Senior Manager, Security Risk Management

Affirm is reinventing credit to make it more honest and friendly, giving consumers the flexibility to buy now and pay later without any hidden fees or compounding interest.

What You’ll Do

Program Strategy & Governance

• Own Security Governance: maintain and evolve security policies, standards, and control frameworks (e.g., NIST CSF, ISO 27001), including mapping to controls and compliance requirements (SOC2, PCI, applicable regulations).
• Lead program maturity planning, roadmaps, and cross‑functional governance forums (e.g., security steering committee, risk council).
• Define and enforce security risk appetite and decision criteria for third‑party relationships and integrations.

Third‑Party Risk Management

• Lead the Security TPRM function across vendor lifecycle: intake/onboarding, due diligence (IRQ/DDQ/SME reviews), contracting handoffs, ongoing monitoring, periodic reviews, and offboarding.
...