Senior Manager, Security Risk Management
Affirm is reinventing credit to make it more honest and friendly, giving consumers the flexibility to buy now and pay later without any hidden fees or compounding interest.
Affirm values security as being critical to the company’s continued success. Our mission is to cultivate a culture of security at Affirm, enabling the company to succeed in building honest financial products. The Security Risk Management team builds and deploys common governance, risk, and compliance processes and controls, conducts audits, and ensures that technologies and business processes are built with data protection and compliance in mind. The team fosters a measurable strategy to increase accountability, collaboration, and improve decision-making in Security across Affirm.
The Senior Manager of Security Risk Management will establish our security risk strategy and provide governance and risk management oversight; establish and manage our security policy framework and relevant standards; oversee applicable security, privacy, contractual and compliance requirements through strategy development, controls definition and assessment and process oversight. This role will report directly to the CISO as Affirm scales and grows the security team.
What you'll do
- Work with cross functional teams to drive toward a cohesive view of security risk and drive remediation items to closure
- Maintain accurate reporting of remediation activities to bring appropriate visibility to stakeholders
- Raise the information security posture/profile via compliance attestations for Affirm
- Manage and implement SOC2 audit program, PCI audit program, SOX ITGC audit program
- Manage information security risk at a tactical and strategic level.
- Proactively work with the business development and sales organization and deliver outstanding sales support in order to retain and grow the business.
- Develop Security Education and Awareness Program
- Oversee applicable security, privacy, contractual and compliance requirements through strategy development, controls definition and assessment and process oversight.
What we look for
- 10+ years experience in a security or compliance management
- Comprehensive knowledge of GRC Tools such as LogicGate, Archer, etc
- Experience in building and aligning teams to organizational risk and compliance needs
- Experience reporting to an audit committee/board
- Prior experience with security policy, standards, and controls definition
- An ability to consider and advise on the broad array of issues that the contemporary CISO must address, including emerging topics that require development of new knowledge and advice
- Excellent communication skills, written, verbal.
- Excellent leadership skills and ability to communicate and influence at all levels
Location
We’re excited to announce that Affirm is now a remote-first company! This role can be located anywhere in the U.S. Remote based employees may occasionally travel to an Affirm office for meetings or team building events. Our offices in San Francisco, New York City, Pittsburgh, Chicago, and Salt Lake City will remain operational and accessible for anyone to use on a voluntary basis.
#LI-Remote
Check out our remote-first approach to learn more about the new ways we work.
If you got to this point, we hope you're feeling excited about the job description you just read. Even if you don't feel that you meet every single requirement, we still encourage you to apply. We're eager to meet people that believe in Affirm's mission and can contribute to our team in a variety of ways – not just candidates who check all the boxes.
At Affirm, "People Come First" is a core value and that’s why diversity and inclusion are vital to our priorities as an equal opportunity employer. You can read about our D&I program here and our progress thus far in our 2019 D&I report.
We also believe “It’s On Us” to provide an inclusive interview experience for all, including people with disabilities. We are happy to provide reasonable accommodations to candidates in need of individualized support during the hiring process.
We will consider for employment qualified applicants with arrest and conviction records in accordance with applicable federal, state and local laws, including the San Francisco Fair Chance Ordinance. By clicking "Submit Application," I acknowledge that I have read the Affirm Employment Privacy Policy, and hereby consent to the collection, processing, use, and storage of my personal information as described therein.