Security Risk Management Lead

🕒 vor 10 Tagen

🇺🇸 Vereinigte Staaten – Remote

💵 $165.000 - $225.000 / Jahr

⏰ Vollzeit

🟠 Senior

👮‍♂️ IT-Sicherheitsingenieur

🦅 H1B-Visum-Sponsor

Dieses Unternehmen hat in der Vergangenheit H1B-Visa gesponsert.

Jetzt Bewerben

Ähnliche Remote-Jobs finden

E-Mails für Remote-Jobs erhalten

📊 Überprüfen Sie Ihre Lebenslauf-Bewertung für diese Stelle

Verbessern Sie Ihre Chancen auf ein Vorstellungsgespräch, indem Sie Ihre Lebenslauf-Bewertung vor der Bewerbung überprüfen.

Lebenslauf hochladen

Affirm

WebsiteLinkedInAlle Stellen

1001 - 5000 Mitarbeiter

Gegründet 2012

💳 Fintech

👥 B2C

🛍️ eCommerce

💰 Post-IPO Equity im 2021-01

Fintech • B2C • eCommerce

Affirm ist ein Finanztechnologieunternehmen, das einen "Jetzt kaufen, später zahlen"-Service bietet und es Verbrauchern ermöglicht, Einkäufe zu tätigen und diese über flexible Zahlungspläne im Laufe der Zeit zu bezahlen. Affirm beseitigt versteckte Gebühren und Zinseszinsen und bietet klare Bedingungen für seine Nutzer. Das Unternehmen bietet auch die Affirm-Karte an, eine Debitkarte, die es Benutzern ermöglicht, bei größeren Einkäufen eine Ratenzahlung anzufordern oder kleinere Einkäufe vollständig zu bezahlen. Affirm arbeitet mit verschiedenen Einzelhändlern in mehreren Kategorien zusammen, darunter Elektronik, Bekleidung und Reisen, und bietet Kunden die Bequemlichkeit, sowohl online als auch in physischen Geschäften beim Checkout über Zeit zu zahlen. Die Dienste von Affirm sind in Apple Pay integriert, sodass Kunden Zahlungen nahtlos von ihrem iPhone oder iPad aus vornehmen können.

Beschreibung

• Lead and mature Affirm's Security Third Party Program, including the design, implementation, and continuous improvement of processes, controls, and operational workflows • Build and maintain automation that replaces manual GRC tasks: intake, triage, evidence collection, control validation, tracking, escalations, and reporting, using either Python, low code platforms, and agentic coding tools (Cursor, Claude, etc.) • Design and operate workflow orchestration and integrations across systems like ticketing, GRC platforms, vendor management tools, identity providers, and cloud control planes • Partner closely with Procurement, Legal, Engineering, IT, Compliance, Privacy, and business stakeholders to assess and manage security risk across third party relationships • Translate ambiguous business and security requirements into practical, scalable program solutions and decision frameworks • Identify opportunities to automate manual processes across the program and prototype solutions yourself rather than waiting on an engineering backlog • Drive program operational excellence by establishing repeatable processes, service-level expectations, metrics, and reporting for third party security risk management • Evaluate third party security controls, cloud architectures (AWS/GCP), integration patterns, and risk posture, and provide clear recommendations to stakeholders and leadership • Conduct light threat models on high risk integrations and partner with Security SMEs for deeper diligence • Manage and prioritize a portfolio of complex security risk reviews and initiatives simultaneously, balancing business enablement with risk reduction • Partner with technical teams to implement or optimize systems and tools that support program automation and workflow orchestration • Develop dashboards, reporting mechanisms, and program insights (SQL, BI tools, or custom tooling) that improve visibility into risk trends, bottlenecks, and program performance • Act as a trusted advisor and SME on third party security risk management, helping stakeholders make informed, risk based decisions • Contribute to the broader Security Risk Management strategy by identifying opportunities to scale, simplify, and strengthen security governance processes through engineering

🎯 Anforderungen

• 5+ years of experience in Information Security, Risk Management, Engineering and/or relevant roles • Hands-on experience using agentic coding tools (Cursor, Claude Code, Copilot, etc.) and a working knowledge of Python; you don't need to be a software engineer, but you should be fluent enough to read, modify, and run scripts, build automations, and ship small tools end-to-end • Familiarity with cloud environments (AWS, GCP, or Azure) — IAM, logging, common services, and the security risks/controls that apply to cloud-deployed third parties and integrations • Excellent written and verbal communications skills • Experience engineering solutions via Python, Claude, Cursor or other agentic coding tooling • Experience with industry based information security & control frameworks (NIST Cyber Security Framework, ISO 2700x, SOC1&2(SSAE18), PCI DSS, NIST-800-53, FFIEC Cybersecurity Assessment Tool, SANS Top 20, etc.) • BA or BS degree in Information Security, Cyber Security, Computer Science or related field or commensurate experience • Attention to detail and experience with security practices and security tooling • Demonstrated ability to drive projects towards completion • Ability to understand and communicate technical issues to non-technical teams • Professional certification in Information Security or Risk Management (such as CISSP, CISM, CISA, CRISC, etc.) is a plus

🏖️ Vorteile

• Health care coverage - Affirm covers all premiums for all levels of coverage for you and your dependents • Flexible Spending Wallets - generous stipends for spending on Technology, Food, various Lifestyle needs, and family forming expenses • Time off - competitive vacation and holiday schedules allowing you to take time off to rest and recharge • ESPP - An employee stock purchase plan enabling you to buy shares of Affirm at a discount