RemoteLeaf Logo
Log in Sign up

Security Risk Management Lead

2 weeks, 4 days ago
United States
Full-time
Senior
Penetration Tester
Cybersecurity
AWS Azure GCP Python SQL
Apply Now
Affirm

Affirm

Affirm offers a transparent buy now, pay later service founded in 2012 by Max Levchin. No late fees or surprises, just a responsible way to pay over time for your favorite brands.

Diversified Financial Services
1K-5K
Founded 2012
View All Jobs 145

Description

  • Lead and mature Affirm's Security Third Party Program, including process design, implementation, and continuous improvement.
  • Build and maintain automation for manual GRC tasks such as intake, triage, evidence collection, control validation, tracking, escalations, and reporting.
  • Design and operate workflow orchestration and integrations across ticketing, GRC, vendor management, identity, and cloud systems.
  • Partner with Procurement, Legal, Engineering, IT, Compliance, Privacy, and business stakeholders to assess third party security risk.
  • Translate ambiguous business and security requirements into scalable program solutions and decision frameworks.
  • Identify opportunities to automate manual processes and prototype solutions independently.
  • Establish repeatable processes, service-level expectations, metrics, and reporting for third party security risk management.
  • Evaluate third party controls, cloud architectures, and risk posture, and provide clear recommendations to stakeholders and leadership.
  • Conduct light threat models on high-risk integrations and partner with security subject matter experts for deeper diligence.
  • Develop dashboards, reporting mechanisms, and program insights to improve visibility into risk trends, bottlenecks, and performance.

Requirements

  • 5+ years of experience in Information Security, Risk Management, Engineering, or a related field.
  • Hands-on experience with agentic coding tools such as Cursor, Claude Code, or Copilot.
  • Working knowledge of Python, including the ability to read, modify, and run scripts and build small automations end to end.
  • Familiarity with cloud environments such as AWS, GCP, or Azure, including IAM, logging, and common services.
  • Experience with information security and control frameworks such as NIST Cyber Security Framework, ISO 2700x, SOC 1/2 (SSAE18), PCI DSS, NIST-800-53, FFIEC Cybersecurity Assessment Tool, or SANS Top 20.
  • BA or BS degree in Information Security, Cyber Security, Computer Science, or a related field, or equivalent experience.
  • Excellent written and verbal communication skills.
  • Attention to detail and experience with security practices and security tooling.
  • Demonstrated ability to drive projects to completion.
  • Ability to explain technical issues to non-technical teams.
  • Professional certification such as CISSP, CISM, CISA, or CRISC is a plus.
  • Experience engineering solutions using Python, Claude, Cursor, or other agentic coding tools.

Benefits

  • Base salary range of $146,000-$206,000 for most U.S. states and $165,000-$225,000 for Pacific states.
  • Equity compensation, including Equity Grade 5 and potential equity rewards.
  • Remote-first work environment with flexibility to work almost anywhere in the country of employment.
  • 100% subsidized medical coverage, including dental and vision for employees and dependents.
  • Monthly stipends or flexible spending wallets for technology, food, lifestyle needs, and family-forming expenses.
  • Competitive vacation and holiday schedules.
  • Employee stock purchase plan (ESPP) with the ability to buy Affirm shares at a discount.
  • Visa sponsorship is not available for this position.

Interested in this position?

Apply directly on the company website

Apply Now

Similar Roles

Puck

AVP, New Business Evaluation & Integration

Puck 1-10 Internet Software & Services

Fortitude Re is seeking a Treasury professional to support the evaluation, integration, and ongoing management of reinsurance and acquisition transactions across its Life, Annuity, and Property & Casualty businesses.

United States Full-time Senior Financial Analyst Program Manager
$125k-$150k
11 hours, 17 minutes ago
Veracyte

Manager, IT & Cybersecurity GRC

Veracyte 251-1K Pharmaceuticals

Veracyte is hiring a Manager, IT & Cybersecurity GRC to lead enterprise technology controls, IT SOX compliance, and cybersecurity risk governance in a highly regulated environment.

United States Full-time Lead Penetration Tester Program Manager
$145k-$155k
Cybersecurity
11 hours, 17 minutes ago
DailyRemote

Program Success Lead

DailyRemote 1-10 Professional Services

Springboard is hiring a Program Success Lead to own delivery and growth of its Allied Health and AI programs across B2C and B2B, building new offerings from concept through execution in a fast-moving, student-centered environment.

United States Full-time Lead Program Manager
11 hours, 32 minutes ago
Anduril Industries

Production & Supply Chain Operations Lead

Anduril Industries 1K-5K Aerospace & Defense

Anduril Industries is hiring a Production & Supply Chain Operations Lead to support the Mission Systems Division as it scales from engineering development into production and field deployment.

United States Full-time Senior Operations Manager Program Manager
$166k-$220k
11 hours, 32 minutes ago

You're on a roll! Sign up now to keep applying.

Sign Up

Already have an account? Log in

Used by 14,729+ remote workers