, Archer, etc
- Experience in building and aligning teams to organizational risk and compliance needs
- Experience reporting to an audit committee/board
- Prior experience with security policy, standards, and controls definition
- An ability to consider and advise on the broad array of issues that the contemporary CISO must address, including emerging topics that require development of new knowledge and advice
- Excellent communication skills, written, verbal.
- Excellent leadership skills and ability to communicate and influence at all levels