Senior Manager, Security Risk Management

· Remote

Location

Remote

Type

Full Time

Job Description

Senior Manager Security Risk Management

Posted Yesterday
Easy Apply
Be an Early Applicant
Hiring Remotely in United States
Remote
223K-300K Annually
Senior level
Big Data • Fintech • Mobile • Payments • Financial Services
We create honest financial products that improve lives. Ready to make a difference?
The Role
Lead Security Governance and Third-Party Risk Management implementing program strategy operational maturity and governance for security and vendor risk while building and managing a high-performing team.
Summary Generated by Built In

Affirm is reinventing credit to make it more honest and friendly giving consumers the flexibility to buy now and pay later without any hidden fees or compounding interest.

We’re hiring a Senior Manager to lead Security Governance and the Security Third-Party Risk Management (TPRM) function. This role owns program strategy operational maturity and stakeholder alignment for security governance vendor risk and third-party integration risk. The manager will drive policy and control frameworks remediate audit findings deliver measurable program KPIs and grow a high-performing team that executes vendor diligence monitoring and governance at scale.

Our Security Governance and TPRM programs must move from tactical firefighting to predictable measurable operations that scale with the business. This leader will set the security risk posture tighten governance and fourth-party oversight improve tooling and automation adoption and ensure timely actionable escalations so senior leadership can make the right business decisions.

What You'll Do

Program strategy & governance

  • Own Security Governance: maintain and evolve security policies standards and control frameworks (e.g. NIST CSF ISO 27001) including mapping to controls and compliance requirements (SOC2 PCI applicable regulations).
  • Lead program maturity planning roadmaps and cross-functional governance forums (e.g. security steering committee risk council).
  • Define and enforce security risk appetite and decision criteria for third-party relationships and integrations.

Third-party risk management

  • Lead the Security TPRM function across vendor lifecycle: intake/onboarding due diligence (IRQ/DDQ/SME reviews) contracting handoffs ongoing monitoring periodic reviews and offboarding.
  • Ensure robust fourth-party oversight including subprocessors and manage remediation/QA cycles driven by Internal Audit and regulators.
  • Oversee high-risk vendor decisions and escalations; establish clear RACI for partnership contracts and security acceptance criteria.

Operational excellence & tooling

  • Own program KPIs dashboards and reporting (Jira STPRM Ops AuditBoard Sigma/BI MetricStream). Drive improvements in throughput turnaround backlog age and remediation velocity.
  • Partner with Automation/TPRM Ops to operationalize threat-modeling outputs integration inventories pre-integration gates and CI/CD checks; prioritize automations that reduce manual work and surface strategic escalations.
  • Implement and maintain QA processes (quarterly QA) runbooks SOPs for ticket ownership and evidence standards.

People & stakeholder leadership

  • Build coach and scale the Governance and TPRM teams: hiring performance management career development and team morale.
  • Act as the primary security contact for Legal Procurement Privacy Product and Engineering on vendor risk and governance matters.
  • Represent Security in executive forums audit meetings and regulatory engagements; own remediation commitments and timelines.

Audit compliance & risk reporting

  • Serve as the security liaison for Internal Audit and external assessments; ensure timely remediation of findings and demonstrable progress.
  • Produce regular program health reporting for senior leadership and Board-level stakeholders.
Success metrics (examples)
  • Vendors reviewed per month and % critical vendors reviewed on schedule
  • Average review turnaround time and backlog age distribution
  • % tickets with clear owner and SLA met
  • Time to remediate Internal Audit findings and completion rate
  • Implementation count of automated checks/runbooks and pre-integration gates
  • Team engagement / retention and time-to-productivity for new hires
What We Look For
  • 7+ years in information security risk management or GRC roles with a minimum of 3 years managing teams (or equivalent leadership experience).
  • Demonstrated ownership of a TPRM program or security governance program in a regulated or high-growth technology environment (fintech preferred).
  • Strong knowledge of security frameworks (NIST ISO) compliance standards (SOC2 PCI) and vendor risk processes (IRQ/DDQ/SME assessments).
  • Hands-on familiarity with TPRM/GRC tooling and observability: AuditBoard (or equivalent) Jira BI tools (Sigma/Tableau/Looker) and experience with integrations/APIs.
  • Excellent stakeholder management across legal procurement engineering product and executive leadership.
  • Proven experience translating audit findings into operational remediation plans and measurable outcomes.
  • Strong communication skills — able to present risk to technical and non-technical audiences and to influence decisions.
  • Certifications such as CISSP CISM CRISC or similar.
  • Practical experience with threat-modeling approaches and third-party integration security (API SSO/OAuth/SAML TLS).
  • Experience scaling automation for GRC/TPRM programs and integrating security checks into CI/CD pipelines.
  • Prior experience in fintech or highly regulated industries.

Pay Grade - Q
Equity Grade - 10
Employees new to Affirm typically come in at the start of the pay range. Affirm focuses on providing a simple and transparent pay structure which is based on a variety of factors including location experience and job-related skills.
Base pay is part of a total compensation package that may include equity rewards monthly stipends for health wellness and tech spending and benefits (including 100% subsidized medical coverage dental and vision for you and your dependents.)
USA base pay range (CA WA NY NJ CT) per year: $250000 - $300000
USA base pay range (all other U.S. states) per year: $223000 - $273000
#LI-Remote

Affirm is proud to be a remote-first company! The majority of our roles are remote and you can work almost anywhere within the country of employment. Affirmers in proximal roles have the flexibility to work remotely but will occasionally be required to work out of their assigned Affirm office. A limited number of roles remain office-based due to the nature of their job responsibilities.

We’re extremely proud to offer competitive benefits that are anchored to our core value of people come first. Some key highlights of our benefits package include: 

  • Health care coverage - Affirm covers all premiums for all levels of coverage for you and your dependents 
  • Flexible Spending Wallets - generous stipends for spending on Technology Food various Lifestyle needs and family forming expenses
  • Time off - competitive vacation and holiday schedules allowing you to take time off to rest and recharge
  • ESPP - An employee stock purchase plan enabling you to buy shares of Affirm at a discount

We believe It’s On Us to provide an inclusive interview experience for all including people with disabilities. We are happy to provide reasonable accommodations to candidates in need of individualized support during the hiring process.

[For U.S. positions that could be performed in Los Angeles or San Francisco] Pursuant to the San Francisco Fair Chance Ordinance and Los Angeles Fair Chance Initiative for Hiring Ordinance Affirm will consider for employment qualified applicants with arrest and conviction records.

By clicking "Submit Application" you acknowledge that you have read Affirm's Global Candidate Privacy Notice and hereby freely and unambiguously give informed consent to the collection processing use and storage of your personal information as described therein.

Top Skills

APIs
Auditboard
Business Intelligence Tools
Iso 27001
JIRA
Nist
Oauth
Pci
SAML
Sigma
Soc2
Sso
Tls

What the Team is Saying

Nupur
Jerry
Adam
Am I A Good Fit?
beta
Expert contributor network
Get Personalized Job Insights.
Our AI-powered fit analysis compares your resume with a job listing so you know if your skills & experience align.

The Company
HQ: San Francisco CA
2200 Employees
Year Founded: 2012

What We Do

At Affirm we help people say yes to the things that matter with flexible transparent ways to pay over time. No hidden fees no compound interest and no fine print—just a smarter way to spend.

Why Work With Us

Who is an Affirmer? /noun/ Someone who believes finance shouldn’t be complicated. We come from a diverse set of backgrounds and we’re driven by the desire to improve lives through honest financial products. We define success by challenging one another to bring our best ideas to every single project—and we have fun while doing it.

Gallery

Affirm Offices

Remote Workspace

Employees work remotely.

Affirm is a remote-first company! Our employees can work anywhere in the U.S. but if an office is more your style we have office locations in San Francisco Chicago New York City and Pittsburgh.

Typical time on-site:
HQSan Francisco CA
Spain
United Kingdom
Chicago IL
New York NY
Toronto ON
Warsaw PL
Learn more

Similar Jobs

Affirm

Senior Product Manager

Big Data • Fintech • Mobile • Payments • Financial Services
Easy Apply
Remote
United States
2200 Employees
169K-240K Annually

Affirm

Vice President Treasury

Big Data • Fintech • Mobile • Payments • Financial Services
Easy Apply
Remote
United States
2200 Employees
340K-380K Annually

Affirm

Administrative Assistant

Big Data • Fintech • Mobile • Payments • Financial Services
Easy Apply
Remote
United States
2200 Employees
102K-155K Annually

Affirm

Strategic Partnerships Manager

Big Data • Fintech • Mobile • Payments • Financial Services
Easy Apply
Remote
United States
2200 Employees
160K-230K Annually
Apply Now

Date Posted

04/08/2026

Views

0

Back to Job Listings Add To Job List Company Profile View Company Reviews
Neutral
Subjectivity Score: 0
142,000+ Jobs Tracked
12,400+ Companies
1,930 Categories