Security Risk Management Lead

Affirm

Security Risk Management Lead at Affirm, designing scalable automation solutions for security risk management. Leading efforts in Information Security and building engineering driven programs to enhance security.

Posted 6/5/2026full-timeRemote • 🇺🇸 United StatesSenior💰 $165,000 - $225,000 per yearWebsite

Tech Stack

Tools & technologies

AWSAzureCloudCyber SecurityGoogle Cloud PlatformPythonSQL

About the role

Key responsibilities & impact

Lead and mature Affirm's Security Third Party Program, including the design, implementation, and continuous improvement of processes, controls, and operational workflows
Build and maintain automation that replaces manual GRC tasks: intake, triage, evidence collection, control validation, tracking, escalations, and reporting, using either Python, low code platforms, and agentic coding tools (Cursor, Claude, etc.)
Design and operate workflow orchestration and integrations across systems like ticketing, GRC platforms, vendor management tools, identity providers, and cloud control planes
Partner closely with Procurement, Legal, Engineering, IT, Compliance, Privacy, and business stakeholders to assess and manage security risk across third party relationships
Translate ambiguous business and security requirements into practical, scalable program solutions and decision frameworks
Identify opportunities to automate manual processes across the program and prototype solutions yourself rather than waiting on an engineering backlog
Drive program operational excellence by establishing repeatable processes, service-level expectations, metrics, and reporting for third party security risk management
Evaluate third party security controls, cloud architectures (AWS/GCP), integration patterns, and risk posture, and provide clear recommendations to stakeholders and leadership
Conduct light threat models on high risk integrations and partner with Security SMEs for deeper diligence
Manage and prioritize a portfolio of complex security risk reviews and initiatives simultaneously, balancing business enablement with risk reduction
Partner with technical teams to implement or optimize systems and tools that support program automation and workflow orchestration
Develop dashboards, reporting mechanisms, and program insights (SQL, BI tools, or custom tooling) that improve visibility into risk trends, bottlenecks, and program performance
Act as a trusted advisor and SME on third party security risk management, helping stakeholders make informed, risk based decisions
Contribute to the broader Security Risk Management strategy by identifying opportunities to scale, simplify, and strengthen security governance processes through engineering

Requirements

What you’ll need

5+ years of experience in Information Security, Risk Management, Engineering and/or relevant roles
Hands-on experience using agentic coding tools (Cursor, Claude Code, Copilot, etc.) and a working knowledge of Python; you don't need to be a software engineer, but you should be fluent enough to read, modify, and run scripts, build automations, and ship small tools end-to-end
Familiarity with cloud environments (AWS, GCP, or Azure) — IAM, logging, common services, and the security risks/controls that apply to cloud-deployed third parties and integrations
Excellent written and verbal communications skills
Experience engineering solutions via Python, Claude, Cursor or other agentic coding tooling
Experience with industry based information security & control frameworks (NIST Cyber Security Framework, ISO 2700x, SOC1&2(SSAE18), PCI DSS, NIST-800-53, FFIEC Cybersecurity Assessment Tool, SANS Top 20, etc.)
BA or BS degree in Information Security, Cyber Security, Computer Science or related field or commensurate experience
Attention to detail and experience with security practices and security tooling
Demonstrated ability to drive projects towards completion
Ability to understand and communicate technical issues to non-technical teams
Professional certification in Information Security or Risk Management (such as CISSP, CISM, CISA, CRISC, etc.) is a plus

Benefits

Comp & perks

Health care coverage - Affirm covers all premiums for all levels of coverage for you and your dependents
Flexible Spending Wallets - generous stipends for spending on Technology, Food, various Lifestyle needs, and family forming expenses
Time off - competitive vacation and holiday schedules allowing you to take time off to rest and recharge
ESPP - An employee stock purchase plan enabling you to buy shares of Affirm at a discount

ATS Keywords

✓ Tailor your resume

Applicant Tracking System Keywords

Tip: use these terms in your resume and cover letter to boost ATS matches.

Hard Skills & Tools

Pythonagentic coding toolsautomationworkflow orchestrationSQLBI toolscloud architecturessecurity controlsrisk managementthreat modeling

Soft Skills

communicationattention to detailproject managementstakeholder engagementproblem solvinganalytical thinkingcollaborationdecision makingadaptabilitytrustworthiness

Certifications

CISSPCISMCISACRISC