Affirm
Financial Services
SecurityRiskManagementLead
Neural analysis suggests this role is
optimal for Lead candidates.
“Security Risk Management Lead at Affirm. Skills: Security Risk Management, Security engineering, Automation. Lead Security Third Party Program. Mature Security Third Party Program”
Industry & Context.
Root cause analysis
What They're Looking For.
Must Have
5+ years experience Information Security, 5+ years experience Risk Management, 5+ years experience Engineering, Fluent read/modify/run scripts, Build automations, Ship small tools end-to-end, Familiarity cloud environments, IAM knowledge, Logging knowledge, Common services knowledge, Security risks/controls knowledge, BA or BS degree, Commensurate experience, Attention to detail, Experience security practices, Experience security tooling, Drive projects completion, Understand technical issues, Communicate technical issues
Nice to Have
Professional certification Information Security, Professional certification Risk Management
What You'll Do.
Lead Security Third Party Program
Mature Security Third Party Program
Replace manual GRC tasks
Design workflow orchestration
Operate workflow orchestration
Translate requirements
Create program solutions
Create decision frameworks
Identify automation opportunities
Drive program operational excellence
Establish repeatable processes
Establish service-level expectations
Evaluate third party controls
Evaluate cloud architectures
Evaluate integration patterns
Evaluate risk posture
Provide recommendations
Conduct threat models
Balance risk reduction
Support program automation
Support workflow orchestration
Develop reporting mechanisms
Develop program insights
Improve risk visibility
Improve bottleneck visibility
Improve performance visibility
Act as trusted advisor
Help stakeholders make decisions
Identify scale opportunities
Identify simplify opportunities
Identify strengthen opportunities
How You'll Work.
Team & Collaboration
Interface business stakeholders; Interface engineering stakeholders; Partner with Procurement; Partner with Legal; Partner with Engineering; Partner with IT; Partner with Compliance; Partner with Privacy; Partner with business stakeholders; Partner with technical teams
Communication Scope
Written communication; Verbal communication
Process & Methodology
Roadmap planning
Full Job Description
Affirm is reinventing credit to make it more honest and friendly, giving consumers the flexibility to buy now and pay later without any hidden fees or compounding interest. Affirm is reinventing credit to make it more honest and friendly, giving consumers the flexibility to buy now and pay later without any hidden fees or compounding interest. Affirm values security as being critical to the company’s continued success. Our mission is to cultivate a culture of security at Affirm, enabling the company to succeed in building honest financial products. The Security Risk Management team is evolving beyond traditional governance, risk, and compliance; we are building an engineering driven program that designs, automates, and scales the controls, workflows, and tooling that protect Affirm and our customers. The ideal candidate will design, develop, configure, and implement solutions to complex technical and business problems across the Security Third Party Program and the broader Security Risk Management program. They are equally comfortable shaping policy and shipping automation using modern tooling (Python, Cursor, Claude, and other agentic coding platforms) to replace manual GRC work with scalable, code-defined workflows. They will operate as a subject matter expert, interface with business and engineering stakeholders, and play a key role in transforming Security Risk Management from a compliance oriented function into a security engineering discipline. What You'll Do Lead and mature Affirm's Security Third Party Program, including the design, implementation, and continuous improvement of processes, controls, and operational workflows Build and maintain automation that replaces manual GRC tasks: intake, triage, evidence collection, control validation, tracking, escalations, and reporting, using either Python, low code platforms, and agentic coding tools (Cursor, Claude, etc.) Design and operate workflow orchestration and integrations across systems like ticketing, GRC
Applying for this Security Risk Management Lead role?
Most applicants get filtered before a human reads their resume. See if yours makes the cut.
How to Apply on Greenhouse
- Create a Greenhouse profile before applying — it saves time across multiple applications.
- Upload your resume as a PDF; the parser handles it better than Word.
- Answer all knockout questions carefully — wrong answers auto-reject before a human sees you.
- Enable email notifications to track application status in real time.
ANONYMOUS · UNFILTERED
What do employees actually say about Affirm?
Real rants from real employees. Read before you apply.